From 84fa03cd77b0afcdee5cc6816596ab5c8a633185 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 29 Nov 2016 21:38:09 -0500 Subject: private-opt and private-srv --- test/root/private.exp | 57 +++++++++++++++++++++ test/root/root.sh | 4 +- test/root/whitelist-mnt.exp | 105 --------------------------------------- test/root/whitelist.exp | 118 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 177 insertions(+), 107 deletions(-) delete mode 100755 test/root/whitelist-mnt.exp create mode 100755 test/root/whitelist.exp (limited to 'test') diff --git a/test/root/private.exp b/test/root/private.exp index 4040081ee..9ce9716f9 100755 --- a/test/root/private.exp +++ b/test/root/private.exp @@ -29,5 +29,62 @@ expect { after 100 send -- "exit\r" +sleep 1 + + + +send -- "touch /opt/firejail-test-file\r" +after 100 +send -- "mkdir /opt/firejail-test-dir\r" +after 100 +send -- "touch /opt/firejail-test-dir/firejail-test-file\r" +after 100 +send -- "firejail --private-opt=firejail-test-file,firejail-test-dir --debug\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "find /opt | wc -l\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "4" +} +after 100 +send -- "exit\r" +sleep 1 + + +send -- "touch /srv/firejail-test-file\r" +after 100 +send -- "mkdir /srv/firejail-test-dir\r" +after 100 +send -- "touch /srv/firejail-test-dir/firejail-test-file\r" after 100 +send -- "firejail --private-srv=firejail-test-file,firejail-test-dir --debug\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "find /srv | wc -l\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "4" +} +after 100 +send -- "exit\r" +sleep 1 + + + + + + + + + + puts "\nall done\n" diff --git a/test/root/root.sh b/test/root/root.sh index 01c372f68..371bccdff 100755 --- a/test/root/root.sh +++ b/test/root/root.sh @@ -53,8 +53,8 @@ fi echo "TESTING: fs private (test/root/private.exp)" ./private.exp -echo "TESTING: fs whitelist mnt, opt, media(test/root/whitelist-mnt.exp)" -./whitelist-mnt.exp +echo "TESTING: fs whitelist mnt, opt, media (test/root/whitelist-mnt.exp)" +./whitelist.exp #******************************** # seccomp diff --git a/test/root/whitelist-mnt.exp b/test/root/whitelist-mnt.exp deleted file mode 100755 index a21446afe..000000000 --- a/test/root/whitelist-mnt.exp +++ /dev/null @@ -1,105 +0,0 @@ -#!/usr/bin/expect -f -# This file is part of Firejail project -# Copyright (C) 2014-2016 Firejail Authors -# License GPL v2 - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -send -- "touch /mnt/firejail-test-file\r" -after 100 -send -- "firejail --whitelist=/mnt/firejail-test-file --debug\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "find /mnt | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "2" -} -after 100 -send -- "exit\r" -sleep 1 - - -send -- "touch /opt/firejail-test-file\r" -after 100 -send -- "firejail --whitelist=/opt/firejail-test-file --debug\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "find /opt | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "2" -} -after 100 -send -- "exit\r" -sleep 1 - -send -- "touch /media/firejail-test-file\r" -after 100 -send -- "firejail --whitelist=/media/firejail-test-file --debug\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "find /media | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "2" -} -after 100 -send -- "exit\r" -sleep 1 - - -send -- "firejail --whitelist=/var/run --whitelist=/var/lock --debug\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "find /var | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "" -} -after 100 -send -- "exit\r" -sleep 1 - -send -- "touch /srv/firejail-test-file\r" -after 100 -send -- "firejail --whitelist=/srv/firejail-test-file --debug\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "find /srv | wc -l\r" -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "2" -} -after 100 -send -- "exit\r" -sleep 1 - - - - -after 100 -puts "\nall done\n" - diff --git a/test/root/whitelist.exp b/test/root/whitelist.exp new file mode 100755 index 000000000..f6936c048 --- /dev/null +++ b/test/root/whitelist.exp @@ -0,0 +1,118 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2016 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "touch /mnt/firejail-test-file\r" +after 100 +send -- "mkdir /mnt/firejail-test-dir\r" +after 100 +send -- "touch /mnt/firejail-test-dir/firejail-test-file\r" +after 100 +send -- "firejail --whitelist=/mnt/firejail-test-file --whitelist=/mnt/firejail-test-dir --debug\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "find /mnt | wc -l\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "4" +} +after 100 +send -- "exit\r" +sleep 1 + + +send -- "touch /opt/firejail-test-file\r" +after 100 +send -- "mkdir /opt/firejail-test-dir\r" +after 100 +send -- "touch /opt/firejail-test-dir/firejail-test-file\r" +after 100 +send -- "firejail --whitelist=/opt/firejail-test-file --whitelist=/opt/firejail-test-dir --debug\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "find /opt | wc -l\r" +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "4" +} +after 100 +send -- "exit\r" +sleep 1 + +send -- "touch /media/firejail-test-file\r" +after 100 +send -- "mkdir /media/firejail-test-dir\r" +after 100 +send -- "touch /media/firejail-test-dir/firejail-test-file\r" +after 100 +send -- "firejail --whitelist=/media/firejail-test-file --whitelist=/media/firejail-test-dir --debug\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "find /media | wc -l\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "4" +} +after 100 +send -- "exit\r" +sleep 1 + + +send -- "firejail --whitelist=/var/run --whitelist=/var/lock --debug\r" +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "find /var | wc -l\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "" +} +after 100 +send -- "exit\r" +sleep 1 + +send -- "touch /srv/firejail-test-file\r" +after 100 +send -- "mkdir /srv/firejail-test-dir\r" +after 100 +send -- "touch /srv/firejail-test-dir/firejail-test-file\r" +after 100 +send -- "firejail --whitelist=/srv/firejail-test-file --whitelist=/srv/firejail-test-dir --debug\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "find /srv | wc -l\r" +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "4" +} +after 100 +send -- "exit\r" + + +after 100 +puts "\nall done\n" + -- cgit v1.2.3-54-g00ecf