From 57bea6c8c4d1bd666ce57057b1cbb681b3cc4afc Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 3 May 2016 08:41:24 -0400 Subject: networking features testing --- test/profiles/profile_followlnk.exp | 37 +++++++++++++++++++++++++++++++++++++ test/profiles/profile_noperm.exp | 13 +++++++++++++ test/profiles/profile_readonly.exp | 36 ++++++++++++++++++++++++++++++++++++ test/profiles/profiles.sh | 9 +++++++++ test/profiles/readonly-lnk.profile | 2 ++ test/profiles/readonly.profile | 2 ++ 6 files changed, 99 insertions(+) create mode 100755 test/profiles/profile_followlnk.exp create mode 100755 test/profiles/profile_noperm.exp create mode 100755 test/profiles/profile_readonly.exp create mode 100644 test/profiles/readonly-lnk.profile create mode 100644 test/profiles/readonly.profile (limited to 'test/profiles') diff --git a/test/profiles/profile_followlnk.exp b/test/profiles/profile_followlnk.exp new file mode 100755 index 000000000..4d89de26b --- /dev/null +++ b/test/profiles/profile_followlnk.exp @@ -0,0 +1,37 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "mkdir /tmp/firejailtestdir\r" +send -- "ln -s /tmp/firejailtestdir /tmp/firejailtestdirlnk\r" +send -- "touch /tmp/firejailtestfile\r" +send -- "ln -s /tmp/firejailtestfile /tmp/firejailtestfilelnk\r" +sleep 1 + +send -- "firejail --profile=readonly-lnk.profile\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} + +send -- "ls > /tmp/firejailtestdirlnk/ttt\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Read-only file system" +} +sleep 1 + +send -- "ls > /tmp/firejailtestfilelnk;pwd\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Read-only file system" +} +sleep 1 + +send -- "exit\r" +send -- "rm -fr /tmp/firejailtest*\r" +sleep 1 + +puts "\nall done\n" diff --git a/test/profiles/profile_noperm.exp b/test/profiles/profile_noperm.exp new file mode 100755 index 000000000..25ec580bd --- /dev/null +++ b/test/profiles/profile_noperm.exp @@ -0,0 +1,13 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --profile=/etc/shadow\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "cannot access profile" +} +sleep 1 +puts "\nall done\n" diff --git a/test/profiles/profile_readonly.exp b/test/profiles/profile_readonly.exp new file mode 100755 index 000000000..e8e78d6ad --- /dev/null +++ b/test/profiles/profile_readonly.exp @@ -0,0 +1,36 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "mkdir /tmp/firejailtestdir\r" +send -- "touch /tmp/firejailtestfile\r" +sleep 1 + +send -- "firejail --profile=readonly.profile\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 2 + +send -- "ls > /tmp/firejailtestdir/ttt\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Read-only file system" +} +sleep 1 + +send -- "ls > /tmp/firejailtestfile\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Read-only file system" +} +send -- "exit\r" +sleep 1 + +send -- "rm -fr /tmp/firejailtest*\r" +sleep 1 + +puts "\nall done\n" diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh index e3adc8a4f..ca0b9fb29 100755 --- a/test/profiles/profiles.sh +++ b/test/profiles/profiles.sh @@ -23,3 +23,12 @@ echo "TESTING: profile syntax 2 (test/profiles/profile_syntax2.exp)" echo "TESTING: ignore command (test/profiles/ignore.exp)" ./ignore.exp +echo "TESTING: profile read-only (test/profiles/profile_readonly.exp)" +./profile_readonly.exp + +echo "TESTING: profile read-only links (test/profiles/profile_readonly.exp)" +./profile_followlnk.exp + +echo "TESTING: profile no permissions (test/profiles/profile_noperm.exp)" +./profile_noperm.exp + diff --git a/test/profiles/readonly-lnk.profile b/test/profiles/readonly-lnk.profile new file mode 100644 index 000000000..71ffb1a26 --- /dev/null +++ b/test/profiles/readonly-lnk.profile @@ -0,0 +1,2 @@ +read-only /tmp/firejailtestdirlnk +read-only /tmp/firejailtestfilelnk diff --git a/test/profiles/readonly.profile b/test/profiles/readonly.profile new file mode 100644 index 000000000..55d89e3d7 --- /dev/null +++ b/test/profiles/readonly.profile @@ -0,0 +1,2 @@ +read-only /tmp/firejailtestdir +read-only /tmp/firejailtestfile \ No newline at end of file -- cgit v1.2.3-54-g00ecf