From b4424d947838cc41fc82f1ba9a7c06b8a49f9bae Mon Sep 17 00:00:00 2001 From: startx2017 Date: Thu, 29 Jul 2021 07:47:16 -0400 Subject: rework make test-fs --- test/fs/fs.sh | 51 +++++++++++++++++++++++++++------------ test/fs/fs_dev_shm.exp | 16 ++++++------ test/fs/fs_var_tmp.exp | 16 ++++++------ test/fs/mkdir.exp | 20 +++++++-------- test/fs/mkdir.profile | 12 ++++----- test/fs/option_blacklist.exp | 2 +- test/fs/option_blacklist_file.exp | 25 +++++++++++++++++-- test/fs/option_blacklist_glob.exp | 25 +++++++++++++++---- test/fs/private-etc.exp | 5 +--- test/fs/private-home-dir.exp | 15 ++++++------ test/fs/private-home.exp | 13 +++++++++- test/fs/read-write.exp | 13 ++++++++++ test/fs/whitelist-dev.exp | 3 +++ test/fs/whitelist-double.exp | 10 ++++---- test/fs/whitelist-readonly.exp | 10 ++++++++ 15 files changed, 164 insertions(+), 72 deletions(-) (limited to 'test') diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 591fc1a06..9c3310b31 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh @@ -15,15 +15,18 @@ echo "TESTING: mkdir/mkfile (test/fs/mkdir_mkfile.exp)" ./mkdir_mkfile.exp rm -fr ~/_firejail_test_* -mkdir ~/_firejail_test_dir -touch ~/_firejail_test_dir/a -mkdir ~/_firejail_test_dir/test1 -touch ~/_firejail_test_dir/test1/b +echo "TESTING: recursive mkdir (test/fs/mkdir.exp)" +./mkdir.exp +rm -fr ~/_firejail_test_* +rm -fr /tmp/_firejail_test_* + echo "TESTING: read/write (test/fs/read-write.exp)" ./read-write.exp +rm -fr ~/_firejail_test_dir + echo "TESTING: whitelist readonly (test/fs/whitelist-readonly.exp)" ./whitelist-readonly.exp -rm -fr ~/_firejail_test_* +rm -f ~/_firejail_test_dir echo "TESTING: /sys/fs access (test/fs/sys_fs.exp)" ./sys_fs.exp @@ -37,16 +40,19 @@ fi echo "TESTING: read/write /var/tmp (test/fs/fs_var_tmp.exp)" ./fs_var_tmp.exp +rm -f /var/tmp/_firejail_test_file echo "TESTING: private-lib (test/fs/private-lib.exp)" ./private-lib.exp echo "TESTING: read/write /var/lock (test/fs/fs_var_lock.exp)" ./fs_var_lock.exp +rm -f /var/lock/_firejail_test_file if [ -w /dev/shm ]; then echo "TESTING: read/write /dev/shm (test/fs/fs_dev_shm.exp)" ./fs_dev_shm.exp + rm -f /dev/shm/_firejail_test_file else echo "TESTING SKIP: /dev/shm not writable" fi @@ -56,12 +62,23 @@ echo "TESTING: private (test/fs/private.exp)" echo "TESTING: private home (test/fs/private-home.exp)" ./private-home.exp +rm -f ~/_firejail_test_file1 +rm -f ~/_firejail_test_file2 +rm -fr ~/_firejail_test_dir1 +rm -f ~/_firejail_test_link1 +rm -f ~/_firejail_test_link2 echo "TESTING: private home dir (test/fs/private-home-dir.exp)" ./private-home-dir.exp +rm -fr ~/_firejail_test_dir1 echo "TESTING: private home dir same as user home (test/fs/private-homedir.exp)" ./private-homedir.exp +rm -f ~/_firejail_test_file1 +rm -f ~/_firejail_test_file2 +rm -fr ~/_firejail_test_dir1 +rm -f ~/_firejail_test_link1 +rm -f ~/_firejail_test_link2 echo "TESTING: private-etc (test/fs/private-etc.exp)" ./private-etc.exp @@ -74,6 +91,7 @@ echo "TESTING: private-bin (test/fs/private-bin.exp)" echo "TESTING: private-cache (test/fs/private-cache.exp)" ./private-cache.exp +rm -f ~/.cache/abcdefg echo "TESTING: private-cwd (test/fs/private-cwd.exp)" ./private-cwd.exp @@ -83,6 +101,12 @@ echo "TESTING: macros (test/fs/macro.exp)" echo "TESTING: whitelist empty (test/fs/whitelist-empty.exp)" ./whitelist-empty.exp +rm -f ~/Videos/_firejail_test_fil +rm -f ~/Pictures/_firejail_test_file +rm -f ~/Music/_firejail_test_file +rm -f ~/Downloads/_firejail_test_file +rm -f ~/Documents/_firejail_test_file +rm -f ~/Desktop/_firejail_test_file echo "TESTING: private whitelist (test/fs/private-whitelist.exp)" ./private-whitelist.exp @@ -95,9 +119,11 @@ echo "TESTING: blacklist directory (test/fs/option_blacklist.exp)" echo "TESTING: blacklist file (test/fs/option_blacklist_file.exp)" ./option_blacklist_file.exp +rm -fr ~/_firejail_test_dir echo "TESTING: blacklist glob (test/fs/option_blacklist_glob.exp)" ./option_blacklist_glob.exp +rm -fr ~/_firejail_test_dir echo "TESTING: noblacklist blacklist noexec (test/fs/noblacklist-blacklist-noexec.exp)" ./noblacklist-blacklist-noexec.exp @@ -108,14 +134,13 @@ echo "TESTING: noblacklist blacklist readonly (test/fs/noblacklist-blacklist-rea echo "TESTING: bind as user (test/fs/option_bind_user.exp)" ./option_bind_user.exp -echo "TESTING: recursive mkdir (test/fs/mkdir.exp)" -./mkdir.exp - echo "TESTING: double whitelist (test/fs/whitelist-double.exp)" ./whitelist-double.exp +rm -f /tmp/_firejail_test_file echo "TESTING: whitelist (test/fs/whitelist.exp)" ./whitelist.exp +rm -fr ~/_firejail_test_* echo "TESTING: whitelist dev, var(test/fs/whitelist-dev.exp)" ./whitelist-dev.exp @@ -131,6 +156,8 @@ echo "TESTING: fscheck --bind non root (test/fs/fscheck-bindnoroot.exp)" echo "TESTING: fscheck --tmpfs non root (test/fs/fscheck-tmpfs.exp)" ./fscheck-tmpfs.exp +rm -fr ~/_firejail_test_dir +rm -fr /tmp/_firejail_test_dir echo "TESTING: fscheck --private= (test/fs/fscheck-private.exp)" ./fscheck-private.exp @@ -139,10 +166,4 @@ echo "TESTING: fscheck --read-only= (test/fs/fscheck-readonly.exp)" ./fscheck-readonly.exp #cleanup -rm -fr ~/fjtest-dir -rm -fr ~/fjtest-dir-lnk -rm -f ~/fjtest-file -rm -f ~/fjtest-file-lnk -rm -f /tmp/fjtest-file -rm -fr /tmp/fjtest-dir -rm -fr ~/_firejail_test_* +rm -fr ~/_firejail_test* diff --git a/test/fs/fs_dev_shm.exp b/test/fs/fs_dev_shm.exp index 04e6e2383..5f0503494 100755 --- a/test/fs/fs_dev_shm.exp +++ b/test/fs/fs_dev_shm.exp @@ -16,13 +16,13 @@ expect { after 100 send -- "stty -echo\r" -send -- "echo mytest > /dev/shm/ttt;echo done\r" +send -- "echo mytest > /dev/shm/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "done" } -send -- "cat /dev/shm/ttt;echo done\r" +send -- "cat /dev/shm/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 2\n";exit} "mytest" @@ -32,13 +32,13 @@ expect { "done" } -send -- "rm /dev/shm/ttt;echo done\r" +send -- "rm /dev/shm/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 4\n";exit} "done" } -send -- "cat /dev/shm/ttt;echo done\r" +send -- "cat /dev/shm/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 5\n";exit} "mytest" {puts "TESTING ERROR 6\n";exit} @@ -57,13 +57,13 @@ expect { after 100 send -- "stty -echo\r" -send -- "echo mytest > /dev/shm/ttt;echo done\r" +send -- "echo mytest > /dev/shm/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 8\n";exit} "done" } -send -- "cat /dev/shm/ttt;echo done\r" +send -- "cat /dev/shm/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 9\n";exit} "mytest" @@ -73,13 +73,13 @@ expect { "done" } -send -- "rm /dev/shm/ttt;echo done\r" +send -- "rm /dev/shm/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 11\n";exit} "done" } -send -- "cat /dev/shm/ttt;echo done\r" +send -- "cat /dev/shm/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 12\n";exit} "mytest" {puts "TESTING ERROR 13\n";exit} diff --git a/test/fs/fs_var_tmp.exp b/test/fs/fs_var_tmp.exp index 004425719..c7d4b0c20 100755 --- a/test/fs/fs_var_tmp.exp +++ b/test/fs/fs_var_tmp.exp @@ -16,13 +16,13 @@ expect { after 100 send -- "stty -echo\r" -send -- "echo mytest > /var/tmp/ttt;echo done\r" +send -- "echo mytest > /var/tmp/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "done" } -send -- "cat /var/tmp/ttt;echo done\r" +send -- "cat /var/tmp/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 2\n";exit} "mytest" @@ -32,13 +32,13 @@ expect { "done" } -send -- "rm /var/tmp/ttt;echo done\r" +send -- "rm /var/tmp/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 4\n";exit} "done" } -send -- "cat /var/tmp/ttt;echo done\r" +send -- "cat /var/tmp/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 5\n";exit} "mytest" {puts "TESTING ERROR 6\n";exit} @@ -58,13 +58,13 @@ expect { after 100 send -- "stty -echo\r" -send -- "echo mytest > /var/tmp/ttt;echo done\r" +send -- "echo mytest > /var/tmp/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 8\n";exit} "done" } -send -- "cat /var/tmp/ttt;echo done\r" +send -- "cat /var/tmp/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 9\n";exit} "mytest" @@ -74,13 +74,13 @@ expect { "done" } -send -- "rm /var/tmp/ttt;echo done\r" +send -- "rm /var/tmp/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 11\n";exit} "done" } -send -- "cat /var/tmp/ttt;echo done\r" +send -- "cat /var/tmp/_firejail_test_file;echo done\r" expect { timeout {puts "TESTING ERROR 12\n";exit} "mytest" {puts "TESTING ERROR 13\n";exit} diff --git a/test/fs/mkdir.exp b/test/fs/mkdir.exp index 8b787f114..da04a431c 100755 --- a/test/fs/mkdir.exp +++ b/test/fs/mkdir.exp @@ -7,34 +7,34 @@ set timeout 3 spawn $env(SHELL) match_max 100000 -send -- "rm -fr ~/.firejail_test\r" +send -- "rm -fr ~/_firejail_test_dir\r" after 100 -send -- "firejail --profile=mkdir.profile find ~/.firejail_test\r" +send -- "firejail --profile=mkdir.profile find ~/_firejail_test_dir\r" expect { timeout {puts "TESTING ERROR 1.1\n";exit} - ".firejail_test/a/b/c/d.txt" + "_firejail_test_dir/_firejail_test_file" } -send -- "rm -rf ~/.firejail_test\r" +send -- "rm -rf ~/_firejail_test_dir\r" after 100 -send -- "firejail --profile=mkdir.profile find /tmp/.firejail_test\r" +send -- "firejail --profile=mkdir.profile find /tmp/_firejail_test_dir\r" expect { timeout {puts "TESTING ERROR 2.1\n";exit} - "/tmp/.firejail_test/a/b/c/d.txt" + "_firejail_test_dir/_firejail_test_file" } -send -- "rm -rf /tmp/.firejail_test\r" +send -- "rm -rf /tmp/_firejail_test_dir\r" after 100 set UID [exec id -u] set fexist [file exist /run/user/$UID] if { $fexist } { - send -- "firejail --profile=mkdir.profile find /run/user/$UID/.firejail_test\r" + send -- "firejail --profile=mkdir.profile find /run/user/$UID/_firejail_test_dir\r" expect { timeout {puts "TESTING ERROR 3.1\n";exit} - "/run/user/$UID/.firejail_test/a/b/c/d.txt" + "_firejail_test_dir/_firejail_test_file" } - send -- "rm -rf /run/user/$UID/.firejail_test\r" + send -- "rm -rf /run/user/$UID/_firejail_test_dir\r" after 100 diff --git a/test/fs/mkdir.profile b/test/fs/mkdir.profile index 35c27c872..fba93f466 100644 --- a/test/fs/mkdir.profile +++ b/test/fs/mkdir.profile @@ -1,6 +1,6 @@ -mkdir ~/.firejail_test/a/b/c -mkfile ~/.firejail_test/a/b/c/d.txt -mkdir /tmp/.firejail_test/a/b/c -mkfile /tmp/.firejail_test/a/b/c/d.txt -mkdir ${RUNUSER}/.firejail_test/a/b/c -mkfile ${RUNUSER}/.firejail_test/a/b/c/d.txt +mkdir ~/_firejail_test_dir +mkfile ~/_firejail_test_dir/_firejail_test_file +mkdir /tmp/_firejail_test_dir +mkfile /tmp/_firejail_test_dir/_firejail_test_file +mkdir ${RUNUSER}/_firejail_test_dir +mkfile ${RUNUSER}/_firejail_test_dir/_firejail_test_file diff --git a/test/fs/option_blacklist.exp b/test/fs/option_blacklist.exp index 6ee2b07ca..48dfcc069 100755 --- a/test/fs/option_blacklist.exp +++ b/test/fs/option_blacklist.exp @@ -35,4 +35,4 @@ expect { } after 100 -puts "\n" +puts "\nall done\n" diff --git a/test/fs/option_blacklist_file.exp b/test/fs/option_blacklist_file.exp index b0bcc741b..247e69121 100755 --- a/test/fs/option_blacklist_file.exp +++ b/test/fs/option_blacklist_file.exp @@ -7,7 +7,12 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail --blacklist=/etc/passwd\r" +send -- "mkdir ~/_firejail_test_dir\r" +after 100 +send -- "touch ~/_firejail_test_dir/a\r" +after 100 + +send -- "firejail --blacklist=/etc/passwd --blacklist=~/_firejail_test_dir\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" @@ -15,6 +20,16 @@ expect { sleep 1 send -- "cat /etc/passwd;echo done\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "No such file or directory" +} +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "done" +} +after 100 +send -- "cat ~/_firejail_test_dir/a;echo done\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "Permission denied" @@ -25,4 +40,10 @@ expect { } after 100 -puts "\n" +send -- "exit\r" +sleep 1 + +send -- "rm -fr ~/_firejail_test_dir\r" +after 100 + +puts "\nall done\n" diff --git a/test/fs/option_blacklist_glob.exp b/test/fs/option_blacklist_glob.exp index ee79eabf4..a4be4a97d 100755 --- a/test/fs/option_blacklist_glob.exp +++ b/test/fs/option_blacklist_glob.exp @@ -7,26 +7,41 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail --blacklist=testdir1/*\r" +send -- "mkdir ~/_firejail_test_dir\r" +after 100 +send -- "touch ~/_firejail_test_dir/a\r" +after 100 +send -- "mkdir ~/_firejail_test_dir/test1\r" +after 100 +send -- "touch ~/_firejail_test_dir/test1/b\r" +after 100 + +send -- "firejail --blacklist=~/_firejail_test_dir/*\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" } sleep 1 -send -- "cd testdir1\r" +send -- "cd ~/_firejail_test_dir\r" sleep 1 -send -- "cat .file\r" +send -- "cat a\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "Permission denied" } -send -- "ls .directory\r" +send -- "ls test1\r" expect { timeout {puts "TESTING ERROR 2\n";exit} "Permission denied" } after 100 -puts "\n" +send -- "exit\r" +sleep 1 + +send -- "rm -fr ~/_firejail_test_dir\r" +after 100 + +puts "\nall done\n" diff --git a/test/fs/private-etc.exp b/test/fs/private-etc.exp index c9a74f96e..7d0e9f619 100755 --- a/test/fs/private-etc.exp +++ b/test/fs/private-etc.exp @@ -64,9 +64,6 @@ expect { } after 100 - - - - +send -- "exit\r" after 100 puts "\nall done\n" diff --git a/test/fs/private-home-dir.exp b/test/fs/private-home-dir.exp index 75ac5aea5..bd8cab16f 100755 --- a/test/fs/private-home-dir.exp +++ b/test/fs/private-home-dir.exp @@ -21,13 +21,13 @@ if {[file exists ~/.Xauthority]} { send -- "touch ~/.Xauthority\r" } after 100 -send -- "rm -fr ~/_firejail_test_dir_\r" +send -- "rm -fr ~/_firejail_test_dir1_\r" after 100 -send -- "mkdir ~/_firejail_test_dir_\r" +send -- "mkdir ~/_firejail_test_dir1_\r" sleep 1 # testing profile and private -send -- "firejail --private=~/_firejail_test_dir_\r" +send -- "firejail --private=~/_firejail_test_dir1_\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" @@ -67,12 +67,12 @@ expect { "private directory is not owned by the current user" } sleep 1 -send -- "mkdir ~/_firejail_test_dir_/test_dir_2\r" +send -- "mkdir ~/_firejail_test_dir1_/test_dir_2\r" after 100 -send -- "touch ~/_firejail_test_dir_/test_dir_2/testfile\r" +send -- "touch ~/_firejail_test_dir1_/test_dir_2/testfile\r" sleep 1 -send -- "firejail --debug --noprofile --blacklist=~/test_dir_2 --private=~/_firejail_test_dir_\r" +send -- "firejail --debug --noprofile --blacklist=~/test_dir_2 --private=~/_firejail_test_dir1_\r" expect { timeout {puts "TESTING ERROR 10\n";exit} "Disable" @@ -98,7 +98,8 @@ after 100 send "exit\r" sleep 1 -send -- "rm -fr ~/_firejail_test_dir_\r" +send -- "rm -fr ~/_firejail_test_dir1\r" after 100 + puts "\nall done\n" diff --git a/test/fs/private-home.exp b/test/fs/private-home.exp index 2f297e93f..6fbe8b0f6 100755 --- a/test/fs/private-home.exp +++ b/test/fs/private-home.exp @@ -95,8 +95,19 @@ expect { "broken symbolic link" } send -- "exit\r" +sleep 1 -send -- "rm -f ~/_firejail_test*\r" +send -- "echo cleanup\r" +after 100 +send -- "rm -f ~/_firejail_test_file1\r" +after 100 +send -- "rm -f ~/_firejail_test_file2\r" +after 100 +send -- "rm -fr ~/_firejail_test_dir1\r" +after 100 +send -- "rm -f ~/_firejail_test_link1\r" +after 100 +send -- "rm -f ~/_firejail_test_link2\r" after 100 puts "\nall done\n" diff --git a/test/fs/read-write.exp b/test/fs/read-write.exp index ad51c2db1..6c0f755da 100755 --- a/test/fs/read-write.exp +++ b/test/fs/read-write.exp @@ -7,6 +7,14 @@ set timeout 10 spawn $env(SHELL) match_max 100000 +send -- "mkdir ~/_firejail_test_dir\r" +after 100 +send -- "touch ~/_firejail_test_dir/a\r" +after 100 +send -- "mkdir ~/_firejail_test_dir/test1\r" +after 100 +send -- "touch ~/_firejail_test_dir/test1/b\r" +after 100 send -- "firejail --read-only=~/_firejail_test_dir --read-write=~/_firejail_test_dir/test1\r" expect { @@ -31,5 +39,10 @@ expect { "mytest" } +after 100 +send -- "exit\r" +sleep 1 + +send -- "rm -fr ~/_firejail_test_dir\r" after 100 puts "\nall done\n" diff --git a/test/fs/whitelist-dev.exp b/test/fs/whitelist-dev.exp index ad5c54a9c..d0466bbeb 100755 --- a/test/fs/whitelist-dev.exp +++ b/test/fs/whitelist-dev.exp @@ -61,6 +61,9 @@ expect { "19" {puts "OK\n"} "20" {puts "OK\n"} "21" {puts "OK\n"} + "22" {puts "OK\n"} + "23" {puts "OK\n"} + "24" {puts "OK\n"} } after 100 diff --git a/test/fs/whitelist-double.exp b/test/fs/whitelist-double.exp index 5ce9d8ad7..e653517a6 100755 --- a/test/fs/whitelist-double.exp +++ b/test/fs/whitelist-double.exp @@ -7,17 +7,17 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "echo 123 > /tmp/firejal-deleteme\r" +send -- "echo 123 > /tmp/_firejail_test_file\r" sleep 1 -send -- "firejail --whitelist=/tmp/firejal-deleteme --whitelist=/tmp/firejal-deleteme\r" +send -- "firejail --whitelist=/tmp/_firejail_test_file --whitelist=/tmp/_firejail_test_file\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" } sleep 1 -send -- "cat /tmp/firejal-deleteme\r" +send -- "cat /tmp/_firejail_test_file\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "123" @@ -26,13 +26,13 @@ expect { send -- "exit\r" sleep 1 -send -- "cat /tmp/firejal-deleteme\r" +send -- "cat /tmp/_firejail_test_file\r" expect { timeout {puts "TESTING ERROR 2\n";exit} "123" } -send -- "rm -v /tmp/firejal-deleteme\r" +send -- "rm -v /tmp/_firejail_test_file\r" expect { timeout {puts "TESTING ERROR 3\n";exit} "removed" diff --git a/test/fs/whitelist-readonly.exp b/test/fs/whitelist-readonly.exp index e5c9cc400..f9d78b7c0 100755 --- a/test/fs/whitelist-readonly.exp +++ b/test/fs/whitelist-readonly.exp @@ -7,6 +7,14 @@ set timeout 10 spawn $env(SHELL) match_max 100000 +send -- "mkdir ~/_firejail_test_dir\r" +after 100 +send -- "touch ~/_firejail_test_dir/a\r" +after 100 +send -- "mkdir ~/_firejail_test_dir/test1\r" +after 100 +send -- "touch ~/_firejail_test_dir/test1/b\r" +after 100 send -- "firejail --noprofile --whitelist=~/_firejail_test_dir --read-only=~\r" expect { @@ -25,4 +33,6 @@ after 100 send -- "exit\r" sleep 1 +send -- "rm -fr ~/_firejail_test_dir\r" +after 100 puts "\nall done\n" -- cgit v1.2.3-70-g09d2