From e7486b39795847043cd16c55a1c8142770c77de8 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 2 Feb 2016 08:44:40 -0500 Subject: 0.9.38 testing --- test/features/1.2.exp | 16 +--- test/features/3.1.exp | 117 +++++++++++++++++++++++---- test/features/3.4.exp | 143 +++++++++++++++++++++++++++++++-- test/features/features.txt | 4 +- test/features/test.sh | 2 +- test/invalid_filename.exp | 16 ---- test/private-keep.exp | 192 --------------------------------------------- test/test.sh | 25 +----- 8 files changed, 246 insertions(+), 269 deletions(-) delete mode 100755 test/private-keep.exp (limited to 'test') diff --git a/test/features/1.2.exp b/test/features/1.2.exp index fe61bf482..65fcd54ae 100755 --- a/test/features/1.2.exp +++ b/test/features/1.2.exp @@ -69,10 +69,6 @@ if { $overlay == "overlay" } { timeout {puts "TESTING ERROR 3.1\n";exit} "proc /proc proc" } -# expect { -# timeout {puts "TESTING ERROR 3.2\n";exit} -# "proc /proc proc" -# } expect { timeout {puts "TESTING ERROR 3.3\n";exit} "proc /proc/sys proc" @@ -114,10 +110,6 @@ if { $chroot == "chroot" } { timeout {puts "TESTING ERROR 5.1\n";exit} "proc /proc proc" } - expect { - timeout {puts "TESTING ERROR 5.2\n";exit} - "proc /proc proc" - } expect { timeout {puts "TESTING ERROR 5.3\n";exit} "proc /proc/sys proc" @@ -126,10 +118,10 @@ if { $chroot == "chroot" } { timeout {puts "TESTING ERROR 5.4\n";exit} "proc /proc/sysrq-trigger proc" } - expect { - timeout {puts "TESTING ERROR 5.5\n";exit} - "proc /proc/sys/kernel/hotplug" - } +# expect { +# timeout {puts "TESTING ERROR 5.5\n";exit} +# "proc /proc/sys/kernel/hotplug" +# } expect { timeout {puts "TESTING ERROR 5.6\n";exit} "proc /proc/irq proc" diff --git a/test/features/3.1.exp b/test/features/3.1.exp index bcac4bf04..52a929651 100755 --- a/test/features/3.1.exp +++ b/test/features/3.1.exp @@ -12,20 +12,49 @@ set chroot [lindex $argv 1] # # N # -send -- "touch ~/.config/firejail-test-file\r" -sleep 1 -send -- "firejail --noprofile --tmpfs=/home/netblue/.config\r" +send -- "firejail --noprofile --private\r" expect { timeout {puts "TESTING ERROR 0\n";exit} "Child process initialized" } sleep 1 -send -- "ls ~/.config | wc -l\r" +send -- "ls -al | wc -l\r" +expect { + timeout {puts "TESTING ERROR 1.1\n";exit} + "5" +} + +send -- "ls -al .bashrc\r" +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "netblue" +} +expect { + timeout {puts "TESTING ERROR 1.3\n";exit} + "netblue" +} +expect { + timeout {puts "TESTING ERROR 1.4\n";exit} + ".bashrc" +} + +send -- "ls -al .Xauthority\r" +expect { + timeout {puts "TESTING ERROR 1.5\n";exit} + "netblue" +} expect { - timeout {puts "TESTING ERROR 1\n";exit} - "0" + timeout {puts "TESTING ERROR 1.6\n";exit} + "netblue" } +expect { + timeout {puts "TESTING ERROR 1.7\n";exit} + ".Xauthority" +} + + + after 100 send -- "exit\r" sleep 1 @@ -34,18 +63,47 @@ sleep 1 # O # if { $overlay == "overlay" } { - send -- "firejail --noprofile --overlay --tmpfs=/home/netblue/.config\r" + send -- "firejail --noprofile --overlay --private\r" expect { timeout {puts "TESTING ERROR 2\n";exit} "Child process initialized" } sleep 1 - send -- "ls ~/.config | wc -l\r" + send -- "ls -al | wc -l\r" + expect { + timeout {puts "TESTING ERROR 3.1\n";exit} + "5" + } + + send -- "ls -al .bashrc\r" + expect { + timeout {puts "TESTING ERROR 3.2\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 3.3\n";exit} + "netblue" + } expect { - timeout {puts "TESTING ERROR 3\n";exit} - "0" + timeout {puts "TESTING ERROR 3.4\n";exit} + ".bashrc" } + + send -- "ls -al .Xauthority\r" + expect { + timeout {puts "TESTING ERROR 3.5\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 3.6\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 3.7\n";exit} + ".Xauthority" + } + after 100 send -- "exit\r" sleep 1 @@ -55,20 +113,47 @@ if { $overlay == "overlay" } { # C # if { $chroot == "chroot" } { - send -- "touch /tmp/chroot/home/netblue/.config/firejail-test-file\r" - sleep 1 - send -- "firejail --noprofile --chroot=/tmp/chroot --tmpfs=/home/netblue/.config\r" + send -- "firejail --noprofile --chroot=/tmp/chroot --private\r" expect { timeout {puts "TESTING ERROR 4\n";exit} "Child process initialized" } sleep 1 - send -- "ls ~/.config | wc -l\r" + send -- "ls -al | wc -l\r" + expect { + timeout {puts "TESTING ERROR 5.1\n";exit} + "5" + } + + send -- "ls -al .bashrc\r" expect { - timeout {puts "TESTING ERROR 5\n";exit} - "0" + timeout {puts "TESTING ERROR 5.2\n";exit} + "netblue" } + expect { + timeout {puts "TESTING ERROR 5.3\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 5.4\n";exit} + ".bashrc" + } + + send -- "ls -al .Xauthority\r" + expect { + timeout {puts "TESTING ERROR 5.5\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 5.6\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 5.7\n";exit} + ".Xauthority" + } + after 100 send -- "exit\r" sleep 1 diff --git a/test/features/3.4.exp b/test/features/3.4.exp index f81dc6e0a..996312334 100755 --- a/test/features/3.4.exp +++ b/test/features/3.4.exp @@ -1,6 +1,6 @@ #!/usr/bin/expect -f # -# whitelist +# whitelist home # set timeout 10 @@ -19,11 +19,54 @@ expect { } sleep 1 -send -- "ls -al ~/. | wc -l\r" +send -- "ls -al | wc -l\r" expect { - timeout {puts "TESTING ERROR 1\n";exit} + timeout {puts "TESTING ERROR 1.1\n";exit} "6" } + +send -- "ls -al .bashrc\r" +expect { + timeout {puts "TESTING ERROR 1.2\n";exit} + "netblue" +} +expect { + timeout {puts "TESTING ERROR 1.3\n";exit} + "netblue" +} +expect { + timeout {puts "TESTING ERROR 1.4\n";exit} + ".bashrc" +} + +send -- "ls -al .Xauthority\r" +expect { + timeout {puts "TESTING ERROR 1.5\n";exit} + "netblue" +} +expect { + timeout {puts "TESTING ERROR 1.6\n";exit} + "netblue" +} +expect { + timeout {puts "TESTING ERROR 1.7\n";exit} + ".Xauthority" +} + +send -- "ls -al | grep config\r" +expect { + timeout {puts "TESTING ERROR 1.8\n";exit} + "netblue" +} +expect { + timeout {puts "TESTING ERROR 1.9\n";exit} + "netblue" +} +expect { + timeout {puts "TESTING ERROR 1.10\n";exit} + ".config" +} + after 100 send -- "exit\r" sleep 1 @@ -40,11 +83,54 @@ if { $overlay == "overlay" } { } sleep 1 - send -- "ls -al ~/. | wc -l\r" + send -- "ls -al | wc -l\r" expect { - timeout {puts "TESTING ERROR 1\n";exit} + timeout {puts "TESTING ERROR 3.1\n";exit} "6" } + + send -- "ls -al .bashrc\r" + expect { + timeout {puts "TESTING ERROR 3.2\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 3.3\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 3.4\n";exit} + ".bashrc" + } + + send -- "ls -al .Xauthority\r" + expect { + timeout {puts "TESTING ERROR 3.5\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 3.6\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 3.7\n";exit} + ".Xauthority" + } + + send -- "ls -al | grep config\r" + expect { + timeout {puts "TESTING ERROR 3.8\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 3.9\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 3.10\n";exit} + ".config" + } + after 100 send -- "exit\r" sleep 1 @@ -61,11 +147,54 @@ if { $chroot == "chroot" } { } sleep 1 - send -- "ls -al ~/. | wc -l\r" + send -- "ls -al | wc -l\r" expect { - timeout {puts "TESTING ERROR 1\n";exit} + timeout {puts "TESTING ERROR 5.1\n";exit} "6" } + + send -- "ls -al .bashrc\r" + expect { + timeout {puts "TESTING ERROR 5.2\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 5.3\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 5.4\n";exit} + ".bashrc" + } + + send -- "ls -al .Xauthority\r" + expect { + timeout {puts "TESTING ERROR 5.5\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 5.6\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 5.7\n";exit} + ".Xauthority" + } + + send -- "ls -al | grep config\r" + expect { + timeout {puts "TESTING ERROR 5.8\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 5.9\n";exit} + "netblue" + } + expect { + timeout {puts "TESTING ERROR 5.10\n";exit} + ".config" + } + after 100 send -- "exit\r" sleep 1 diff --git a/test/features/features.txt b/test/features/features.txt index d372d2f7a..1dedff357 100644 --- a/test/features/features.txt +++ b/test/features/features.txt @@ -69,7 +69,7 @@ C - chroot filesystem 3. Filesystem features (use --noprofile) -3.1 tmpfs +3.1 private 3.2 read-only 3.3 blacklist -3.4 whitelist +3.4 whitelist home diff --git a/test/features/test.sh b/test/features/test.sh index d4bcead0b..56b6289b4 100755 --- a/test/features/test.sh +++ b/test/features/test.sh @@ -83,7 +83,7 @@ fi #################### # filesystem features #################### -echo "TESTING: 3.1 tmpfs" +echo "TESTING: 3.1 private" ./3.1.exp $OVERLAY $CHROOT echo "TESTING: 3.2 read-only" diff --git a/test/invalid_filename.exp b/test/invalid_filename.exp index 26563aa43..dd1fa4634 100755 --- a/test/invalid_filename.exp +++ b/test/invalid_filename.exp @@ -124,22 +124,6 @@ expect { } after 100 -send -- "firejail --debug-check-filename --noprofile --private-home=\"bla&&bla\"\r" -expect { - timeout {puts "TESTING ERROR 8.1\n";exit} - "Checking filename bla&&bla" -} -expect { - timeout {puts "TESTING ERROR 8.2\n";exit} - "Error:" -} -expect { - timeout {puts "TESTING ERROR 8.3\n";exit} - "is an invalid filename" -} -after 100 - - send -- "firejail --debug-check-filename --noprofile --private-etc=\"bla&&bla\"\r" expect { timeout {puts "TESTING ERROR 9.1\n";exit} diff --git a/test/private-keep.exp b/test/private-keep.exp deleted file mode 100755 index 163aa2741..000000000 --- a/test/private-keep.exp +++ /dev/null @@ -1,192 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 10 -spawn $env(SHELL) -match_max 100000 - -#************************************************************** -send -- "firejail --noprofile --private-home=.mozilla,.config/firejail\r" -expect { - timeout {puts "TESTING ERROR 0\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "ls -al\r" -expect { - timeout {puts "TESTING ERROR 0.1\n";exit} - ".config" -} -expect { - timeout {puts "TESTING ERROR 0.2\n";exit} - ".mozilla" -} -sleep 1 - -send -- "find .config\r" -expect { - timeout {puts "TESTING ERROR 0.3\n";exit} - ".config" -} -expect { - timeout {puts "TESTING ERROR 0.4\n";exit} - ".config/firejail" -} -sleep 1 -puts "\n" -send -- "exit\r" -sleep 2 - - -#************************************************************** -send -- "firejail --profile=private-keep.profile\r" -expect { - timeout {puts "TESTING ERROR 1.0\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "ls -al\r" -expect { - timeout {puts "TESTING ERROR 1.1\n";exit} - ".config" -} -expect { - timeout {puts "TESTING ERROR 1.2\n";exit} - ".mozilla" -} -sleep 1 - -send -- "find .config\r" -expect { - timeout {puts "TESTING ERROR 1.3\n";exit} - ".config" -} -expect { - timeout {puts "TESTING ERROR 1.4\n";exit} - ".config/firejail" -} -sleep 1 -puts "\n" -send -- "exit\r" -sleep 2 - - -#************************************************************** -send -- "firejail --noprofile --private-home=~/.mozilla,~/.config/firejail\r" -expect { - timeout {puts "TESTING ERROR 2\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "ls -al\r" -expect { - timeout {puts "TESTING ERROR 2.1\n";exit} - ".config" -} -expect { - timeout {puts "TESTING ERROR 2.2\n";exit} - ".mozilla" -} -sleep 1 - -send -- "find .config\r" -expect { - timeout {puts "TESTING ERROR 2.3\n";exit} - ".config" -} -expect { - timeout {puts "TESTING ERROR 2.4\n";exit} - ".config/firejail" -} -sleep 1 -puts "\n" -send -- "exit\r" -sleep 2 - - -#************************************************************** -send -- "firejail --noprofile --private-home=~/.mozilla,~/.config/firejail\r" -expect { - timeout {puts "TESTING ERROR 3\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "ls -al\r" -expect { - timeout {puts "TESTING ERROR 3.1\n";exit} - ".config" -} -expect { - timeout {puts "TESTING ERROR 3.2\n";exit} - ".mozilla" -} -sleep 1 - -send -- "find .config\r" -expect { - timeout {puts "TESTING ERROR 3.3\n";exit} - ".config" -} -expect { - timeout {puts "TESTING ERROR 3.4\n";exit} - ".config/firejail" -} -sleep 1 -puts "\n" -send -- "exit\r" -sleep 2 - -#************************************************************** -send -- "firejail --noprofile --private-home=/home/netblue/.mozilla,/home/netblue/.config/firejail\r" -expect { - timeout {puts "TESTING ERROR 4\n";exit} - "Child process initialized" -} -sleep 1 - -send -- "ls -al\r" -expect { - timeout {puts "TESTING ERROR 4.1\n";exit} - ".config" -} -expect { - timeout {puts "TESTING ERROR 4.2\n";exit} - ".mozilla" -} -sleep 1 - -send -- "find .config\r" -expect { - timeout {puts "TESTING ERROR 4.3\n";exit} - ".config" -} -expect { - timeout {puts "TESTING ERROR 4.4\n";exit} - ".config/firejail" -} -sleep 1 -puts "\n" -send -- "exit\r" -sleep 2 - -#************************************************************** -send -- "firejail --noprofile --private-home=/home/netblue/../netblue/.mozilla,/home/netblue/.config/firejail\r" -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "Error: invalid private-home list" -} -sleep 1 - -#************************************************************** -send -- "firejail --noprofile --private-home=/root\r" -expect { - timeout {puts "TESTING ERROR 6\n";exit} - "Error: only files or directories created by the current user are allowed" -} -sleep 1 - -puts "all done\n" - diff --git a/test/test.sh b/test/test.sh index ad6599848..6273c0a1b 100755 --- a/test/test.sh +++ b/test/test.sh @@ -190,29 +190,8 @@ mkdir dirprivate ./private_dir_profile.exp rm -fr dirprivate -echo "TESTING: private keep" -./private-keep.exp - -uname -r | grep "3.18" -if [ "$?" -eq 0 ]; -then - echo "TESTING: overlayfs on 3.18 kernel" - ./fs_overlay.exp -fi - -grep "openSUSE" /etc/os-release -if [ "$?" -eq 0 ]; -then - echo "TESTING: overlayfs" - ./fs_overlay.exp -fi - -grep "Ubuntu" /etc/os-release -if [ "$?" -eq 0 ]; -then - echo "TESTING: overlayfs" - ./fs_overlay.exp -fi +echo "TESTING: overlayfs" +./fs_overlay.exp echo "TESTING: seccomp debug" ./seccomp-debug.exp -- cgit v1.2.3-54-g00ecf