From 495f1c5cdaeeadafcf150080545ae4848dc633ca Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 21 Aug 2017 08:51:08 -0400 Subject: testing --- test/filters/debug.exp | 3 +- test/filters/filters.sh | 10 ++- test/filters/memwrexe-32 | Bin 0 -> 6678 bytes test/filters/memwrexe-32.exp | 34 +++++++++ test/filters/seccomp-debug-32.exp | 145 ++++++++++++++++++++++++++++++++++++++ test/filters/seccomp-debug.exp | 2 +- 6 files changed, 190 insertions(+), 4 deletions(-) create mode 100755 test/filters/memwrexe-32 create mode 100755 test/filters/memwrexe-32.exp create mode 100755 test/filters/seccomp-debug-32.exp (limited to 'test/filters') diff --git a/test/filters/debug.exp b/test/filters/debug.exp index 493022c05..d37353378 100755 --- a/test/filters/debug.exp +++ b/test/filters/debug.exp @@ -38,7 +38,8 @@ after 100 send -- "firejail --debug-protocols\r" expect { timeout {puts "TESTING ERROR 4\n";exit} - "unix, inet, inet6, netlink, packet" + "unix, inet, inet6, netlink, packet" {puts "OK\n"} + "protocol not supported on this platform" {puts "OK\n"} } after 100 diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 3ebb61419..d59d9109b 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh @@ -18,8 +18,11 @@ export PATH="$PATH:/usr/lib/firejail" if [ "$(uname -m)" = "x86_64" ]; then echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" ./memwrexe.exp +elif [ "$(uname -m)" = "i686" ]; then + echo "TESTING: memory-deny-write-execute (test/filters/memwrexe-32.exp)" + ./memwrexe-32.exp else - echo "TESTING SKIP: memwrexe binary only running on x86_64." + echo "TESTING SKIP: memwrexe binary only running on x86_64 and i686." fi echo "TESTING: debug options (test/filters/debug.exp)" @@ -57,8 +60,11 @@ echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)" if [ "$(uname -m)" = "x86_64" ]; then echo "TESTING: seccomp debug (test/filters/seccomp-debug.exp)" ./seccomp-debug.exp +elif [ "$(uname -m)" = "i686" ]; then + echo "TESTING: seccomp debug (test/filters/seccomp-debug-32.exp)" + ./seccomp-debug-32.exp else - echo "TESTING SKIP: protocol, running only on x86_64" + echo "TESTING SKIP: protocol, running only on x86_64 and i686" fi echo "TESTING: seccomp errno (test/filters/seccomp-errno.exp)" diff --git a/test/filters/memwrexe-32 b/test/filters/memwrexe-32 new file mode 100755 index 000000000..70c98b796 Binary files /dev/null and b/test/filters/memwrexe-32 differ diff --git a/test/filters/memwrexe-32.exp b/test/filters/memwrexe-32.exp new file mode 100755 index 000000000..af2159973 --- /dev/null +++ b/test/filters/memwrexe-32.exp @@ -0,0 +1,34 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2017 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --memory-deny-write-execute ./memwrexe-32 mmap\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "mmap successful" {puts "TESTING ERROR 2\n";exit} + "Parent is shutting down" +} +after 100 + +send -- "firejail --memory-deny-write-execute ./memwrexe-32 mprotect\r" +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 11\n";exit} + "mprotect successful" {puts "TESTING ERROR 12\n";exit} + "Parent is shutting down" +} + +after 100 +puts "\nall done\n" diff --git a/test/filters/seccomp-debug-32.exp b/test/filters/seccomp-debug-32.exp new file mode 100755 index 000000000..6983758c3 --- /dev/null +++ b/test/filters/seccomp-debug-32.exp @@ -0,0 +1,145 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2017 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --debug sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "SECCOMP Filter" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "BLACKLIST" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "open_by_handle_at" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "done" +} +after 100 + + +# i686 architecture +send -- "firejail --debug sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "done" +} +after 100 + +# i686 architecture - ignore seccomp +send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} + "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 12\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 13\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} + "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 15\n";exit} + "done" +} +after 100 + +# i686 architecture - ignore protocol +send -- "firejail --debug --ignore=protocol sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 17\n";exit} + "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 19\n";exit} + "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 21\n";exit} + "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} + "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 23\n";exit} + "done" +} +after 100 + +# memory-deny-write-execute +send -- "firejail --debug --memory-deny-write-execute sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 24\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 25\n";exit} + "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 26\n";exit} + "done" +} + + +# i686 architecture - seccomp.block-secondary +send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 27\n";exit} + "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 28\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 29\n";exit} + "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 30\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 33\n";exit} + "done" +} +after 100 + +# i686 architecture - seccomp.block-secondary, profile +send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 33\n";exit} + "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 34\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 35\n";exit} + "Installing /run/firejail/mnt/seccomp.amd64 seccomp filter" {puts "TESTING ERROR 35\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 37\n";exit} + "done" +} +after 100 + +puts "all done\n" diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp index 7f03e45e8..7a4a13991 100755 --- a/test/filters/seccomp-debug.exp +++ b/test/filters/seccomp-debug.exp @@ -106,7 +106,7 @@ expect { } expect { timeout {puts "TESTING ERROR 25\n";exit} - "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" + "Installing /run/firejail/mnt/seccomp.mdwx seccomp filter" } expect { timeout {puts "TESTING ERROR 26\n";exit} -- cgit v1.2.3-54-g00ecf