From 57bea6c8c4d1bd666ce57057b1cbb681b3cc4afc Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 3 May 2016 08:41:24 -0400 Subject: networking features testing --- test/4bridges_arp.exp | 170 ----------------------------------- test/4bridges_ip.exp | 174 ------------------------------------ test/bandwidth.exp | 62 ------------- test/hostname.exp | 25 ------ test/ip6.exp | 43 --------- test/ipv6.net | 8 -- test/net-profile.profile | 10 --- test/net_arp.exp | 71 --------------- test/net_badip.exp | 16 ---- test/net_defaultgw.exp | 46 ---------- test/net_defaultgw2.exp | 40 --------- test/net_defaultgw3.exp | 17 ---- test/net_interface.exp | 88 ------------------ test/net_ip.exp | 72 --------------- test/net_local.exp | 45 ---------- test/net_mac.exp | 36 -------- test/net_macvlan.exp | 88 ------------------ test/net_mtu.exp | 30 ------- test/net_netfilter.exp | 88 ------------------ test/net_noip.exp | 41 --------- test/net_noip2.exp | 41 --------- test/net_none.exp | 68 -------------- test/net_none.profile | 1 - test/net_profile.exp | 73 --------------- test/netfilter.filter | 6 -- test/netfilter.profile | 1 - test/network/4bridges_arp.exp | 170 +++++++++++++++++++++++++++++++++++ test/network/4bridges_ip.exp | 174 ++++++++++++++++++++++++++++++++++++ test/network/bandwidth.exp | 62 +++++++++++++ test/network/hostname.exp | 25 ++++++ test/network/ip6.exp | 43 +++++++++ test/network/ipv6.net | 8 ++ test/network/net-profile.profile | 10 +++ test/network/net_arp.exp | 71 +++++++++++++++ test/network/net_badip.exp | 16 ++++ test/network/net_defaultgw.exp | 46 ++++++++++ test/network/net_defaultgw2.exp | 40 +++++++++ test/network/net_defaultgw3.exp | 17 ++++ test/network/net_interface.exp | 88 ++++++++++++++++++ test/network/net_ip.exp | 72 +++++++++++++++ test/network/net_local.exp | 45 ++++++++++ test/network/net_mac.exp | 36 ++++++++ test/network/net_macvlan.exp | 88 ++++++++++++++++++ test/network/net_mtu.exp | 30 +++++++ test/network/net_netfilter.exp | 88 ++++++++++++++++++ test/network/net_noip.exp | 41 +++++++++ test/network/net_noip2.exp | 41 +++++++++ test/network/net_none.exp | 68 ++++++++++++++ test/network/net_none.profile | 1 + test/network/net_profile.exp | 73 +++++++++++++++ test/network/netfilter.filter | 6 ++ test/network/netfilter.profile | 1 + test/profile_followlnk.exp | 68 -------------- test/profile_noperm.exp | 13 --- test/profile_readonly.exp | 64 ------------- test/profiles/profile_followlnk.exp | 37 ++++++++ test/profiles/profile_noperm.exp | 13 +++ test/profiles/profile_readonly.exp | 36 ++++++++ test/profiles/profiles.sh | 9 ++ test/profiles/readonly-lnk.profile | 2 + test/profiles/readonly.profile | 2 + test/readonly-lnk.profile | 2 - test/readonly.profile | 2 - test/test.sh | 11 --- 64 files changed, 1459 insertions(+), 1520 deletions(-) delete mode 100755 test/4bridges_arp.exp delete mode 100755 test/4bridges_ip.exp delete mode 100755 test/bandwidth.exp delete mode 100755 test/hostname.exp delete mode 100755 test/ip6.exp delete mode 100644 test/ipv6.net delete mode 100644 test/net-profile.profile delete mode 100755 test/net_arp.exp delete mode 100755 test/net_badip.exp delete mode 100755 test/net_defaultgw.exp delete mode 100755 test/net_defaultgw2.exp delete mode 100755 test/net_defaultgw3.exp delete mode 100755 test/net_interface.exp delete mode 100755 test/net_ip.exp delete mode 100755 test/net_local.exp delete mode 100755 test/net_mac.exp delete mode 100755 test/net_macvlan.exp delete mode 100755 test/net_mtu.exp delete mode 100755 test/net_netfilter.exp delete mode 100755 test/net_noip.exp delete mode 100755 test/net_noip2.exp delete mode 100755 test/net_none.exp delete mode 100644 test/net_none.profile delete mode 100755 test/net_profile.exp delete mode 100644 test/netfilter.filter delete mode 100644 test/netfilter.profile create mode 100755 test/network/4bridges_arp.exp create mode 100755 test/network/4bridges_ip.exp create mode 100755 test/network/bandwidth.exp create mode 100755 test/network/hostname.exp create mode 100755 test/network/ip6.exp create mode 100644 test/network/ipv6.net create mode 100644 test/network/net-profile.profile create mode 100755 test/network/net_arp.exp create mode 100755 test/network/net_badip.exp create mode 100755 test/network/net_defaultgw.exp create mode 100755 test/network/net_defaultgw2.exp create mode 100755 test/network/net_defaultgw3.exp create mode 100755 test/network/net_interface.exp create mode 100755 test/network/net_ip.exp create mode 100755 test/network/net_local.exp create mode 100755 test/network/net_mac.exp create mode 100755 test/network/net_macvlan.exp create mode 100755 test/network/net_mtu.exp create mode 100755 test/network/net_netfilter.exp create mode 100755 test/network/net_noip.exp create mode 100755 test/network/net_noip2.exp create mode 100755 test/network/net_none.exp create mode 100644 test/network/net_none.profile create mode 100755 test/network/net_profile.exp create mode 100644 test/network/netfilter.filter create mode 100644 test/network/netfilter.profile delete mode 100755 test/profile_followlnk.exp delete mode 100755 test/profile_noperm.exp delete mode 100755 test/profile_readonly.exp create mode 100755 test/profiles/profile_followlnk.exp create mode 100755 test/profiles/profile_noperm.exp create mode 100755 test/profiles/profile_readonly.exp create mode 100644 test/profiles/readonly-lnk.profile create mode 100644 test/profiles/readonly.profile delete mode 100644 test/readonly-lnk.profile delete mode 100644 test/readonly.profile (limited to 'test') diff --git a/test/4bridges_arp.exp b/test/4bridges_arp.exp deleted file mode 100755 index 6a3e6db2a..000000000 --- a/test/4bridges_arp.exp +++ /dev/null @@ -1,170 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check eth0 -send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 0.0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - "10.10.20" -} -expect { - timeout {puts "TESTING ERROR 0.2\n";exit} - "255.255.255.248" -} -expect { - timeout {puts "TESTING ERROR 0.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 0.4\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 2 - -# check eth1 -send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 1.0\n";exit} - "eth1" -} -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "10.10.30" -} -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 2 - - -# check eth2 -send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 2.0\n";exit} - "eth2" -} -expect { - timeout {puts "TESTING ERROR 2.1\n";exit} - "10.10.40" -} -expect { - timeout {puts "TESTING ERROR 2.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 2.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 2.4\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 2 - - - -# check eth3 -send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 3.0\n";exit} - "eth3" -} -expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "10.10.50" -} -expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 2 - - - - -# check loopback -send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3 --protocol=unix,inet,netlink\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "lo" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "127.0.0.1" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "255.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "Child process initialized" -} -sleep 1 - -# check default gateway -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.1\n";exit} - "default via 10.10.20.1 dev eth0" -} -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.0/29 dev eth0 proto kernel scope link" -} -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.30.0/24 dev eth1 proto kernel scope link" -} -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.40.0/24 dev eth2 proto kernel scope link" -} -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.50.0/24 dev eth3 proto kernel scope link" -} -sleep 1 - -puts "\nall done\n" - diff --git a/test/4bridges_ip.exp b/test/4bridges_ip.exp deleted file mode 100755 index 8068aeebb..000000000 --- a/test/4bridges_ip.exp +++ /dev/null @@ -1,174 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check eth0 -send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 0.0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - "10.10.20" -} -expect { - timeout {puts "TESTING ERROR 0.2\n";exit} - "255.255.255.248" -} -expect { - timeout {puts "TESTING ERROR 0.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 0.4\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 2 - -# check eth1 -send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 1.0\n";exit} - "eth1" -} -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "10.10.30.50" -} -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 2 - - -# check eth2 -send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 2.0\n";exit} - "eth2" -} -expect { - timeout {puts "TESTING ERROR 2.1\n";exit} - "10.10.40.100" -} -expect { - timeout {puts "TESTING ERROR 2.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 2.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 2.4\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 2 - - - -# check eth3 -send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" -expect { - timeout {puts "TESTING ERROR 3.0\n";exit} - "eth3" -} -expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "10.10.50" -} -expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - "255.255.255.0" -} -expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 2 - - - - -# check loopback -send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3 --protocol=unix,inet,netlink\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "lo" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "127.0.0.1" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "255.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "Child process initialized" -} - -# check default gateway -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.1\n";exit} - "default via 10.10.20.1 dev eth0" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.0/29 dev eth0 proto kernel scope link" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.3\n";exit} - "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.4\n";exit} - "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.5\n";exit} - "10.10.50.0/24 dev eth3 proto kernel scope link" -} - -sleep 1 - -puts "\nall done\n" - diff --git a/test/bandwidth.exp b/test/bandwidth.exp deleted file mode 100755 index 33b351296..000000000 --- a/test/bandwidth.exp +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --name=test --net=br0\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Child process initialized" -} -sleep 2 - -spawn $env(SHELL) -send -- "firejail --bandwidth=test status\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "qdisc noqueue 0: dev eth0" -} -sleep 1 - -send -- "firejail --bandwidth=test set br0 50 10\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "Configuring interface eth0" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "configuring tc ingress" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "configuring tc egress" -} - -send -- "firejail --bandwidth=test status\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "dev eth0" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "rate 80Kbit burst 10Kb" -} -sleep 1 - -send -- "firejail --bandwidth=test clear br0\r" -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "Removing bandwith limits" -} -sleep 1 - -send -- "firejail --bandwidth=test status; pwd\r" -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit} - "home" {puts "ok\n"} -} -sleep 1 - -puts "\nall done\n" diff --git a/test/hostname.exp b/test/hostname.exp deleted file mode 100755 index 4e5c7e073..000000000 --- a/test/hostname.exp +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --hostname=baluba --noprofile\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "ping -c 3 baluba;pwd\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "3 packets transmitted, 3 received" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "home" -} -sleep 1 - -puts "all done\n" diff --git a/test/ip6.exp b/test/ip6.exp deleted file mode 100755 index fba47d095..000000000 --- a/test/ip6.exp +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --debug --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 --netfilter6=ipv6.net\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Installing network filter" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "DROP" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "2001:db8:1f0a:3ec::2" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "Child process initialized" -} -sleep 2 - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "inet6" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "2001:db8:0:f101::1" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "Scope:Global" { puts "Debian\n"} - "scopeid 0x0" { puts "Arch\n"} -} - - -puts "\nall done\n" - diff --git a/test/ipv6.net b/test/ipv6.net deleted file mode 100644 index cc8f22943..000000000 --- a/test/ipv6.net +++ /dev/null @@ -1,8 +0,0 @@ -# Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016 -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP -COMMIT -# Completed on Wed Jan 13 10:53:40 2016 diff --git a/test/net-profile.profile b/test/net-profile.profile deleted file mode 100644 index 05052b6dc..000000000 --- a/test/net-profile.profile +++ /dev/null @@ -1,10 +0,0 @@ -net br0 -mac 00:11:22:33:44:55 -mtu 1000 -net br1 -ip 10.10.30.50 -net br2 -ip 10.10.40.100 -net br3 -defaultgw 10.10.20.2 - diff --git a/test/net_arp.exp b/test/net_arp.exp deleted file mode 100755 index 9e07744f3..000000000 --- a/test/net_arp.exp +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Child process initialized" -} -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Child process initialized" -} -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "Child process initialized" -} -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "Child process initialized" -} -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Child process initialized" -} - -# will fail -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 5n";exit} - "cannot assign an IP address" -} - -send -- "firejail --net=br0 sleep 20 &\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "cannot assign an IP address" -} - -# check firejail --list -send -- "firejail --list\r" -expect { - timeout {puts "TESTING ERROR 7.1\n";exit} - "sleep 20" -} -expect { - timeout {puts "TESTING ERROR 7.2\n";exit} - "sleep 20" -} -expect { - timeout {puts "TESTING ERROR 7.3\n";exit} - "sleep 20" -} -expect { - timeout {puts "TESTING ERROR 7.4\n";exit} - "sleep 20" -} -expect { - timeout {puts "TESTING ERROR 7.5\n";exit} - "sleep 20" -} - -# wait for snadboxes to be shutdown -sleep 30 -puts "\n" diff --git a/test/net_badip.exp b/test/net_badip.exp deleted file mode 100755 index 71b69e104..000000000 --- a/test/net_badip.exp +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check eth0 -send -- "firejail --net=br0 --net=br1 --ip=10.100.10.47\r" -expect { - timeout {puts "TESTING ERROR 0.0\n";exit} - "the IP address is not" -} -sleep 1 - -puts "\n" - diff --git a/test/net_defaultgw.exp b/test/net_defaultgw.exp deleted file mode 100755 index 840f2ccac..000000000 --- a/test/net_defaultgw.exp +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2 --protocol=unix,inet,netlink\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "10.10.20.5" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "255.255.255.248" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Child process initialized" -} -sleep 1 - -# check default gateway -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.1\n";exit} - "default via 10.10.20.2 dev eth0" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.0/29 dev eth0 proto kernel scope link" -} -sleep 1 - -puts "\nall done\n" - diff --git a/test/net_defaultgw2.exp b/test/net_defaultgw2.exp deleted file mode 100755 index db14e17cb..000000000 --- a/test/net_defaultgw2.exp +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89 --protocol=unix,inet,netlink\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth1" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Child process initialized" -} -sleep 1 - -# check default gateway -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.1\n";exit} - "default via 10.10.30.89 dev eth1" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.2\n";exit} - "10.10.20.0/29 dev eth0 proto kernel scope link" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.3\n";exit} - "10.10.30.0/24 dev eth1 proto kernel scope link" -} -sleep 1 - -puts "\nall done\n" - diff --git a/test/net_defaultgw3.exp b/test/net_defaultgw3.exp deleted file mode 100755 index 64da9dfca..000000000 --- a/test/net_defaultgw3.exp +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.95.89\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "default gateway 10.10.95.89 is not in the range of any network" -} - -sleep 1 - -puts "\n" - diff --git a/test/net_interface.exp b/test/net_interface.exp deleted file mode 100755 index 4b55187ff..000000000 --- a/test/net_interface.exp +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "ip link add link eth0 name eth0.100 type vlan id 100\r" -sleep 1 -send -- "ip link add link eth0 name eth0.101 type vlan id 101\r" -sleep 1 -send -- "ip link add link eth0 name eth0.102 type vlan id 102\r" -sleep 1 -send -- "ip link add link eth0 name eth0.103 type vlan id 103\r" -sleep 1 -send -- "ip link add link eth0 name eth0.104 type vlan id 104\r" -sleep 1 -puts "\n" - -send -- "/sbin/ifconfig eth0.100 10.200.0.1/24\r" -sleep 1 -send -- "/sbin/ifconfig eth0.101 10.200.1.1/24\r" -sleep 1 -send -- "/sbin/ifconfig eth0.102 10.200.2.1/24\r" -sleep 1 -send -- "/sbin/ifconfig eth0.103 10.200.3.1/24\r" -sleep 1 -send -- "/sbin/ifconfig eth0.104 10.200.4.1/24\r" -sleep 1 -puts "\n" - - - -send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103 --interface=eth0.104\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "maximum 4 interfaces are allowed" -} -sleep 1 - -send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "eth0.100" -} -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "eth0.101" -} -expect { - timeout {puts "TESTING ERROR 2.2\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "eth0.102" -} -expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "eth0.103" -} -expect { - timeout {puts "TESTING ERROR 4.1\n";exit} - "UP" -} -sleep 1 -send -- "exit\r" -sleep 1 - -send -- "firejail --noprofile --interface=eth0.104\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth0.104" -} -expect { - timeout {puts "TESTING ERROR 5.1\n";exit} - "UP" -} - -puts "all done\n" - diff --git a/test/net_ip.exp b/test/net_ip.exp deleted file mode 100755 index f5d487ecc..000000000 --- a/test/net_ip.exp +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --net=br0 --ip=10.10.20.5\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "10.10.20.5" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "255.255.255.248" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 2 - -# check loopback -send -- "firejail --net=br0 --ip=10.10.20.5 --protocol=unix,inet,netlink\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "lo" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "127.0.0.1" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "255.0.0.0" -} -expect { - timeout {puts "TESTING ERROR 8\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "Child process initialized" -} -sleep 1 - -# check default gateway -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10.1\n";exit} - "default via 10.10.20.1 dev eth0" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 10\n";exit} - "10.10.20.0/29 dev eth0 proto kernel scope link" -} -sleep 1 - -puts "\n" - diff --git a/test/net_local.exp b/test/net_local.exp deleted file mode 100755 index 642213658..000000000 --- a/test/net_local.exp +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --noprofile --debug\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Using the local network stack" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 2 - -# check loopback -send -- "firejail --noprofile\r" -expect { - timeout {puts "TESTING ERROR 9\n";exit} - "Child process initialized" -} -sleep 1 - - -send -- "/sbin/ifconfig\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "lo" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "127.0.0.1" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "255.0.0.0" -} - -puts "all done\n" - diff --git a/test/net_mac.exp b/test/net_mac.exp deleted file mode 100755 index 076634730..000000000 --- a/test/net_mac.exp +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --net=br0 --ip=10.10.20.5 --mac=00:11:22:33:44:55\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - "00:11:22:33:44:55" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "10.10.20.5" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "255.255.255.248" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Child process initialized" -} -sleep 1 - -puts "\nall done\n" - diff --git a/test/net_macvlan.exp b/test/net_macvlan.exp deleted file mode 100755 index 20d022de9..000000000 --- a/test/net_macvlan.exp +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check the existing address -spawn $env(SHELL) -send -- "firejail --net=eth0 --ip=192.168.1.60\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";puts "Please open a sandbox on 192.168.1.60\n";exit} - "the address 192.168.1.60 is already in use" -} - - - -# grab 30 ip addresses -set MAXi 229 -set i 200 -while { $i <= $MAXi } { - spawn $env(SHELL) - send -- "firejail --net=eth0 --ip=192.168.1.$i\r" - expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Child process initialized" - } - incr i - after 100 -} - - -# check an existing address -spawn $env(SHELL) -send -- "firejail --net=eth0 --ip=192.168.1.200\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "the address 192.168.1.200 is already in use" -} - - -set MAXi 254 -set i 2 -while { $i <= $MAXi } { - spawn $env(SHELL) - send -- "firejail --net=eth0\r" - expect { - timeout {puts "TESTING ERROR 2.1\n";exit} - "192.168.1.60" {puts "TESTING ERROR 2.2\n";exit} - "192.168.1.200" {puts "TESTING ERROR 3\n";exit} - "192.168.1.201" {puts "TESTING ERROR 3\n";exit} - "192.168.1.202" {puts "TESTING ERROR 3\n";exit} - "192.168.1.203" {puts "TESTING ERROR 3\n";exit} - "192.168.1.204" {puts "TESTING ERROR 3\n";exit} - "192.168.1.205" {puts "TESTING ERROR 3\n";exit} - "192.168.1.206" {puts "TESTING ERROR 3\n";exit} - "192.168.1.207" {puts "TESTING ERROR 3\n";exit} - "192.168.1.208" {puts "TESTING ERROR 3\n";exit} - "192.168.1.209" {puts "TESTING ERROR 3\n";exit} - "192.168.1.210" {puts "TESTING ERROR 3\n";exit} - "192.168.1.211" {puts "TESTING ERROR 3\n";exit} - "192.168.1.212" {puts "TESTING ERROR 3\n";exit} - "192.168.1.213" {puts "TESTING ERROR 3\n";exit} - "192.168.1.214" {puts "TESTING ERROR 3\n";exit} - "192.168.1.215" {puts "TESTING ERROR 3\n";exit} - "192.168.1.216" {puts "TESTING ERROR 3\n";exit} - "192.168.1.217" {puts "TESTING ERROR 3\n";exit} - "192.168.1.218" {puts "TESTING ERROR 3\n";exit} - "192.168.1.219" {puts "TESTING ERROR 3\n";exit} - "192.168.1.220" {puts "TESTING ERROR 3\n";exit} - "192.168.1.221" {puts "TESTING ERROR 3\n";exit} - "192.168.1.222" {puts "TESTING ERROR 3\n";exit} - "192.168.1.223" {puts "TESTING ERROR 3\n";exit} - "192.168.1.224" {puts "TESTING ERROR 3\n";exit} - "192.168.1.225" {puts "TESTING ERROR 3\n";exit} - "192.168.1.226" {puts "TESTING ERROR 3\n";exit} - "192.168.1.227" {puts "TESTING ERROR 3\n";exit} - "192.168.1.228" {puts "TESTING ERROR 3\n";exit} - "192.168.1.229" {puts "TESTING ERROR 3\n";exit} - "Child process initialized" - } - puts "************ $i ******************\n" - incr i - after 100 -# sleep 1 -} - -puts "\n" - diff --git a/test/net_mtu.exp b/test/net_mtu.exp deleted file mode 100755 index 7943b2866..000000000 --- a/test/net_mtu.exp +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --net=br0 --mtu=1000 --noprofile\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "ip link show\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "mtu 1000" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "state UP" -} - -puts "\nall done\n" - diff --git a/test/net_netfilter.exp b/test/net_netfilter.exp deleted file mode 100755 index 989fcc407..000000000 --- a/test/net_netfilter.exp +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check default netfilter on br0 -send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Installing network filter" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Chain INPUT (policy DROP" -} -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "ACCEPT all -- any any anywhere" -} -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "ACCEPT icmp -- any any anywhere" -} -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 1 - -# check default netfilter no new network -send -- "firejail --debug --noprofile --netfilter\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "Installing network filter" {puts "TESTING ERROR 5.1\n";exit} - "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit} - "ACCEPT all -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} - "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} - "Child process initialized" -} -sleep 2 -send -- "exit\r" -sleep 1 - -# check file filter netfilter on br0 -send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "Installing network filter" -} -expect { - timeout {puts "TESTING ERROR 6.1\n";exit} - "Child process initialized" -} -sleep 2 -send -- "ping -c 1 -w 3 10.10.20.1\r" -expect { - timeout {puts "TESTING ERROR 6.2\n";exit} - "0 received, 100% packet loss" -} - -send -- "exit\r" -sleep 1 - -# check profile netfilter on br0 -send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r" -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "Installing network filter" -} -expect { - timeout {puts "TESTING ERROR 7.1\n";exit} - "Child process initialized" -} -sleep 2 -send -- "ping -c 1 -w 3 10.10.20.1\r" -expect { - timeout {puts "TESTING ERROR 7.2\n";exit} - "0 received, 100% packet loss" -} - -send -- "exit\r" -after 100 - -puts "all done\n" - diff --git a/test/net_noip.exp b/test/net_noip.exp deleted file mode 100755 index 8d28adb39..000000000 --- a/test/net_noip.exp +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --noprofile --net=br0 --ip=none\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" {puts "TESTING ERROR 1\n";exit} - "Child process initialized" -} -sleep 1 -send -- "bash\r" -sleep 1 - -# no default gateway configured -send -- "netstat -rn;pwd\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "0.0.0.0" {puts "TESTING ERROR 3\n";exit} - "eth0" {puts "TESTING ERROR 4\n";exit} - "home" -} -sleep 1 - -# eth0 configured -send -- "/sbin/ifconfig;pwd\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "home" -} -after 100 - -puts "all done\n" - diff --git a/test/net_noip2.exp b/test/net_noip2.exp deleted file mode 100755 index 58f90422b..000000000 --- a/test/net_noip2.exp +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check ip address -send -- "firejail --noprofile --net=br1 --ip=none --defaultgw=10.10.30.78\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" {puts "TESTING ERROR 1\n";exit} - "Child process initialized" -} -sleep 1 -send -- "bash\r" -sleep 1 - -# no default gateway configured -send -- "netstat -rn;pwd\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "0.0.0.0" {puts "TESTING ERROR 3\n";exit} - "eth0" {puts "TESTING ERROR 4\n";exit} - "home" -} -sleep 1 - -# eth0 configured -send -- "/sbin/ifconfig;pwd\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "home" -} -after 100 - -puts "all done\n" - diff --git a/test/net_none.exp b/test/net_none.exp deleted file mode 100755 index 54b6cb946..000000000 --- a/test/net_none.exp +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# options -send -- "firejail --net=none\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "eth0" {puts "TESTING ERROR 0.1\n";exit} - "Child process initialized" -} -sleep 1 - -# test default gw -send -- "bash\r" -sleep 1 -send -- "netstat -rn; pwd\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "0.0.0.0" {puts "TESTING ERROR 1.1\n";exit} - "home" -} -sleep 1 - -# check again devices -send -- "cat /proc/1/net/dev;pwd\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "eth0" {puts "TESTING ERROR 2.1\n";exit} - "home" -} -send -- "exit\r" -sleep 1 -send -- "exit\r" -sleep 1 - -# profile -send -- "firejail --profile=net_none.profile\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "eth0" {puts "TESTING ERROR 3.1\n";exit} - "Child process initialized" -} -sleep 1 - -# test default gw -send -- "bash\r" -sleep 1 -send -- "netstat -rn; pwd\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "0.0.0.0" {puts "TESTING ERROR 4.1\n";exit} - "home" -} -sleep 1 - -# check again devices -send -- "cat /proc/1/net/dev;pwd\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "eth0" {puts "TESTING ERROR 5.1\n";exit} - "home" -} -sleep 1 - -puts "\n" diff --git a/test/net_none.profile b/test/net_none.profile deleted file mode 100644 index 079c08ea8..000000000 --- a/test/net_none.profile +++ /dev/null @@ -1 +0,0 @@ -net none diff --git a/test/net_profile.exp b/test/net_profile.exp deleted file mode 100755 index 37043c906..000000000 --- a/test/net_profile.exp +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -# check eth0 -send -- "firejail --profile=net-profile.profile\r" -expect { - timeout {puts "TESTING ERROR 0.0\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - "00:11:22:33:44:55" -} -expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - "10.10.20" -} -expect { - timeout {puts "TESTING ERROR 0.2\n";exit} - "255.255.255.248" -} -expect { - timeout {puts "TESTING ERROR 0.3\n";exit} - "UP" -} -expect { - timeout {puts "TESTING ERROR 0.4\n";exit} - "Child process initialized" -} -sleep 2 - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" -} - -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" -} - - -# check default gw -send -- "ip route show\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "default via 10.10.20.2 dev eth0" -} - -# check mtu -send -- "ip link show\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "eth0" -} -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "mtu 1000" -} -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "state UP" -} - -sleep 1 - -puts "\nall done\n" - diff --git a/test/netfilter.filter b/test/netfilter.filter deleted file mode 100644 index 3e232065c..000000000 --- a/test/netfilter.filter +++ /dev/null @@ -1,6 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -i lo -j ACCEPT -COMMIT diff --git a/test/netfilter.profile b/test/netfilter.profile deleted file mode 100644 index 824c6cd0f..000000000 --- a/test/netfilter.profile +++ /dev/null @@ -1 +0,0 @@ -netfilter netfilter.filter diff --git a/test/network/4bridges_arp.exp b/test/network/4bridges_arp.exp new file mode 100755 index 000000000..6a3e6db2a --- /dev/null +++ b/test/network/4bridges_arp.exp @@ -0,0 +1,170 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check eth0 +send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 0.0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "10.10.20" +} +expect { + timeout {puts "TESTING ERROR 0.2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 0.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 0.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + +# check eth1 +send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 1.0\n";exit} + "eth1" +} +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "10.10.30" +} +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 1.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 1.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + +# check eth2 +send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 2.0\n";exit} + "eth2" +} +expect { + timeout {puts "TESTING ERROR 2.1\n";exit} + "10.10.40" +} +expect { + timeout {puts "TESTING ERROR 2.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 2.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 2.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + + +# check eth3 +send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 3.0\n";exit} + "eth3" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "10.10.50" +} +expect { + timeout {puts "TESTING ERROR 3.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 3.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + + + +# check loopback +send -- "firejail --net=br0 --net=br1 --net=br2 --net=br3 --protocol=unix,inet,netlink\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "lo" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "255.0.0.0" +} +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Child process initialized" +} +sleep 1 + +# check default gateway +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.1\n";exit} + "default via 10.10.20.1 dev eth0" +} +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.20.0/29 dev eth0 proto kernel scope link" +} +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.30.0/24 dev eth1 proto kernel scope link" +} +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.40.0/24 dev eth2 proto kernel scope link" +} +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.50.0/24 dev eth3 proto kernel scope link" +} +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/4bridges_ip.exp b/test/network/4bridges_ip.exp new file mode 100755 index 000000000..8068aeebb --- /dev/null +++ b/test/network/4bridges_ip.exp @@ -0,0 +1,174 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check eth0 +send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 0.0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "10.10.20" +} +expect { + timeout {puts "TESTING ERROR 0.2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 0.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 0.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + +# check eth1 +send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 1.0\n";exit} + "eth1" +} +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "10.10.30.50" +} +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 1.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 1.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + +# check eth2 +send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 2.0\n";exit} + "eth2" +} +expect { + timeout {puts "TESTING ERROR 2.1\n";exit} + "10.10.40.100" +} +expect { + timeout {puts "TESTING ERROR 2.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 2.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 2.4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + + +# check eth3 +send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3\r" +expect { + timeout {puts "TESTING ERROR 3.0\n";exit} + "eth3" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "10.10.50" +} +expect { + timeout {puts "TESTING ERROR 3.2\n";exit} + "255.255.255.0" +} +expect { + timeout {puts "TESTING ERROR 3.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + + + + +# check loopback +send -- "firejail --net=br0 --net=br1 --ip=10.10.30.50 --net=br2 --ip=10.10.40.100 --net=br3 --protocol=unix,inet,netlink\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "lo" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "255.0.0.0" +} +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Child process initialized" +} + +# check default gateway +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.1\n";exit} + "default via 10.10.20.1 dev eth0" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.20.0/29 dev eth0 proto kernel scope link" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.3\n";exit} + "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.4\n";exit} + "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.5\n";exit} + "10.10.50.0/24 dev eth3 proto kernel scope link" +} + +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/bandwidth.exp b/test/network/bandwidth.exp new file mode 100755 index 000000000..33b351296 --- /dev/null +++ b/test/network/bandwidth.exp @@ -0,0 +1,62 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --name=test --net=br0\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 2 + +spawn $env(SHELL) +send -- "firejail --bandwidth=test status\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "qdisc noqueue 0: dev eth0" +} +sleep 1 + +send -- "firejail --bandwidth=test set br0 50 10\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Configuring interface eth0" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "configuring tc ingress" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "configuring tc egress" +} + +send -- "firejail --bandwidth=test status\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "dev eth0" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "rate 80Kbit burst 10Kb" +} +sleep 1 + +send -- "firejail --bandwidth=test clear br0\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "Removing bandwith limits" +} +sleep 1 + +send -- "firejail --bandwidth=test status; pwd\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "rate 80Kbit burst 10Kb" {puts "TESTING ERROR 9\n";exit} + "home" {puts "ok\n"} +} +sleep 1 + +puts "\nall done\n" diff --git a/test/network/hostname.exp b/test/network/hostname.exp new file mode 100755 index 000000000..4e5c7e073 --- /dev/null +++ b/test/network/hostname.exp @@ -0,0 +1,25 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --hostname=baluba --noprofile\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ping -c 3 baluba;pwd\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "3 packets transmitted, 3 received" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "home" +} +sleep 1 + +puts "all done\n" diff --git a/test/network/ip6.exp b/test/network/ip6.exp new file mode 100755 index 000000000..fba47d095 --- /dev/null +++ b/test/network/ip6.exp @@ -0,0 +1,43 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --debug --noprofile --net=br0 --ip6=2001:0db8:0:f101::1/64 --netfilter6=ipv6.net\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Installing network filter" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "DROP" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "2001:db8:1f0a:3ec::2" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Child process initialized" +} +sleep 2 + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "inet6" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "2001:db8:0:f101::1" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "Scope:Global" { puts "Debian\n"} + "scopeid 0x0" { puts "Arch\n"} +} + + +puts "\nall done\n" + diff --git a/test/network/ipv6.net b/test/network/ipv6.net new file mode 100644 index 000000000..cc8f22943 --- /dev/null +++ b/test/network/ipv6.net @@ -0,0 +1,8 @@ +# Generated by ip6tables-save v1.4.14 on Wed Jan 13 10:53:40 2016 +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -s 2001:db8:1f0a:3ec::2/128 -j DROP +COMMIT +# Completed on Wed Jan 13 10:53:40 2016 diff --git a/test/network/net-profile.profile b/test/network/net-profile.profile new file mode 100644 index 000000000..05052b6dc --- /dev/null +++ b/test/network/net-profile.profile @@ -0,0 +1,10 @@ +net br0 +mac 00:11:22:33:44:55 +mtu 1000 +net br1 +ip 10.10.30.50 +net br2 +ip 10.10.40.100 +net br3 +defaultgw 10.10.20.2 + diff --git a/test/network/net_arp.exp b/test/network/net_arp.exp new file mode 100755 index 000000000..9e07744f3 --- /dev/null +++ b/test/network/net_arp.exp @@ -0,0 +1,71 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Child process initialized" +} +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} + +# will fail +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 5n";exit} + "cannot assign an IP address" +} + +send -- "firejail --net=br0 sleep 20 &\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "cannot assign an IP address" +} + +# check firejail --list +send -- "firejail --list\r" +expect { + timeout {puts "TESTING ERROR 7.1\n";exit} + "sleep 20" +} +expect { + timeout {puts "TESTING ERROR 7.2\n";exit} + "sleep 20" +} +expect { + timeout {puts "TESTING ERROR 7.3\n";exit} + "sleep 20" +} +expect { + timeout {puts "TESTING ERROR 7.4\n";exit} + "sleep 20" +} +expect { + timeout {puts "TESTING ERROR 7.5\n";exit} + "sleep 20" +} + +# wait for snadboxes to be shutdown +sleep 30 +puts "\n" diff --git a/test/network/net_badip.exp b/test/network/net_badip.exp new file mode 100755 index 000000000..71b69e104 --- /dev/null +++ b/test/network/net_badip.exp @@ -0,0 +1,16 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check eth0 +send -- "firejail --net=br0 --net=br1 --ip=10.100.10.47\r" +expect { + timeout {puts "TESTING ERROR 0.0\n";exit} + "the IP address is not" +} +sleep 1 + +puts "\n" + diff --git a/test/network/net_defaultgw.exp b/test/network/net_defaultgw.exp new file mode 100755 index 000000000..840f2ccac --- /dev/null +++ b/test/network/net_defaultgw.exp @@ -0,0 +1,46 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --ip=10.10.20.5 --defaultgw=10.10.20.2 --protocol=unix,inet,netlink\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "10.10.20.5" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +# check default gateway +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.1\n";exit} + "default via 10.10.20.2 dev eth0" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.20.0/29 dev eth0 proto kernel scope link" +} +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/net_defaultgw2.exp b/test/network/net_defaultgw2.exp new file mode 100755 index 000000000..db14e17cb --- /dev/null +++ b/test/network/net_defaultgw2.exp @@ -0,0 +1,40 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.30.89 --protocol=unix,inet,netlink\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth1" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +# check default gateway +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.1\n";exit} + "default via 10.10.30.89 dev eth1" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.2\n";exit} + "10.10.20.0/29 dev eth0 proto kernel scope link" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.3\n";exit} + "10.10.30.0/24 dev eth1 proto kernel scope link" +} +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/net_defaultgw3.exp b/test/network/net_defaultgw3.exp new file mode 100755 index 000000000..64da9dfca --- /dev/null +++ b/test/network/net_defaultgw3.exp @@ -0,0 +1,17 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --net=br1 --defaultgw=10.10.95.89\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "default gateway 10.10.95.89 is not in the range of any network" +} + +sleep 1 + +puts "\n" + diff --git a/test/network/net_interface.exp b/test/network/net_interface.exp new file mode 100755 index 000000000..4b55187ff --- /dev/null +++ b/test/network/net_interface.exp @@ -0,0 +1,88 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "ip link add link eth0 name eth0.100 type vlan id 100\r" +sleep 1 +send -- "ip link add link eth0 name eth0.101 type vlan id 101\r" +sleep 1 +send -- "ip link add link eth0 name eth0.102 type vlan id 102\r" +sleep 1 +send -- "ip link add link eth0 name eth0.103 type vlan id 103\r" +sleep 1 +send -- "ip link add link eth0 name eth0.104 type vlan id 104\r" +sleep 1 +puts "\n" + +send -- "/sbin/ifconfig eth0.100 10.200.0.1/24\r" +sleep 1 +send -- "/sbin/ifconfig eth0.101 10.200.1.1/24\r" +sleep 1 +send -- "/sbin/ifconfig eth0.102 10.200.2.1/24\r" +sleep 1 +send -- "/sbin/ifconfig eth0.103 10.200.3.1/24\r" +sleep 1 +send -- "/sbin/ifconfig eth0.104 10.200.4.1/24\r" +sleep 1 +puts "\n" + + + +send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103 --interface=eth0.104\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "maximum 4 interfaces are allowed" +} +sleep 1 + +send -- "firejail --noprofile --interface=eth0.100 --interface=eth0.101 --interface=eth0.102 --interface=eth0.103\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "eth0.100" +} +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "eth0.101" +} +expect { + timeout {puts "TESTING ERROR 2.2\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "eth0.102" +} +expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "eth0.103" +} +expect { + timeout {puts "TESTING ERROR 4.1\n";exit} + "UP" +} +sleep 1 +send -- "exit\r" +sleep 1 + +send -- "firejail --noprofile --interface=eth0.104\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "eth0.104" +} +expect { + timeout {puts "TESTING ERROR 5.1\n";exit} + "UP" +} + +puts "all done\n" + diff --git a/test/network/net_ip.exp b/test/network/net_ip.exp new file mode 100755 index 000000000..f5d487ecc --- /dev/null +++ b/test/network/net_ip.exp @@ -0,0 +1,72 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --ip=10.10.20.5\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "10.10.20.5" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + +# check loopback +send -- "firejail --net=br0 --ip=10.10.20.5 --protocol=unix,inet,netlink\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "lo" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "255.0.0.0" +} +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Child process initialized" +} +sleep 1 + +# check default gateway +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10.1\n";exit} + "default via 10.10.20.1 dev eth0" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "10.10.20.0/29 dev eth0 proto kernel scope link" +} +sleep 1 + +puts "\n" + diff --git a/test/network/net_local.exp b/test/network/net_local.exp new file mode 100755 index 000000000..642213658 --- /dev/null +++ b/test/network/net_local.exp @@ -0,0 +1,45 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --noprofile --debug\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Using the local network stack" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 2 + +# check loopback +send -- "firejail --noprofile\r" +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "Child process initialized" +} +sleep 1 + + +send -- "/sbin/ifconfig\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "lo" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "127.0.0.1" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "255.0.0.0" +} + +puts "all done\n" + diff --git a/test/network/net_mac.exp b/test/network/net_mac.exp new file mode 100755 index 000000000..076634730 --- /dev/null +++ b/test/network/net_mac.exp @@ -0,0 +1,36 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --ip=10.10.20.5 --mac=00:11:22:33:44:55\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "00:11:22:33:44:55" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "10.10.20.5" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/net_macvlan.exp b/test/network/net_macvlan.exp new file mode 100755 index 000000000..20d022de9 --- /dev/null +++ b/test/network/net_macvlan.exp @@ -0,0 +1,88 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check the existing address +spawn $env(SHELL) +send -- "firejail --net=eth0 --ip=192.168.1.60\r" +expect { + timeout {puts "TESTING ERROR 1.1\n";puts "Please open a sandbox on 192.168.1.60\n";exit} + "the address 192.168.1.60 is already in use" +} + + + +# grab 30 ip addresses +set MAXi 229 +set i 200 +while { $i <= $MAXi } { + spawn $env(SHELL) + send -- "firejail --net=eth0 --ip=192.168.1.$i\r" + expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" + } + incr i + after 100 +} + + +# check an existing address +spawn $env(SHELL) +send -- "firejail --net=eth0 --ip=192.168.1.200\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "the address 192.168.1.200 is already in use" +} + + +set MAXi 254 +set i 2 +while { $i <= $MAXi } { + spawn $env(SHELL) + send -- "firejail --net=eth0\r" + expect { + timeout {puts "TESTING ERROR 2.1\n";exit} + "192.168.1.60" {puts "TESTING ERROR 2.2\n";exit} + "192.168.1.200" {puts "TESTING ERROR 3\n";exit} + "192.168.1.201" {puts "TESTING ERROR 3\n";exit} + "192.168.1.202" {puts "TESTING ERROR 3\n";exit} + "192.168.1.203" {puts "TESTING ERROR 3\n";exit} + "192.168.1.204" {puts "TESTING ERROR 3\n";exit} + "192.168.1.205" {puts "TESTING ERROR 3\n";exit} + "192.168.1.206" {puts "TESTING ERROR 3\n";exit} + "192.168.1.207" {puts "TESTING ERROR 3\n";exit} + "192.168.1.208" {puts "TESTING ERROR 3\n";exit} + "192.168.1.209" {puts "TESTING ERROR 3\n";exit} + "192.168.1.210" {puts "TESTING ERROR 3\n";exit} + "192.168.1.211" {puts "TESTING ERROR 3\n";exit} + "192.168.1.212" {puts "TESTING ERROR 3\n";exit} + "192.168.1.213" {puts "TESTING ERROR 3\n";exit} + "192.168.1.214" {puts "TESTING ERROR 3\n";exit} + "192.168.1.215" {puts "TESTING ERROR 3\n";exit} + "192.168.1.216" {puts "TESTING ERROR 3\n";exit} + "192.168.1.217" {puts "TESTING ERROR 3\n";exit} + "192.168.1.218" {puts "TESTING ERROR 3\n";exit} + "192.168.1.219" {puts "TESTING ERROR 3\n";exit} + "192.168.1.220" {puts "TESTING ERROR 3\n";exit} + "192.168.1.221" {puts "TESTING ERROR 3\n";exit} + "192.168.1.222" {puts "TESTING ERROR 3\n";exit} + "192.168.1.223" {puts "TESTING ERROR 3\n";exit} + "192.168.1.224" {puts "TESTING ERROR 3\n";exit} + "192.168.1.225" {puts "TESTING ERROR 3\n";exit} + "192.168.1.226" {puts "TESTING ERROR 3\n";exit} + "192.168.1.227" {puts "TESTING ERROR 3\n";exit} + "192.168.1.228" {puts "TESTING ERROR 3\n";exit} + "192.168.1.229" {puts "TESTING ERROR 3\n";exit} + "Child process initialized" + } + puts "************ $i ******************\n" + incr i + after 100 +# sleep 1 +} + +puts "\n" + diff --git a/test/network/net_mtu.exp b/test/network/net_mtu.exp new file mode 100755 index 000000000..7943b2866 --- /dev/null +++ b/test/network/net_mtu.exp @@ -0,0 +1,30 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --net=br0 --mtu=1000 --noprofile\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ip link show\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "mtu 1000" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "state UP" +} + +puts "\nall done\n" + diff --git a/test/network/net_netfilter.exp b/test/network/net_netfilter.exp new file mode 100755 index 000000000..989fcc407 --- /dev/null +++ b/test/network/net_netfilter.exp @@ -0,0 +1,88 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check default netfilter on br0 +send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Installing network filter" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Chain INPUT (policy DROP" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "ACCEPT all -- any any anywhere" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "ACCEPT icmp -- any any anywhere" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 1 + +# check default netfilter no new network +send -- "firejail --debug --noprofile --netfilter\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Installing network filter" {puts "TESTING ERROR 5.1\n";exit} + "Chain INPUT (policy DROP" {puts "TESTING ERROR 5.1\n";exit} + "ACCEPT all -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} + "ACCEPT icmp -- any any anywhere" {puts "TESTING ERROR 5.1\n";exit} + "Child process initialized" +} +sleep 2 +send -- "exit\r" +sleep 1 + +# check file filter netfilter on br0 +send -- "firejail --debug --noprofile --net=br0 --ip=10.10.20.5 --netfilter=netfilter.filter\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "Installing network filter" +} +expect { + timeout {puts "TESTING ERROR 6.1\n";exit} + "Child process initialized" +} +sleep 2 +send -- "ping -c 1 -w 3 10.10.20.1\r" +expect { + timeout {puts "TESTING ERROR 6.2\n";exit} + "0 received, 100% packet loss" +} + +send -- "exit\r" +sleep 1 + +# check profile netfilter on br0 +send -- "firejail --debug --net=br0 --ip=10.10.20.5 --profile=netfilter.profile\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "Installing network filter" +} +expect { + timeout {puts "TESTING ERROR 7.1\n";exit} + "Child process initialized" +} +sleep 2 +send -- "ping -c 1 -w 3 10.10.20.1\r" +expect { + timeout {puts "TESTING ERROR 7.2\n";exit} + "0 received, 100% packet loss" +} + +send -- "exit\r" +after 100 + +puts "all done\n" + diff --git a/test/network/net_noip.exp b/test/network/net_noip.exp new file mode 100755 index 000000000..8d28adb39 --- /dev/null +++ b/test/network/net_noip.exp @@ -0,0 +1,41 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --noprofile --net=br0 --ip=none\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 +send -- "bash\r" +sleep 1 + +# no default gateway configured +send -- "netstat -rn;pwd\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "0.0.0.0" {puts "TESTING ERROR 3\n";exit} + "eth0" {puts "TESTING ERROR 4\n";exit} + "home" +} +sleep 1 + +# eth0 configured +send -- "/sbin/ifconfig;pwd\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "home" +} +after 100 + +puts "all done\n" + diff --git a/test/network/net_noip2.exp b/test/network/net_noip2.exp new file mode 100755 index 000000000..58f90422b --- /dev/null +++ b/test/network/net_noip2.exp @@ -0,0 +1,41 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check ip address +send -- "firejail --noprofile --net=br1 --ip=none --defaultgw=10.10.30.78\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 +send -- "bash\r" +sleep 1 + +# no default gateway configured +send -- "netstat -rn;pwd\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "0.0.0.0" {puts "TESTING ERROR 3\n";exit} + "eth0" {puts "TESTING ERROR 4\n";exit} + "home" +} +sleep 1 + +# eth0 configured +send -- "/sbin/ifconfig;pwd\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "home" +} +after 100 + +puts "all done\n" + diff --git a/test/network/net_none.exp b/test/network/net_none.exp new file mode 100755 index 000000000..54b6cb946 --- /dev/null +++ b/test/network/net_none.exp @@ -0,0 +1,68 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# options +send -- "firejail --net=none\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "eth0" {puts "TESTING ERROR 0.1\n";exit} + "Child process initialized" +} +sleep 1 + +# test default gw +send -- "bash\r" +sleep 1 +send -- "netstat -rn; pwd\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "0.0.0.0" {puts "TESTING ERROR 1.1\n";exit} + "home" +} +sleep 1 + +# check again devices +send -- "cat /proc/1/net/dev;pwd\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "eth0" {puts "TESTING ERROR 2.1\n";exit} + "home" +} +send -- "exit\r" +sleep 1 +send -- "exit\r" +sleep 1 + +# profile +send -- "firejail --profile=net_none.profile\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "eth0" {puts "TESTING ERROR 3.1\n";exit} + "Child process initialized" +} +sleep 1 + +# test default gw +send -- "bash\r" +sleep 1 +send -- "netstat -rn; pwd\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "0.0.0.0" {puts "TESTING ERROR 4.1\n";exit} + "home" +} +sleep 1 + +# check again devices +send -- "cat /proc/1/net/dev;pwd\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "eth0" {puts "TESTING ERROR 5.1\n";exit} + "home" +} +sleep 1 + +puts "\n" diff --git a/test/network/net_none.profile b/test/network/net_none.profile new file mode 100644 index 000000000..079c08ea8 --- /dev/null +++ b/test/network/net_none.profile @@ -0,0 +1 @@ +net none diff --git a/test/network/net_profile.exp b/test/network/net_profile.exp new file mode 100755 index 000000000..37043c906 --- /dev/null +++ b/test/network/net_profile.exp @@ -0,0 +1,73 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +# check eth0 +send -- "firejail --profile=net-profile.profile\r" +expect { + timeout {puts "TESTING ERROR 0.0\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "00:11:22:33:44:55" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "10.10.20" +} +expect { + timeout {puts "TESTING ERROR 0.2\n";exit} + "255.255.255.248" +} +expect { + timeout {puts "TESTING ERROR 0.3\n";exit} + "UP" +} +expect { + timeout {puts "TESTING ERROR 0.4\n";exit} + "Child process initialized" +} +sleep 2 + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "10.10.30.0/24 dev eth1 proto kernel scope link src 10.10.30.50" +} + +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "10.10.40.0/24 dev eth2 proto kernel scope link src 10.10.40.100" +} + + +# check default gw +send -- "ip route show\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "default via 10.10.20.2 dev eth0" +} + +# check mtu +send -- "ip link show\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "eth0" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "mtu 1000" +} +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "state UP" +} + +sleep 1 + +puts "\nall done\n" + diff --git a/test/network/netfilter.filter b/test/network/netfilter.filter new file mode 100644 index 000000000..3e232065c --- /dev/null +++ b/test/network/netfilter.filter @@ -0,0 +1,6 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -i lo -j ACCEPT +COMMIT diff --git a/test/network/netfilter.profile b/test/network/netfilter.profile new file mode 100644 index 000000000..824c6cd0f --- /dev/null +++ b/test/network/netfilter.profile @@ -0,0 +1 @@ +netfilter netfilter.filter diff --git a/test/profile_followlnk.exp b/test/profile_followlnk.exp deleted file mode 100755 index e2ede2865..000000000 --- a/test/profile_followlnk.exp +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "mkdir /tmp/firejailtestdir\r" -sleep 1 -send -- "ln -s /tmp/firejailtestdir /tmp/firejailtestdirlnk\r" -sleep 1 -send -- "touch /tmp/firejailtestfile\r" -sleep 1 -send -- "ln -s /tmp/firejailtestfile /tmp/firejailtestfilelnk\r" -sleep 1 - -send -- "firejail --profile=readonly-lnk.profile --debug\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Child process initialized" -} - -# testing private only -send -- "bash\r" -sleep 1 - - -send -- "ls > /tmp/firejailtestdirlnk/ttt;pwd\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Read-only file system" -} -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "home" -} -sleep 1 - -send -- "ls > /tmp/firejailtestfilelnk;pwd\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "Read-only file system" -} -expect { - timeout {puts "TESTING ERROR 2.1\n";exit} - "home" -} -sleep 1 - -send -- "exit\r" -sleep 1 -send -- "pwd\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "home" -} -sleep 1 -send -- "exit\r" -sleep 1 -send -- "pwd\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "home" -} -sleep 2 -send -- "rm -fr /tmp/firejailtest*\r" -sleep 1 - -puts "\n" diff --git a/test/profile_noperm.exp b/test/profile_noperm.exp deleted file mode 100755 index b3ed558bc..000000000 --- a/test/profile_noperm.exp +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "firejail --profile=/etc/shadow\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "cannot access profile" -} -sleep 1 -puts "\n" diff --git a/test/profile_readonly.exp b/test/profile_readonly.exp deleted file mode 100755 index 046b0d738..000000000 --- a/test/profile_readonly.exp +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "mkdir /tmp/firejailtestdir\r" -sleep 1 -send -- "touch /tmp/firejailtestfile\r" -sleep 1 - -send -- "firejail --profile=readonly.profile\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Child process initialized" -} - -# testing private only -send -- "bash\r" -sleep 1 - - -send -- "ls > /tmp/firejailtestdir/ttt;pwd\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "Read-only file system" -} -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - "home" -} -sleep 1 - -send -- "ls > /tmp/firejailtestfile;pwd\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "Read-only file system" -} -expect { - timeout {puts "TESTING ERROR 2.1\n";exit} - "home" -} -sleep 1 - -send -- "exit\r" -sleep 1 -send -- "pwd\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "home" -} -sleep 1 -send -- "exit\r" -sleep 1 -send -- "pwd\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "home" -} -sleep 2 -send -- "rm -fr /tmp/firejailtest*\r" -sleep 1 - -puts "\n" diff --git a/test/profiles/profile_followlnk.exp b/test/profiles/profile_followlnk.exp new file mode 100755 index 000000000..4d89de26b --- /dev/null +++ b/test/profiles/profile_followlnk.exp @@ -0,0 +1,37 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "mkdir /tmp/firejailtestdir\r" +send -- "ln -s /tmp/firejailtestdir /tmp/firejailtestdirlnk\r" +send -- "touch /tmp/firejailtestfile\r" +send -- "ln -s /tmp/firejailtestfile /tmp/firejailtestfilelnk\r" +sleep 1 + +send -- "firejail --profile=readonly-lnk.profile\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} + +send -- "ls > /tmp/firejailtestdirlnk/ttt\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Read-only file system" +} +sleep 1 + +send -- "ls > /tmp/firejailtestfilelnk;pwd\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Read-only file system" +} +sleep 1 + +send -- "exit\r" +send -- "rm -fr /tmp/firejailtest*\r" +sleep 1 + +puts "\nall done\n" diff --git a/test/profiles/profile_noperm.exp b/test/profiles/profile_noperm.exp new file mode 100755 index 000000000..25ec580bd --- /dev/null +++ b/test/profiles/profile_noperm.exp @@ -0,0 +1,13 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --profile=/etc/shadow\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "cannot access profile" +} +sleep 1 +puts "\nall done\n" diff --git a/test/profiles/profile_readonly.exp b/test/profiles/profile_readonly.exp new file mode 100755 index 000000000..e8e78d6ad --- /dev/null +++ b/test/profiles/profile_readonly.exp @@ -0,0 +1,36 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "mkdir /tmp/firejailtestdir\r" +send -- "touch /tmp/firejailtestfile\r" +sleep 1 + +send -- "firejail --profile=readonly.profile\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 2 + +send -- "ls > /tmp/firejailtestdir/ttt\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Read-only file system" +} +sleep 1 + +send -- "ls > /tmp/firejailtestfile\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Read-only file system" +} +send -- "exit\r" +sleep 1 + +send -- "rm -fr /tmp/firejailtest*\r" +sleep 1 + +puts "\nall done\n" diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh index e3adc8a4f..ca0b9fb29 100755 --- a/test/profiles/profiles.sh +++ b/test/profiles/profiles.sh @@ -23,3 +23,12 @@ echo "TESTING: profile syntax 2 (test/profiles/profile_syntax2.exp)" echo "TESTING: ignore command (test/profiles/ignore.exp)" ./ignore.exp +echo "TESTING: profile read-only (test/profiles/profile_readonly.exp)" +./profile_readonly.exp + +echo "TESTING: profile read-only links (test/profiles/profile_readonly.exp)" +./profile_followlnk.exp + +echo "TESTING: profile no permissions (test/profiles/profile_noperm.exp)" +./profile_noperm.exp + diff --git a/test/profiles/readonly-lnk.profile b/test/profiles/readonly-lnk.profile new file mode 100644 index 000000000..71ffb1a26 --- /dev/null +++ b/test/profiles/readonly-lnk.profile @@ -0,0 +1,2 @@ +read-only /tmp/firejailtestdirlnk +read-only /tmp/firejailtestfilelnk diff --git a/test/profiles/readonly.profile b/test/profiles/readonly.profile new file mode 100644 index 000000000..55d89e3d7 --- /dev/null +++ b/test/profiles/readonly.profile @@ -0,0 +1,2 @@ +read-only /tmp/firejailtestdir +read-only /tmp/firejailtestfile \ No newline at end of file diff --git a/test/readonly-lnk.profile b/test/readonly-lnk.profile deleted file mode 100644 index 71ffb1a26..000000000 --- a/test/readonly-lnk.profile +++ /dev/null @@ -1,2 +0,0 @@ -read-only /tmp/firejailtestdirlnk -read-only /tmp/firejailtestfilelnk diff --git a/test/readonly.profile b/test/readonly.profile deleted file mode 100644 index 55d89e3d7..000000000 --- a/test/readonly.profile +++ /dev/null @@ -1,2 +0,0 @@ -read-only /tmp/firejailtestdir -read-only /tmp/firejailtestfile \ No newline at end of file diff --git a/test/test.sh b/test/test.sh index 0509afdfb..9d7dba4fa 100755 --- a/test/test.sh +++ b/test/test.sh @@ -7,11 +7,6 @@ ./fscheck.sh -echo "TESTING: network profile (net_profile.exp)" -./net_profile.exp - -echo "TESTING: bandwidth (bandwidth.exp)" -./bandwidth.exp echo "TESTING: protocol.print (protocol-print.exp)" ./protocol-print.exp @@ -127,12 +122,6 @@ echo "TESTING: PID (pid.exp)" echo "TESTING: output (output.exp)" ./output.exp -echo "TESTING: profile no permissions (profile_noperm.exp)" -./profile_noperm.exp - -echo "TESTING: profile read-only (profile_readonly.exp)" -./profile_readonly.exp - echo "TESTING: private (private.exp)" ./private.exp `whoami` -- cgit v1.2.3-54-g00ecf