From 8706d0591301cffd3965695107c767dae54cceb3 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 28 Dec 2017 15:36:40 -0500 Subject: testing --- test/filters/fseccomp.exp | 52 +++++++++++++++++++++--------------------- test/filters/seccomp-debug.exp | 8 ++----- test/filters/seccomp-empty.exp | 34 +++++++++++++++++++-------- test/filters/seccomp-errno.exp | 12 ++++++---- 4 files changed, 61 insertions(+), 45 deletions(-) (limited to 'test/filters') diff --git a/test/filters/fseccomp.exp b/test/filters/fseccomp.exp index a71c35302..15959ff26 100755 --- a/test/filters/fseccomp.exp +++ b/test/filters/fseccomp.exp @@ -31,104 +31,104 @@ expect { after 100 send -- "fseccomp protocol build unix,inet seccomp-test-file\r" after 100 -send -- "fseccomp print seccomp-test-file\r" +send -- "fsec-print seccomp-test-file\r" expect { timeout {puts "TESTING ERROR 4.1\n";exit} - "WHITELIST 41 socket" + "jeq socket" } after 100 send -- "fseccomp secondary 64 seccomp-test-file\r" after 100 -send -- "fseccomp print seccomp-test-file\r" +send -- "fsec-print seccomp-test-file\r" expect { timeout {puts "TESTING ERROR 5.1\n";exit} - "BLACKLIST 165 mount" + "jeq mount" } expect { timeout {puts "TESTING ERROR 5.2\n";exit} - "BLACKLIST 166 umount2" + "jeq umount2" } expect { timeout {puts "TESTING ERROR 5.3\n";exit} - "RETURN_ALLOW" + "ret ALLOW" } after 100 send -- "fseccomp default seccomp-test-file\r" after 100 -send -- "fseccomp print seccomp-test-file\r" +send -- "fsec-print seccomp-test-file\r" expect { timeout {puts "TESTING ERROR 6.1\n";exit} - "BLACKLIST 165 mount" + "jeq mount" } expect { timeout {puts "TESTING ERROR 6.2\n";exit} - "BLACKLIST 166 umount2" + "jeq umount2" } expect { timeout {puts "TESTING ERROR 6.3\n";exit} - "RETURN_ALLOW" + "ret ALLOW" } after 100 send -- "fseccomp drop seccomp-test-file tmpfile chmod,chown\r" after 100 -send -- "fseccomp print seccomp-test-file\r" +send -- "fsec-print seccomp-test-file\r" expect { timeout {puts "TESTING ERROR 7.1\n";exit} - "BLACKLIST 165 mount" {puts "TESTING ERROR 7.2\n";exit} - "BLACKLIST 166 umount2" {puts "TESTING ERROR 7.3\n";exit} - "BLACKLIST 90 chmod" + "jeq mount" {puts "TESTING ERROR 7.2\n";exit} + "jeq umount2" {puts "TESTING ERROR 7.3\n";exit} + "jeq chmod" } expect { timeout {puts "TESTING ERROR 7.4\n";exit} - "BLACKLIST 92 chown" + "jeq chown" } expect { timeout {puts "TESTING ERROR 7.5\n";exit} - "RETURN_ALLOW" + "ret ALLOW" } after 100 send -- "fseccomp default drop seccomp-test-file tmpfile chmod,chown\r" after 100 -send -- "fseccomp print seccomp-test-file\r" +send -- "fsec-print seccomp-test-file\r" expect { timeout {puts "TESTING ERROR 8.1\n";exit} - "BLACKLIST 165 mount" + "jeq mount" } expect { timeout {puts "TESTING ERROR 8.2\n";exit} - "BLACKLIST 166 umount2" + "jeq umount2" } expect { timeout {puts "TESTING ERROR 8.3\n";exit} - "BLACKLIST 90 chmod" + "jeq chmod" } expect { timeout {puts "TESTING ERROR 8.4\n";exit} - "BLACKLIST 92 chown" + "jeq chown" } expect { timeout {puts "TESTING ERROR 8.5\n";exit} - "RETURN_ALLOW" + "ret ALLOW" } after 100 send -- "fseccomp keep seccomp-test-file tmpfile chmod,chown\r" after 100 -send -- "fseccomp print seccomp-test-file\r" +send -- "fsec-print seccomp-test-file\r" expect { timeout {puts "TESTING ERROR 9.1\n";exit} - "WHITELIST 90 chmod" + "jeq chmod" } expect { timeout {puts "TESTING ERROR 9.2\n";exit} - "WHITELIST 92 chown" + "jeq chown" } expect { timeout {puts "TESTING ERROR 9.3\n";exit} - "KILL_PROCESS" + "ret KILL" } diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp index f90bbfa03..ee72e34ae 100755 --- a/test/filters/seccomp-debug.exp +++ b/test/filters/seccomp-debug.exp @@ -13,15 +13,11 @@ after 100 send -- "firejail --debug sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "SECCOMP Filter" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "BLACKLIST" + "seccomp entries in /run/firejail/mnt/seccomp" } expect { timeout {puts "TESTING ERROR 2\n";exit} - "open_by_handle_at" + "jeq open_by_handle_at" } expect { timeout {puts "TESTING ERROR 3\n";exit} diff --git a/test/filters/seccomp-empty.exp b/test/filters/seccomp-empty.exp index 03e081b34..77e8a2651 100755 --- a/test/filters/seccomp-empty.exp +++ b/test/filters/seccomp-empty.exp @@ -10,7 +10,11 @@ match_max 100000 send -- "firejail --debug --seccomp=chmod,fchmod,fchmodat --private\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "VALIDATE_ARCHITECTURE" + "seccomp entries in /run/firejail/mnt/seccomp" +} +expect { + timeout {puts "TESTING ERROR 0.0\n";exit} + "ld data.architecture" } expect { timeout {puts "TESTING ERROR 0.1\n";exit} @@ -34,7 +38,7 @@ expect { } expect { timeout {puts "TESTING ERROR 0.6\n";exit} - "RETURN_ALLOW" + "ret ALLOW" } expect { timeout {puts "TESTING ERROR 0.7\n";exit} @@ -48,7 +52,11 @@ puts "\n" send -- "firejail --debug --seccomp.drop=chmod,fchmod,fchmodat --private\r" expect { timeout {puts "TESTING ERROR 1\n";exit} - "VALIDATE_ARCHITECTURE" + "seccomp entries in /run/firejail/mnt/seccomp" +} +expect { + timeout {puts "TESTING ERROR 1.0\n";exit} + "ld data.architecture" } expect { timeout {puts "TESTING ERROR 1.1\n";exit} @@ -66,7 +74,7 @@ expect { } expect { timeout {puts "TESTING ERROR 1.6\n";exit} - "RETURN_ALLOW" + "ret ALLOW" } expect { timeout {puts "TESTING ERROR 1.7\n";exit} @@ -80,7 +88,11 @@ sleep 2 send -- "firejail --debug --profile=seccomp.profile --private\r" expect { timeout {puts "TESTING ERROR 2\n";exit} - "VALIDATE_ARCHITECTURE" + "seccomp entries in /run/firejail/mnt/seccomp" +} +expect { + timeout {puts "TESTING ERROR 2.0\n";exit} + "ld data.architecture" } expect { timeout {puts "TESTING ERROR 2.1\n";exit} @@ -104,7 +116,7 @@ expect { } expect { timeout {puts "TESTING ERROR 2.6\n";exit} - "RETURN_ALLOW" + "ret ALLOW" } expect { timeout {puts "TESTING ERROR 2.7\n";exit} @@ -118,7 +130,11 @@ puts "\n" send -- "firejail --debug --profile=seccomp-empty.profile --private\r" expect { timeout {puts "TESTING ERROR 3\n";exit} - "VALIDATE_ARCHITECTURE" + "seccomp entries in /run/firejail/mnt/seccomp" +} +expect { + timeout {puts "TESTING ERROR 3.0\n";exit} + "ld data.architecture" } expect { timeout {puts "TESTING ERROR 3.1\n";exit} @@ -136,7 +152,7 @@ expect { } expect { timeout {puts "TESTING ERROR 3.6\n";exit} - "RETURN_ALLOW" + "ret ALLOW" } expect { timeout {puts "TESTING ERROR 3.7\n";exit} @@ -145,4 +161,4 @@ expect { sleep 2 send -- "exit\r" after 100 -puts "\n" +puts "all done\n" diff --git a/test/filters/seccomp-errno.exp b/test/filters/seccomp-errno.exp index eeb0824f2..458fccc4e 100755 --- a/test/filters/seccomp-errno.exp +++ b/test/filters/seccomp-errno.exp @@ -20,19 +20,23 @@ sleep 1 send -- "firejail --seccomp=unlinkat:ENOENT --debug rm seccomp-test-file\r" expect { timeout {puts "TESTING ERROR 1\n";exit} - "unlinkat 2 ENOENT" + "seccomp entries in /run/firejail/mnt/seccomp" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "ret ERRNO(2)" } sleep 1 send -- "firejail --seccomp=unlinkat:ENOENT,mkdir:ENOENT\r" expect { - timeout {puts "TESTING ERROR 2\n";exit} + timeout {puts "TESTING ERROR 3\n";exit} "Child process initialized" } sleep 1 send -- "rm seccomp-test-file\r" expect { - timeout {puts "TESTING ERROR 3\n";exit} + timeout {puts "TESTING ERROR 4\n";exit} "No such file or directory" } after 100 @@ -40,7 +44,7 @@ puts "\n" send -- "mkdir seccomp-test-dir\r" expect { - timeout {puts "TESTING ERROR 4\n";exit} + timeout {puts "TESTING ERROR 5\n";exit} "No such file or directory" } after 100 -- cgit v1.2.3-54-g00ecf