From cad5625f037b06b1d190a6cc88bbeb41a1010dd4 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 21 Aug 2017 07:44:50 -0400 Subject: testing, merges --- test/filters/block-secondary.profile | 1 + test/filters/filters.sh | 8 +- test/filters/seccomp-debug.exp | 137 +++++++++++++++++++++++++++++++++-- 3 files changed, 139 insertions(+), 7 deletions(-) create mode 100644 test/filters/block-secondary.profile (limited to 'test') diff --git a/test/filters/block-secondary.profile b/test/filters/block-secondary.profile new file mode 100644 index 000000000..e32056c3d --- /dev/null +++ b/test/filters/block-secondary.profile @@ -0,0 +1 @@ +seccomp.block-secondary diff --git a/test/filters/filters.sh b/test/filters/filters.sh index 611580612..3ebb61419 100755 --- a/test/filters/filters.sh +++ b/test/filters/filters.sh @@ -54,8 +54,12 @@ fi echo "TESTING: seccomp bad empty (test/filters/seccomp-bad-empty.exp)" ./seccomp-bad-empty.exp -echo "TESTING: seccomp debug (test/filters/seccomp-debug.exp)" -./seccomp-debug.exp +if [ "$(uname -m)" = "x86_64" ]; then + echo "TESTING: seccomp debug (test/filters/seccomp-debug.exp)" + ./seccomp-debug.exp +else + echo "TESTING SKIP: protocol, running only on x86_64" +fi echo "TESTING: seccomp errno (test/filters/seccomp-errno.exp)" ./seccomp-errno.exp diff --git a/test/filters/seccomp-debug.exp b/test/filters/seccomp-debug.exp index a95f3bd23..7f03e45e8 100755 --- a/test/filters/seccomp-debug.exp +++ b/test/filters/seccomp-debug.exp @@ -7,25 +7,152 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail --seccomp --debug\r" +send -- "firejail --debug sleep 1; echo done\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "SECCOMP Filter" } expect { - timeout {puts "TESTING ERROR 2\n";exit} + timeout {puts "TESTING ERROR 1\n";exit} "BLACKLIST" } expect { - timeout {puts "TESTING ERROR 3\n";exit} + timeout {puts "TESTING ERROR 2\n";exit} "open_by_handle_at" } +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "Child process initialized" +} expect { timeout {puts "TESTING ERROR 4\n";exit} + "done" +} +after 100 + + +# amd64 architecture +send -- "firejail --debug sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} "Child process initialized" } -sleep 2 +expect { + timeout {puts "TESTING ERROR 6\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "done" +} +after 100 -send -- "exit\r" +# amd64 architecture - ignore seccomp +send -- "firejail --debug --ignore=seccomp sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 11\n";exit} + "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 12\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 13\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" {puts "TESTING ERROR 14\n";exit} + "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 15\n";exit} + "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 16\n";exit} + "done" +} after 100 + +# amd64 architecture - ignore protocol +send -- "firejail --debug --ignore=protocol sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 17\n";exit} + "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 18\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 19\n";exit} + "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 20\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 21\n";exit} + "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" {puts "TESTING ERROR 22\n";exit} + "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 23\n";exit} + "done" +} +after 100 + +# memory-deny-write-execute +send -- "firejail --debug --memory-deny-write-execute sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 24\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 25\n";exit} + "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 26\n";exit} + "done" +} + + +# amd64 architecture - seccomp.block-secondary +send -- "firejail --debug --seccomp.block-secondary sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 27\n";exit} + "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 28\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 29\n";exit} + "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 30\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 31\n";exit} + "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 32\n";exit} + "Installing /run/firejail/mnt/seccomp.protocol seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 33\n";exit} + "done" +} +after 100 + +# amd64 architecture - seccomp.block-secondary, profile +send -- "firejail --debug --profile=block-secondary.profile sleep 1; echo done\r" +expect { + timeout {puts "TESTING ERROR 33\n";exit} + "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 34\n";exit} + "Child process initialized" +} +expect { + timeout {puts "TESTING ERROR 35\n";exit} + "Installing /run/firejail/mnt/seccomp.i386 seccomp filter" {puts "TESTING ERROR 35\n";exit} + "Installing /run/firejail/mnt/seccomp seccomp filter" +} +expect { + timeout {puts "TESTING ERROR 37\n";exit} + "done" +} +after 100 + puts "all done\n" -- cgit v1.2.3-54-g00ecf