From ad2f7bc496e3cc83bca2381515312dd2ef6fc7f1 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 21 Apr 2016 14:37:53 -0400 Subject: make test-profiles --- test/profiles/profile_syntax.exp | 66 +++++++++++++++++++++++++++++++++++++++ test/profiles/profile_syntax2.exp | 50 +++++++++++++++++++++++++++++ test/profiles/profiles.sh | 19 +++++++++++ test/profiles/test-profile.exp | 23 ++++++++++++++ test/profiles/test.profile | 5 +++ test/profiles/test2.profile | 4 +++ 6 files changed, 167 insertions(+) create mode 100755 test/profiles/profile_syntax.exp create mode 100755 test/profiles/profile_syntax2.exp create mode 100755 test/profiles/profiles.sh create mode 100755 test/profiles/test-profile.exp create mode 100644 test/profiles/test.profile create mode 100644 test/profiles/test2.profile (limited to 'test/profiles') diff --git a/test/profiles/profile_syntax.exp b/test/profiles/profile_syntax.exp new file mode 100755 index 000000000..ecad1043b --- /dev/null +++ b/test/profiles/profile_syntax.exp @@ -0,0 +1,66 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --profile=test.profile\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} + +sleep 2 +send -- "cat /sbin/iptables\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "No such file" {puts "\nTESTING /sbin/iptables not found\n"} + "Permission denied" +} + +sleep 1 +send -- "ls -l /etc/shadow\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "root root 0" +} + +sleep 1 +send -- "rmdir;pwd\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Permission denied" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "home" +} + +sleep 1 +send -- "mount;pwd\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "Permission denied" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "home" +} + +sleep 1 +send -- "umount;pwd\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "Permission denied" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "home" +} +send -- "exit\r" + +sleep 1 +puts "\n" diff --git a/test/profiles/profile_syntax2.exp b/test/profiles/profile_syntax2.exp new file mode 100755 index 000000000..ba83731be --- /dev/null +++ b/test/profiles/profile_syntax2.exp @@ -0,0 +1,50 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --debug --profile=test2.profile\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Reading profile test2.profile" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Reading profile test.profile" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Mounting a new /home directory" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Disable /bin/rmdir" {puts "Most Linux platforms\n"} + "Disable /usr/bin/rmdir" { puts "OpenSUSE platform\n"} +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Drop CAP_SYS_MODULE" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "SECCOMP Filter" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "BLACKLIST" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "mount" +} +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "Child process initialized" +} + +sleep 1 +puts "\nall done\n" diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh new file mode 100755 index 000000000..ea1f51c1a --- /dev/null +++ b/test/profiles/profiles.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +echo "TESTING: default profiles installed in /etc" +PROFILES=`ls /etc/firejail/*.profile` +for PROFILE in $PROFILES +do + echo "TESTING: $PROFILE" + ./test-profile.exp $PROFILE +done + +echo "TESTING: profile syntax (profiles/profile_syntax.exp)" +./profile_syntax.exp + +echo "TESTING: profile syntax 2 (profiles/profile_syntax2.exp)" +./profile_syntax2.exp + diff --git a/test/profiles/test-profile.exp b/test/profiles/test-profile.exp new file mode 100755 index 000000000..590b42652 --- /dev/null +++ b/test/profiles/test-profile.exp @@ -0,0 +1,23 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +if { $argc != 1 } { + puts "TESTING ERROR: argument missing" + puts "Usage: test-profile.exp profile_name" + exit +} + +send -- "firejail --profile=$argv /bin/bash\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +send -- "exit\r" +after 100 +puts "\n" diff --git a/test/profiles/test.profile b/test/profiles/test.profile new file mode 100644 index 000000000..1d69cc960 --- /dev/null +++ b/test/profiles/test.profile @@ -0,0 +1,5 @@ + blacklist /sbin/iptables +blacklist /etc/shadow + blacklist /bin/rmdir +blacklist ${PATH}/umount +blacklist ${PATH}/mount diff --git a/test/profiles/test2.profile b/test/profiles/test2.profile new file mode 100644 index 000000000..d7e1a1f21 --- /dev/null +++ b/test/profiles/test2.profile @@ -0,0 +1,4 @@ +caps +seccomp + private + include test.profile -- cgit v1.2.3-54-g00ecf