From 1cb3f220153b733e9fe86fc0b5ed6d7dbe27670b Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 22 Nov 2015 21:50:28 -0500 Subject: feature testing --- test/configure | 6 +- test/features/2.1.exp | 99 +++++++++++++++ test/features/2.2.exp | 105 +++++++++++++++ test/features/2.3.exp | 309 +++++++++++++++++++++++++++++++++++++++++++++ test/features/2.4.exp | 232 ++++++++++++++++++++++++++++++++++ test/features/features.txt | 11 +- test/features/test.sh | 12 ++ 7 files changed, 767 insertions(+), 7 deletions(-) create mode 100755 test/features/2.1.exp create mode 100755 test/features/2.2.exp create mode 100755 test/features/2.3.exp create mode 100755 test/features/2.4.exp (limited to 'test') diff --git a/test/configure b/test/configure index ae6a49eeb..1dd80ee9a 100755 --- a/test/configure +++ b/test/configure @@ -22,7 +22,7 @@ ROOTDIR="/tmp/chroot" # default chroot directory DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc -DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/grep /usr/bin/id /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" +DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/ping /sbin/ifconfig /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" rm -fr $ROOTDIR mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} @@ -33,6 +33,10 @@ mkdir $ROOTDIR/boot mkdir $ROOTDIR/selinux cp /etc/passwd $ROOTDIR/etc/. cp /etc/group $ROOTDIR/etc/. +cp /etc/hosts $ROOTDIR/etc/. +mkdir -p $ROOTDIR/usr/lib/x86_64-linux-gnu +cp -a /usr/lib/x86_64-linux-gnu/openssl-1.0.0 $ROOTDIR/usr/lib/x86_64-linux-gnu/. +cp -a /usr/lib/ssl $ROOTDIR/usr/lib/. touch $ROOTDIR/var/log/syslog touch $ROOTDIR/var/tmp/somefile SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE | grep -v dynamic | cut -d " " -f 3; done | sort -u` diff --git a/test/features/2.1.exp b/test/features/2.1.exp new file mode 100755 index 000000000..6b2b3f7f5 --- /dev/null +++ b/test/features/2.1.exp @@ -0,0 +1,99 @@ +#!/usr/bin/expect -f +# +# hostname +# + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# +# N +# +send -- "firejail --noprofile --hostname=bingo\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "hostname\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "bingo" +} +after 100 +send -- "getent hosts bingo\r" +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "bingo" +} +after 100 +send -- "exit\r" +sleep 1 + + +# +# O +# +send -- "firejail --noprofile --hostname=bingo --overlay\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "hostname\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "bingo" +} +after 100 +send -- "getent hosts bingo\r" +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 3.2\n";exit} + "bingo" +} +after 100 +send -- "exit\r" +sleep 1 + +# +# C +# +send -- "firejail --noprofile --hostname=bingo --chroot=/tmp/chroot\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "hostname\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "bingo" +} +after 100 +send -- "getent hosts bingo\r" +expect { + timeout {puts "TESTING ERROR 5.1\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 5.2\n";exit} + "bingo" +} +after 100 +send -- "exit\r" +sleep 1 + + +puts "\nall done\n" diff --git a/test/features/2.2.exp b/test/features/2.2.exp new file mode 100755 index 000000000..7dc1e6a7d --- /dev/null +++ b/test/features/2.2.exp @@ -0,0 +1,105 @@ +#!/usr/bin/expect -f +# +# DNS +# + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# +# N +# +send -- "firejail --noprofile --dns=4.2.2.1\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "dig google.com\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "ANSWER SECTION" +} +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 1.3\n";exit} + "SERVER: 4.2.2.1" +} +after 100 +send -- "exit\r" +sleep 1 + + +# +# O +# +send -- "firejail --noprofile --dns=4.2.2.1 --overlay\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "dig google.com\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "ANSWER SECTION" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 3.2\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 3.3\n";exit} + "SERVER: 4.2.2.1" +} +after 100 +send -- "exit\r" +sleep 1 + +# +# C +# +send -- "firejail --noprofile --dns=4.2.2.1 --chroot=/tmp/chroot\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "dig google.com\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "ANSWER SECTION" +} +expect { + timeout {puts "TESTING ERROR 5.1\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 5.2\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 5.3\n";exit} + "SERVER: 4.2.2.1" +} +after 100 +send -- "exit\r" +sleep 1 + + +puts "\nall done\n" diff --git a/test/features/2.3.exp b/test/features/2.3.exp new file mode 100755 index 000000000..a70005781 --- /dev/null +++ b/test/features/2.3.exp @@ -0,0 +1,309 @@ +#!/usr/bin/expect -f +# +# mac-vlan +# + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# +# N +# +send -- "firejail --noprofile --net=eth0\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "dig google.com\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "ANSWER SECTION" +} +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 1.3\n";exit} + "SERVER:" +} +after 100 + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 1.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 1.5n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 1.6\n";exit} + "192.168.1" +} +expect { + timeout {puts "TESTING ERROR 1.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + +send -- "firejail --noprofile --net=eth0 --ip=192.168.1.244\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "dig google.com\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "ANSWER SECTION" +} +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 1.3\n";exit} + "SERVER:" +} +after 100 + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 1.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 1.5n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 1.6\n";exit} + "192.168.1.244" +} +expect { + timeout {puts "TESTING ERROR 1.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + +# +# O +# +send -- "firejail --noprofile --net=eth0 --overlay\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "dig google.com\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "ANSWER SECTION" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 3.2\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 3.3\n";exit} + "SERVER" +} +after 100 + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 3.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 3.5\n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 3.6\n";exit} + "192.168.1" +} +expect { + timeout {puts "TESTING ERROR 3.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + +send -- "firejail --noprofile --net=eth0 --ip=192.168.1.244 --overlay\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "dig google.com\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "ANSWER SECTION" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 3.2\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 3.3\n";exit} + "SERVER" +} +after 100 + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 3.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 3.5\n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 3.6\n";exit} + "192.168.1.244" +} +expect { + timeout {puts "TESTING ERROR 3.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + + +# +# C +# +send -- "firejail --noprofile --net=eth0 --chroot=/tmp/chroot\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "dig google.com\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "ANSWER SECTION" +} +expect { + timeout {puts "TESTING ERROR 5.1\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 5.2\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 5.3\n";exit} + "SERVER:" +} +after 100 + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 5.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 5.5\n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 5.6\n";exit} + "192.168.1" +} +expect { + timeout {puts "TESTING ERROR 5.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + +send -- "firejail --noprofile --net=eth0 --ip=192.168.1.244 --chroot=/tmp/chroot\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "dig google.com\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "ANSWER SECTION" +} +expect { + timeout {puts "TESTING ERROR 5.1\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 5.2\n";exit} + "google.com" +} +expect { + timeout {puts "TESTING ERROR 5.3\n";exit} + "SERVER:" +} +after 100 + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 5.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 5.5\n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 5.6\n";exit} + "192.168.1.244" +} +expect { + timeout {puts "TESTING ERROR 5.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + + +puts "\nall done\n" diff --git a/test/features/2.4.exp b/test/features/2.4.exp new file mode 100755 index 000000000..a995322b9 --- /dev/null +++ b/test/features/2.4.exp @@ -0,0 +1,232 @@ +#!/usr/bin/expect -f +# +# bridge +# - todo: ping test or equivalent on chroot +# + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# +# N +# +send -- "firejail --noprofile --net=br0\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ping -c 3 10.10.20.1\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + " packets transmitted, 3 received, 0% packet loss" +} +sleep 1 + + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 1.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 1.5n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 1.6\n";exit} + "10.10.20" +} +expect { + timeout {puts "TESTING ERROR 1.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + +send -- "firejail --noprofile --net=br0 --ip=10.10.20.4\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ping -c 3 10.10.20.1\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + " packets transmitted, 3 received, 0% packet loss" +} +sleep 1 + + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 1.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 1.5n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 1.6\n";exit} + "10.10.20.4" +} +expect { + timeout {puts "TESTING ERROR 1.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + + +# +# O +# +send -- "firejail --noprofile --net=br0 --overlay\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ping -c 3 10.10.20.1\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + " packets transmitted, 3 received, 0% packet loss" +} +sleep 1 + + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 3.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 3.5\n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 3.6\n";exit} + "10.10.20" +} +expect { + timeout {puts "TESTING ERROR 3.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + +send -- "firejail --noprofile --net=br0 --ip=10.10.20.4 --overlay\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ping -c 3 10.10.20.1\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + " packets transmitted, 3 received, 0% packet loss" +} +sleep 1 + + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 3.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 3.5\n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 3.6\n";exit} + "10.10.20.4" +} +expect { + timeout {puts "TESTING ERROR 3.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + + + +# +# C +# +send -- "firejail --noprofile --net=br0 --chroot=/tmp/chroot\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 5.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 5.5\n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 5.6\n";exit} + "10.10.20" +} +expect { + timeout {puts "TESTING ERROR 5.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + +send -- "firejail --noprofile --net=br0 --ip=10.10.20.4 --chroot=/tmp/chroot\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 5.4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 5.5\n";exit} + "Link" +} +expect { + timeout {puts "TESTING ERROR 5.6\n";exit} + "10.10.20.4" +} +expect { + timeout {puts "TESTING ERROR 5.7\n";exit} + "UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1" +} +after 100 + +send -- "exit\r" +sleep 1 + + + + +puts "\nall done\n" diff --git a/test/features/features.txt b/test/features/features.txt index 3342a1635..62f4d8adc 100644 --- a/test/features/features.txt +++ b/test/features/features.txt @@ -43,7 +43,7 @@ C - chroot filesystem 2. Networking features -2.1 Hostname (use --hostname=bingo, do a ping and cat /etc/hostname) +2.1 Hostname (use --hostname=newhostname, do a ping and cat /etc/hostname) - N, O, C - ping disabled for C by default seccomp filter, use "getent hosts bingo" @@ -52,15 +52,14 @@ C - chroot filesystem 2.3 mac-vlan (use --net=eth0 and --noprofile; run ifconfig and dig google.com) - N, O, C + - test --ip: N, O, C 2.4 bridge (use --net=br0 and --noprofile; run ifconfig, netstat -rn, ping default gw) - N, O, C - - ping disabled for C by default seccomp filter + - ping disabled for C by default seccomp filter - transfer test not implemented for C + - test --ip: N, O, C -2.5 IP address (--noprofile --net=eth0 --ip=192.168.1.226 --net=br0 --ip=10.10.20.3, run ifconfig and netstat -rn) - - N, O, C - -2.6 Default gw (--noprofile --net=eth0 --defaultgw=192.168.1.10, run netstat -rn) +2.5 Default gw (--noprofile --net=eth0 --defaultgw=192.168.1.10, run netstat -rn) - N, O, C diff --git a/test/features/test.sh b/test/features/test.sh index 341126a09..42b59f383 100755 --- a/test/features/test.sh +++ b/test/features/test.sh @@ -28,3 +28,15 @@ echo "TESTING: 1.8 disable /etc/firejail and ~/.config/firejail" echo "TESTING: 1.10 disable /selinux" ./1.10.exp + +echo "TESTING: 2.1 hostname" +./2.1.exp + +echo "TESTING: 2.2 DNS" +./2.2.exp + +echo "TESTING: 2.3 mac-vlan" +./2.3.exp + +echo "TESTING: 2.4 bridge" +./2.4.exp -- cgit v1.2.3-54-g00ecf