From aa0194eae75871f3fb5e15d31a9060527711adae Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 8 Mar 2023 17:09:17 -0500 Subject: testing --- test/capabilities/caps.exp | 44 ++++++++++---------------------------------- 1 file changed, 10 insertions(+), 34 deletions(-) (limited to 'test/capabilities/caps.exp') diff --git a/test/capabilities/caps.exp b/test/capabilities/caps.exp index dbd63efda..bd7ab04eb 100755 --- a/test/capabilities/caps.exp +++ b/test/capabilities/caps.exp @@ -7,14 +7,11 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail --caps.keep=chown,fowner --noprofile\r" +send -- "firejail --caps.keep=chown,fowner --noprofile cat /proc/self/status\r" expect { timeout {puts "TESTING ERROR 1\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } -after 100 - -send -- "cat /proc/self/status\r" expect { timeout {puts "TESTING ERROR 2\n";exit} "CapBnd: 0000000000000009" @@ -23,17 +20,13 @@ expect { timeout {puts "TESTING ERROR 3\n";exit} "Seccomp:" } -send -- "exit\r" -sleep 1 +after 500 -send -- "firejail --caps.drop=all --noprofile\r" +send -- "firejail --caps.drop=all --noprofile cat /proc/self/status\r" expect { timeout {puts "TESTING ERROR 4\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } -after 100 - -send -- "cat /proc/self/status\r" expect { timeout {puts "TESTING ERROR 5\n";exit} "CapBnd: 0000000000000000" @@ -42,17 +35,13 @@ expect { timeout {puts "TESTING ERROR 6\n";exit} "Seccomp:" } -send -- "exit\r" -sleep 1 +after 500 -send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r" +send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile cat /proc/self/status\r" expect { timeout {puts "TESTING ERROR 7\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } -after 100 - -send -- "cat /proc/self/status\r" expect { timeout {puts "TESTING ERROR 8\n";exit} "CapBnd:" @@ -65,11 +54,9 @@ expect { timeout {puts "TESTING ERROR 10\n";exit} "Seccomp:" } -send -- "exit\r" -sleep 1 +after 500 - -send -- "firejail --profile=caps1.profile --debug\r" +send -- "firejail --profile=caps1.profile --debug ls\r" expect { timeout {puts "TESTING ERROR 11\n";exit} "Drop CAP_SYS_MODULE" @@ -83,10 +70,7 @@ expect { "Drop CAP_" {puts "TESTING ERROR 14\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } -after 100 -send -- "exit\r" -sleep 1 - +after 500 ## tofix: possible problem with caps.keep in profile files ##send -- "firejail --caps.keep=chown,fowner --noprofile\r" @@ -110,14 +94,11 @@ sleep 1 #sleep 1 #send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r" -send -- "firejail --profile=caps3.profile\r" +send -- "firejail --profile=caps3.profile cat /proc/self/status\r" expect { timeout {puts "TESTING ERROR 18\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } -after 100 - -send -- "cat /proc/self/status\r" expect { timeout {puts "TESTING ERROR 19\n";exit} "CapBnd:" @@ -130,10 +111,5 @@ expect { timeout {puts "TESTING ERROR 21\n";exit} "Seccomp:" } -send -- "exit\r" -sleep 1 - - - -after 100 +after 500 puts "\nall done\n" -- cgit v1.2.3-54-g00ecf