From acf8efb878b84882a9df61eff51fdcaceb522a4c Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 8 Mar 2023 16:23:30 -0500 Subject: testing --- test/filters/caps-join.exp | 96 ------------------------------ test/filters/caps-print.exp | 103 -------------------------------- test/filters/caps.exp | 139 -------------------------------------------- test/filters/caps1.profile | 1 - test/filters/caps2.profile | 1 - test/filters/caps3.profile | 1 - test/filters/filters.sh | 24 ++++---- 7 files changed, 12 insertions(+), 353 deletions(-) delete mode 100755 test/filters/caps-join.exp delete mode 100755 test/filters/caps-print.exp delete mode 100755 test/filters/caps.exp delete mode 100644 test/filters/caps1.profile delete mode 100644 test/filters/caps2.profile delete mode 100644 test/filters/caps3.profile (limited to 'test/filters') diff --git a/test/filters/caps-join.exp b/test/filters/caps-join.exp deleted file mode 100755 index 1830143fb..000000000 --- a/test/filters/caps-join.exp +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -match_max 100000 -spawn $env(SHELL) -set id1 $spawn_id -spawn $env(SHELL) -set id2 $spawn_id - -send -- "stty -echo\r" -after 100 - -# -# regular run -# -set spawn_id $id1 -send -- "firejail --name=jointesting\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -set spawn_id $id2 - -send -- "firejail --join=jointesting cat /proc/self/status\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "CapBnd: 0000000000000000" -} -sleep 1 - -set spawn_id $id1 -send -- "exit\r" -after 100 - -# -# no caps -# -set spawn_id $id1 -send -- "firejail --name=jointesting --noprofile\r" -expect { - timeout {puts "TESTING ERROR 10\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -set spawn_id $id2 - -send -- "firejail --join=jointesting cat /proc/self/status\r" -expect { - timeout {puts "TESTING ERROR 11\n";exit} - "CapBnd:" -} -expect { - timeout {puts "TESTING ERROR 12\n";exit} - "fffffffff" -} -expect { - timeout {puts "TESTING ERROR 13\n";exit} - "CapAmb:" -} -sleep 1 - -set spawn_id $id1 -send -- "exit\r" -after 100 - -# -# no caps -# -set spawn_id $id1 -send -- "firejail --name=jointesting --noprofile --caps.keep=chown,fowner\r" -expect { - timeout {puts "TESTING ERROR20\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -set spawn_id $id2 - -send -- "firejail --join=jointesting cat /proc/self/status\r" -expect { - timeout {puts "TESTING ERROR 21\n";exit} - "CapBnd: 0000000000000009" -} -sleep 1 - -set spawn_id $id1 -send -- "exit\r" -after 100 - -puts "all done\n" diff --git a/test/filters/caps-print.exp b/test/filters/caps-print.exp deleted file mode 100755 index b403f9ffe..000000000 --- a/test/filters/caps-print.exp +++ /dev/null @@ -1,103 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --name=test --noprofile --caps --debug\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Drop CAP_SYS_MODULE" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Drop CAP_SYS_RAWIO" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "Drop CAP_SYS_BOOT" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "Drop CAP_SYS_NICE" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Drop CAP_SYS_TTY_CONFIG" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "Drop CAP_SYSLOG" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "Drop CAP_MKNOD" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "Drop CAP_SYS_ADMIN" -} -expect { - timeout {puts "TESTING ERROR 8\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -sleep 1 - -spawn $env(SHELL) -send -- "firejail --caps.print=test\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "chown - enabled" -} -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "setgid - enabled" -} -expect { - timeout {puts "TESTING ERROR 11\n";exit} - "setuid - enabled" -} -expect { - timeout {puts "TESTING ERROR 12\n";exit} - "mknod - disabled" -} -expect { - timeout {puts "TESTING ERROR 13\n";exit} - "syslog - disabled" -} -after 100 - -send -- "firejail --debug-caps\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "21 - sys_admin" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "22 - sys_boot" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "23 - sys_nice" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "24 - sys_resource" -} -after 100 - -send -- "firejail --caps.keep=\"bla bla bla\"\r" -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "capability" -} -expect { - timeout {puts "TESTING ERROR 11\n";exit} - "not found" -} - -after 100 -puts "\nall done\n" diff --git a/test/filters/caps.exp b/test/filters/caps.exp deleted file mode 100755 index dbd63efda..000000000 --- a/test/filters/caps.exp +++ /dev/null @@ -1,139 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2023 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --caps.keep=chown,fowner --noprofile\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 - -send -- "cat /proc/self/status\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "CapBnd: 0000000000000009" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "Seccomp:" -} -send -- "exit\r" -sleep 1 - -send -- "firejail --caps.drop=all --noprofile\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 - -send -- "cat /proc/self/status\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "CapBnd: 0000000000000000" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "Seccomp:" -} -send -- "exit\r" -sleep 1 - -send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r" -expect { - timeout {puts "TESTING ERROR 7\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 - -send -- "cat /proc/self/status\r" -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "CapBnd:" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "fffffff0" -} -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "Seccomp:" -} -send -- "exit\r" -sleep 1 - - -send -- "firejail --profile=caps1.profile --debug\r" -expect { - timeout {puts "TESTING ERROR 11\n";exit} - "Drop CAP_SYS_MODULE" -} -expect { - timeout {puts "TESTING ERROR 12\n";exit} - "Drop CAP_SYS_ADMIN" -} -expect { - timeout {puts "TESTING ERROR 13\n";exit} - "Drop CAP_" {puts "TESTING ERROR 14\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 -send -- "exit\r" -sleep 1 - - -## tofix: possible problem with caps.keep in profile files -##send -- "firejail --caps.keep=chown,fowner --noprofile\r" -#send -- "firejail --profile=caps2.profile\r" -#expect { -# timeout {puts "TESTING ERROR 15\n";exit} -# -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -#} -#after 100 -# -#send -- "cat /proc/self/status\r" -#expect { -# timeout {puts "TESTING ERROR 16\n";exit} -# "CapBnd: 0000000000000009" -#} -#expect { -# timeout {puts "TESTING ERROR 17\n";exit} -# "Seccomp:" -#} -#send -- "exit\r" -#sleep 1 - -#send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r" -send -- "firejail --profile=caps3.profile\r" -expect { - timeout {puts "TESTING ERROR 18\n";exit} - -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" -} -after 100 - -send -- "cat /proc/self/status\r" -expect { - timeout {puts "TESTING ERROR 19\n";exit} - "CapBnd:" -} -expect { - timeout {puts "TESTING ERROR 20\n";exit} - "fffffff0" -} -expect { - timeout {puts "TESTING ERROR 21\n";exit} - "Seccomp:" -} -send -- "exit\r" -sleep 1 - - - -after 100 -puts "\nall done\n" diff --git a/test/filters/caps1.profile b/test/filters/caps1.profile deleted file mode 100644 index 8b0c3b340..000000000 --- a/test/filters/caps1.profile +++ /dev/null @@ -1 +0,0 @@ -caps diff --git a/test/filters/caps2.profile b/test/filters/caps2.profile deleted file mode 100644 index ad49719f1..000000000 --- a/test/filters/caps2.profile +++ /dev/null @@ -1 +0,0 @@ -caps.drop chown,dac_override,dac_read_search,fowner diff --git a/test/filters/caps3.profile b/test/filters/caps3.profile deleted file mode 100644 index ad49719f1..000000000 --- a/test/filters/caps3.profile +++ /dev/null @@ -1 +0,0 @@ -caps.drop chown,dac_override,dac_read_search,fowner diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 2d115db1b..e19047e6f 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh @@ -57,18 +57,18 @@ echo "TESTING: noroot (test/filters/noroot.exp)" ./noroot.exp -if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then - echo "TESTING: capabilities (test/filters/caps.exp)" - ./caps.exp -else - echo "TESTING SKIP: other capabilities than expected (test/filters/caps.exp)" -fi - -echo "TESTING: capabilities print (test/filters/caps-print.exp)" -./caps-print.exp - -echo "TESTING: capabilities join (test/filters/caps-join.exp)" -./caps-join.exp +#if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then +# echo "TESTING: capabilities (test/filters/caps.exp)" +# ./caps.exp +#else +# echo "TESTING SKIP: other capabilities than expected (test/filters/caps.exp)" +#fi +# +#echo "TESTING: capabilities print (test/filters/caps-print.exp)" +#./caps-print.exp +# +#echo "TESTING: capabilities join (test/filters/caps-join.exp)" +#./caps-join.exp rm -f seccomp-test-file if [[ $(uname -m) == "x86_64" ]]; then -- cgit v1.2.3-54-g00ecf