From a1272742cfbdbfe999a701f804b58ceb4605713d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 30 Apr 2016 07:27:31 -0400 Subject: added make test-filters --- test/filters/noroot.exp | 156 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100755 test/filters/noroot.exp (limited to 'test/filters/noroot.exp') diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp new file mode 100755 index 000000000..a1f6ce88d --- /dev/null +++ b/test/filters/noroot.exp @@ -0,0 +1,156 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --noprofile --noroot --caps.drop=all --seccomp\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "cat /proc/self/status\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "CapBnd: 0000000000000000" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Seccomp:" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "2" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Cpus_allowed:" +} +puts "\n" + +send -- "ping 0\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Operation not permitted" +} +send -- "whoami\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + $env(USER) +} +send -- "sudo -s\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} + "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} +} +send -- "cat /proc/self/uid_map | wc -l\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "1" +} +send -- "cat /proc/self/gid_map | wc -l\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "3" +} + +puts "\n" +send -- "exit\r" +sleep 2 + + + +send -- "firejail --name=test --noroot --noprofile\r" +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "cat /proc/self/status\r" +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "CapBnd:" +} +expect { + timeout {puts "TESTING ERROR 11\n";exit} + "ffffffff" +} +expect { + timeout {puts "TESTING ERROR 12\n";exit} + "Seccomp:" +} +expect { + timeout {puts "TESTING ERROR 13\n";exit} + "0" +} +expect { + timeout {puts "TESTING ERROR 14\n";exit} + "Cpus_allowed:" +} +puts "\n" + +send -- "whoami\r" +expect { + timeout {puts "TESTING ERROR 15\n";exit} + $env(USER) +} +send -- "sudo -s\r" +expect { + timeout {puts "TESTING ERROR 16\n";exit} + "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} + "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} +} +send -- "ping 0\r" +expect { + timeout {puts "TESTING ERROR 17\n";exit} + "Operation not permitted" +} +send -- "cat /proc/self/uid_map | wc -l\r" +expect { + timeout {puts "TESTING ERROR 18\n";exit} + "1" +} +send -- "cat /proc/self/gid_map | wc -l\r" +expect { + timeout {puts "TESTING ERROR 19\n";exit} + "3" +} + + + +spawn $env(SHELL) +send -- "firejail --debug --join=test\r" +expect { + timeout {puts "TESTING ERROR 20\n";exit} + "User namespace detected" +} +expect { + timeout {puts "TESTING ERROR 21\n";exit} + "Joining user namespace" +} +sleep 1 + +send -- "sudo -s\r" +expect { + timeout {puts "TESTING ERROR 22\n";exit} + "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} + "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} +} +send -- "cat /proc/self/uid_map | wc -l\r" +expect { + timeout {puts "TESTING ERROR 23\n";exit} + "1" +} +send -- "cat /proc/self/gid_map | wc -l\r" +expect { + timeout {puts "TESTING ERROR 24\n";exit} + "3" +} +puts "\nall done\n" -- cgit v1.2.3-54-g00ecf