From 55fb69f4f500e8a6cbd3ce2cdc95c03d46b078e0 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 28 Feb 2023 10:07:35 -0500 Subject: chroot testing --- test/chroot/chroot.sh | 4 +++- test/chroot/configure | 10 ++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) (limited to 'test/chroot') diff --git a/test/chroot/chroot.sh b/test/chroot/chroot.sh index a1fb3ee38..3b10cbc59 100755 --- a/test/chroot/chroot.sh +++ b/test/chroot/chroot.sh @@ -11,12 +11,14 @@ rm -f unchroot gcc -o unchroot unchroot.c sudo ./configure + echo "TESTING: chroot disabled (test/chroot/fs_chroot_disabled.exp)" +sudo sed -i s/"chroot yes"/"# chroot no"/g /etc/firejail/firejail.config ./fs_chroot_disabled.exp -sudo sed -i s/"# chroot no"/"chroot yes"/g /etc/firejail/firejail.config echo "TESTING: chroot (test/chroot/fs_chroot.exp)" +sudo sed -i s/"# chroot no"/"chroot yes"/g /etc/firejail/firejail.config ./fs_chroot.exp echo "TESTING: unchroot as root (test/chroot/unchroot-as-root.exp)" diff --git a/test/chroot/configure b/test/chroot/configure index af511f9c7..f7bfedf10 100755 --- a/test/chroot/configure +++ b/test/chroot/configure @@ -8,7 +8,7 @@ ROOTDIR="/tmp/chroot" # default chroot directory DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc -DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /usr/bin/touch /bin/grep" +DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/ping /usr/bin/touch /bin/grep" rm -fr $ROOTDIR mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc,sys} @@ -18,6 +18,10 @@ mkdir -p $ROOTDIR/home/netblue/.config/firejail chown netblue:netblue $ROOTDIR/home/netblue chown netblue:netblue $ROOTDIR/home/netblue/.config cp /home/netblue/.Xauthority $ROOTDIR/home/netblue/. +mkdir -p $ROOTDIR/home/runner/.config/firejail +chown runner:runner $ROOTDIR/home/runner +chown runner:runner $ROOTDIR/home/runner/.config + cp -a /etc/skel $ROOTDIR/etc/. mkdir $ROOTDIR/home/someotheruser mkdir $ROOTDIR/boot @@ -27,8 +31,6 @@ cp /etc/group $ROOTDIR/etc/. cp /etc/hosts $ROOTDIR/etc/. cp /etc/hostname $ROOTDIR/etc/. mkdir -p $ROOTDIR/usr/lib/x86_64-linux-gnu -cp -a /usr/lib/x86_64-linux-gnu/openssl-1.0.0 $ROOTDIR/usr/lib/x86_64-linux-gnu/. -cp -a /usr/lib/ssl $ROOTDIR/usr/lib/. touch $ROOTDIR/var/log/syslog touch $ROOTDIR/var/tmp/somefile SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE | grep -v dynamic | cut -d " " -f 3; done | sort -u` @@ -41,7 +43,7 @@ cp --parents /lib/ld-linux.so.2 $ROOTDIR cp unchroot $ROOTDIR/. touch $ROOTDIR/this-is-my-chroot -cd $ROOTDIR; find . +cd $ROOTDIR; mkdir -p usr/lib/firejail/ cp /usr/lib/firejail/libtrace.so usr/lib/firejail/. -- cgit v1.2.3-54-g00ecf