From acf8efb878b84882a9df61eff51fdcaceb522a4c Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 8 Mar 2023 16:23:30 -0500 Subject: testing --- test/capabilities/caps.exp | 139 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100755 test/capabilities/caps.exp (limited to 'test/capabilities/caps.exp') diff --git a/test/capabilities/caps.exp b/test/capabilities/caps.exp new file mode 100755 index 000000000..dbd63efda --- /dev/null +++ b/test/capabilities/caps.exp @@ -0,0 +1,139 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2023 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --caps.keep=chown,fowner --noprofile\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +after 100 + +send -- "cat /proc/self/status\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "CapBnd: 0000000000000009" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Seccomp:" +} +send -- "exit\r" +sleep 1 + +send -- "firejail --caps.drop=all --noprofile\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +after 100 + +send -- "cat /proc/self/status\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "CapBnd: 0000000000000000" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "Seccomp:" +} +send -- "exit\r" +sleep 1 + +send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +after 100 + +send -- "cat /proc/self/status\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "CapBnd:" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "fffffff0" +} +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "Seccomp:" +} +send -- "exit\r" +sleep 1 + + +send -- "firejail --profile=caps1.profile --debug\r" +expect { + timeout {puts "TESTING ERROR 11\n";exit} + "Drop CAP_SYS_MODULE" +} +expect { + timeout {puts "TESTING ERROR 12\n";exit} + "Drop CAP_SYS_ADMIN" +} +expect { + timeout {puts "TESTING ERROR 13\n";exit} + "Drop CAP_" {puts "TESTING ERROR 14\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +after 100 +send -- "exit\r" +sleep 1 + + +## tofix: possible problem with caps.keep in profile files +##send -- "firejail --caps.keep=chown,fowner --noprofile\r" +#send -- "firejail --profile=caps2.profile\r" +#expect { +# timeout {puts "TESTING ERROR 15\n";exit} +# -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +#} +#after 100 +# +#send -- "cat /proc/self/status\r" +#expect { +# timeout {puts "TESTING ERROR 16\n";exit} +# "CapBnd: 0000000000000009" +#} +#expect { +# timeout {puts "TESTING ERROR 17\n";exit} +# "Seccomp:" +#} +#send -- "exit\r" +#sleep 1 + +#send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r" +send -- "firejail --profile=caps3.profile\r" +expect { + timeout {puts "TESTING ERROR 18\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +after 100 + +send -- "cat /proc/self/status\r" +expect { + timeout {puts "TESTING ERROR 19\n";exit} + "CapBnd:" +} +expect { + timeout {puts "TESTING ERROR 20\n";exit} + "fffffff0" +} +expect { + timeout {puts "TESTING ERROR 21\n";exit} + "Seccomp:" +} +send -- "exit\r" +sleep 1 + + + +after 100 +puts "\nall done\n" -- cgit v1.2.3-54-g00ecf