From cb585cc82af4318a888470a7da82cc89dd01774d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 20 Aug 2015 09:06:07 -0400 Subject: testing --- README | 10 ++++--- test/blacklist.exp | 76 +++++++++++++++++++++++++++++++++++++++++++++++++ test/blacklist1.profile | 1 + test/blacklist2.profile | 1 + test/private-etc.exp | 46 ++++++++++++++++++++++++++++++ test/test.sh | 8 ++++++ 6 files changed, 138 insertions(+), 4 deletions(-) create mode 100755 test/blacklist.exp create mode 100644 test/blacklist1.profile create mode 100644 test/blacklist2.profile create mode 100755 test/private-etc.exp diff --git a/README b/README index fabc20313..7513b492f 100644 --- a/README +++ b/README @@ -15,6 +15,12 @@ License: GPL v2 Firejail Authors: netblue30 (netblue30@yahoo.com) +Peter Millerchip (https://github.com/pmillerchip) + - memory allocation fix + - --private.keep to --private-home transition + - support for files and directories starting with ~ in blacklist option + - support for files and directories with spaces in blacklist option + - lots of other fixes Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) - user namespace implementation Reiner Herrmann - a number of build patches, man page fixes, Debian integration @@ -27,10 +33,6 @@ G4JC (http://sourceforge.net/u/gaming4jc/profile/) dewbasaur (https://github.com/dewbasaur) - block access to history files - Firefox PDF.js exploit (CVE-2015-4495) fixes -Peter Millerchip (https://github.com/pmillerchip) - - memory allocation fix - - --private.keep to --private-home transition - - lots of other fixes Michael Haas (https://github.com/mhaas) - bugfixes mjudtmann (https://github.com/mjudtmann) diff --git a/test/blacklist.exp b/test/blacklist.exp new file mode 100755 index 000000000..70012d167 --- /dev/null +++ b/test/blacklist.exp @@ -0,0 +1,76 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# directory with ~ +send -- "firejail --blacklist=~/.config\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls -al ~/.config\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "cannot open directory" +} + +send -- "exit\r" +sleep 1 + +# directory with ~ in profile file +send -- "firejail --profile=blacklist1.profile\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls -al ~/.config\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "cannot open directory" +} + +send -- "exit\r" +sleep 1 + + +# directory with space +send -- "firejail \"--blacklist=dir with space\"\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls -al \"dir with space\"\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "cannot open directory" +} + +send -- "exit\r" +sleep 1 + +# directory with space in profile +send -- "firejail --profile=blacklist2.profile\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls -al \"dir with space\"\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "cannot open directory" +} + + + +puts "\n" + diff --git a/test/blacklist1.profile b/test/blacklist1.profile new file mode 100644 index 000000000..f12facd05 --- /dev/null +++ b/test/blacklist1.profile @@ -0,0 +1 @@ +blacklist ~/.config diff --git a/test/blacklist2.profile b/test/blacklist2.profile new file mode 100644 index 000000000..4bb603db2 --- /dev/null +++ b/test/blacklist2.profile @@ -0,0 +1 @@ +blacklist dir with space diff --git a/test/private-etc.exp b/test/private-etc.exp new file mode 100755 index 000000000..9df798e22 --- /dev/null +++ b/test/private-etc.exp @@ -0,0 +1,46 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# directory with ~ +send -- "firejail --private-etc=passwd,group,resolv.conf,bash_completion.d,timezone\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls -al /etc\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "bash_completion.d" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "group" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "passwd" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "resolv.conf" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "timezone" +} + +send -- "ls -al /etc\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "shadow" {puts "TESTING ERROR 8\n";exit} + "timezone" +} + +sleep 1 +puts "\n" + diff --git a/test/test.sh b/test/test.sh index 5fe01eb2a..83d249b4f 100755 --- a/test/test.sh +++ b/test/test.sh @@ -4,6 +4,14 @@ ./fscheck.sh +echo "TESTING: private-etc" +./private-etc.exp + +mkdir dir\ with\ space +echo "TESTING: blacklist" +./blacklist.exp +rm -fr dir\ with\ space + echo "TESTING: version" ./option_version.exp -- cgit v1.2.3-54-g00ecf