From e4eada2b2f3ee0bfdd8dd536f5237a8535cc285d Mon Sep 17 00:00:00 2001 From: Reiner Herrmann Date: Mon, 1 Mar 2021 20:21:19 +0100 Subject: tests: drop (f)audit from tests --- test/arguments/arguments.sh | 2 +- test/utils/audit.exp | 167 -------------------------------------------- test/utils/utils.sh | 9 +-- 3 files changed, 2 insertions(+), 176 deletions(-) delete mode 100755 test/utils/audit.exp diff --git a/test/arguments/arguments.sh b/test/arguments/arguments.sh index 583d77a26..749e1b500 100755 --- a/test/arguments/arguments.sh +++ b/test/arguments/arguments.sh @@ -6,7 +6,7 @@ export LC_ALL=C if [ -f /etc/debian_version ]; then - libdir=$(dirname "$(dpkg -L firejail | grep faudit)") + libdir=$(dirname "$(dpkg -L firejail | grep fcopy)") export PATH="$PATH:$libdir" fi export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" diff --git a/test/utils/audit.exp b/test/utils/audit.exp deleted file mode 100755 index ba537c3af..000000000 --- a/test/utils/audit.exp +++ /dev/null @@ -1,167 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2021 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --audit\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Firejail Audit" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "is running in a PID namespace" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "container/sandbox firejail" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "seccomp BPF enabled" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "all capabilities are disabled" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "dev directory seems to be fully populated" -} -expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "Parent is shutting down, bye..." -} -after 100 - - -send -- "firejail --audit\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "Firejail Audit" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "is running in a PID namespace" -} -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "container/sandbox firejail" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "seccomp BPF enabled" -} -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "all capabilities are disabled" -} -expect { - timeout {puts "TESTING ERROR 11\n";exit} - "dev directory seems to be fully populated" -} -expect { - timeout {puts "TESTING ERROR 11.1\n";exit} - "Parent is shutting down, bye..." -} -after 100 - -send -- "firejail --audit=blablabla\r" -expect { - timeout {puts "TESTING ERROR 12\n";exit} - "cannot find the audit program" -} -after 100 - -send -- "firejail --audit=\r" -expect { - timeout {puts "TESTING ERROR 12\n";exit} - "invalid audit program" -} -after 100 - -# run audit executable without a sandbox -send -- "faudit\r" -expect { - timeout {puts "TESTING ERROR 13\n";exit} - "is not running in a PID namespace" -} -expect { - timeout {puts "TESTING ERROR 14\n";exit} - "BAD: seccomp disabled" -} -expect { - timeout {puts "TESTING ERROR 15\n";exit} - "BAD: the capability map is" -} -expect { - timeout {puts "TESTING ERROR 16\n";exit} - "MAYBE: /dev directory seems to be fully populated" -} -after 100 - -# test seccomp -send -- "firejail --seccomp.drop=mkdir --audit\r" -expect { - timeout {puts "TESTING ERROR 17\n";exit} - "Firejail Audit" -} -expect { - timeout {puts "TESTING ERROR 18\n";exit} - "GOOD: seccomp BPF enabled" -} -expect { - timeout {puts "TESTING ERROR 19\n";exit} - "UGLY: mount syscall permitted" -} -expect { - timeout {puts "TESTING ERROR 20\n";exit} - "UGLY: umount2 syscall permitted" -} -expect { - timeout {puts "TESTING ERROR 21\n";exit} - "UGLY: ptrace syscall permitted" -} -expect { - timeout {puts "TESTING ERROR 22\n";exit} - "UGLY: swapon syscall permitted" -} -expect { - timeout {puts "TESTING ERROR 23\n";exit} - "UGLY: swapoff syscall permitted" -} -expect { - timeout {puts "TESTING ERROR 24\n";exit} - "UGLY: init_module syscall permitted" -} -expect { - timeout {puts "TESTING ERROR 25\n";exit} - "UGLY: delete_module syscall permitted" -} -expect { - timeout {puts "TESTING ERROR 26\n";exit} - "UGLY: chroot syscall permitted" -} -expect { - timeout {puts "TESTING ERROR 27\n";exit} - "UGLY: pivot_root syscall permitted" -} -expect { - timeout {puts "TESTING ERROR 28\n";exit} - "UGLY: iopl syscall permitted" -} -expect { - timeout {puts "TESTING ERROR 29\n";exit} - "UGLY: ioperm syscall permitted" -} -expect { - timeout {puts "TESTING ERROR 30\n";exit} - "GOOD: all capabilities are disabled" -} -after 100 - -puts "\nall done\n" diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 9ef409ae7..c021d6287 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh @@ -8,7 +8,7 @@ export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) export LC_ALL=C if [ -f /etc/debian_version ]; then - libdir=$(dirname "$(dpkg -L firejail | grep faudit)") + libdir=$(dirname "$(dpkg -L firejail | grep fcopy)") export PATH="$PATH:$libdir" fi export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" @@ -18,13 +18,6 @@ echo "TESTING: build (test/utils/build.exp)" rm -f ~/firejail-test-file-7699 rm -f firejail-test-file-4388 -if [ $(faudit | grep -c "is running in a PID namespace.") -gt 0 ]; then - echo "TESTING SKIP: already running in pid namespace (test/utils/audit.exp)" -else - echo "TESTING: audit (test/utils/audit.exp)" - ./audit.exp -fi - echo "TESTING: name (test/utils/name.exp)" ./name.exp -- cgit v1.2.3-54-g00ecf