From 1cb8ef59101eeaa1b325fb7f881ded148b0de1d3 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 31 Oct 2015 13:07:38 -0400 Subject: --chroot testing --- test/configure | 4 ++- test/fs_chroot.exp | 17 +++++++-- test/fs_chroot_asroot.exp | 91 +++++++++++++++++++++++++++++++++++++++++++++++ test/test-root.sh | 6 ++-- test/trace.exp | 2 +- 5 files changed, 113 insertions(+), 7 deletions(-) create mode 100755 test/fs_chroot_asroot.exp (limited to 'test') diff --git a/test/configure b/test/configure index 17bb22e1b..01f0c6ff0 100755 --- a/test/configure +++ b/test/configure @@ -22,7 +22,7 @@ ROOTDIR="/tmp/chroot" # default chroot directory DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc -DEFAULT_FILES+=" /bin/ls /bin/cat /bin/ps /usr/bin/id /usr/bin/whoami /usr/bin/wc /usr/bin/wget" +DEFAULT_FILES+=" /bin/ls /bin/cat /bin/ps /usr/bin/id /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" rm -fr $ROOTDIR mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,proc} @@ -33,6 +33,8 @@ do done cp --parents /lib64/ld-linux-x86-64.so.2 $ROOTDIR cp --parents /lib/ld-linux.so.2 $ROOTDIR +cp ../src/tools/unchroot $ROOTDIR/. +touch $ROOTDIR/this-is-my-chroot cd $ROOTDIR; find . mkdir -p usr/lib/firejail/ diff --git a/test/fs_chroot.exp b/test/fs_chroot.exp index 448a00a7a..4ddf8d32a 100755 --- a/test/fs_chroot.exp +++ b/test/fs_chroot.exp @@ -4,7 +4,7 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail --noprofile --chroot=/tmp/chroot\r" +send -- "firejail --chroot=/tmp/chroot\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" @@ -13,12 +13,24 @@ sleep 1 send -- "cd /home;pwd\r" expect { - timeout {puts "TESTING ERROR 3\n";exit} + timeout {puts "TESTING ERROR 0.1\n";exit} "home" } sleep 1 send -- "bash\r" sleep 1 +send -- "ls /; pwd\r" +expect { + timeout {puts "TESTING ERROR 0.2\n";exit} + "this-is-my-chroot" +} +expect { + timeout {puts "TESTING ERROR 0.3\n";exit} + "home" +} + + + send -- "ps aux; pwd\r" expect { timeout {puts "TESTING ERROR 1\n";exit} @@ -50,5 +62,6 @@ expect { } sleep 1 + puts "all done\n" diff --git a/test/fs_chroot_asroot.exp b/test/fs_chroot_asroot.exp new file mode 100755 index 000000000..7e18153e0 --- /dev/null +++ b/test/fs_chroot_asroot.exp @@ -0,0 +1,91 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --chroot=/tmp/chroot\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "cd /home;pwd\r" +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "home" +} +sleep 1 +send -- "bash\r" +sleep 1 +send -- "ls /; pwd\r" +expect { + timeout {puts "TESTING ERROR 0.2\n";exit} + "this-is-my-chroot" +} +expect { + timeout {puts "TESTING ERROR 0.3\n";exit} + "home" +} + +send -- "umount /boot; pwd\r" +expect { + timeout {puts "TESTING ERROR 0.4\n";exit} + "Bad system call" +} +expect { + timeout {puts "TESTING ERROR 0.5\n";exit} + "home" +} + +send -- "/unchroot; pwd\r" +expect { + timeout {puts "TESTING ERROR 0.6\n";exit} + "Bad system call" +} +expect { + timeout {puts "TESTING ERROR 0.7\n";exit} + "home" +} + + + + + +send -- "ps aux; pwd\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "/bin/bash" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "bash" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "ps aux" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "home" +} +sleep 1 + + +send -- "ps aux |wc -l; pwd\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "5" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "home" +} +sleep 1 + + + + +puts "all done\n" + diff --git a/test/test-root.sh b/test/test-root.sh index fcfe32a58..94ac3447d 100755 --- a/test/test-root.sh +++ b/test/test-root.sh @@ -5,6 +5,9 @@ echo "TESTING: network interfaces" ./net_interface.exp +echo "TESTING: chroot" +./fs_chroot_asroot.exp + echo "TESTING: servers rsyslogd, sshd, nginx" ./servers.exp @@ -46,9 +49,6 @@ echo hello > tmpfile ./option_bind_file.exp rm -f tmpfile -echo "TESTING: chroot" -./fs_chroot.exp - echo "TESTING: firemon --interface" ./firemon-interface.exp diff --git a/test/trace.exp b/test/trace.exp index bca3ac3b3..2b5003d83 100755 --- a/test/trace.exp +++ b/test/trace.exp @@ -91,5 +91,5 @@ expect { sleep 1 -puts "\n" +puts "\nall done\n" -- cgit v1.2.3-54-g00ecf