From f4171a91412f89d509e6d1371fd81b4ecd89c11d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 11 Oct 2015 11:24:02 -0400 Subject: --private-bin --- test/chromium.exp | 10 +++---- test/fscheck-shell.exp | 14 +++++----- test/private-bin.exp | 71 ++++++++++++++++++++++++++++++++++++++++++++++++ test/private-bin.profile | 1 + test/test.sh | 12 ++++++-- 5 files changed, 93 insertions(+), 15 deletions(-) create mode 100755 test/private-bin.exp create mode 100644 test/private-bin.profile (limited to 'test') diff --git a/test/chromium.exp b/test/chromium.exp index 020826f3d..77325d070 100755 --- a/test/chromium.exp +++ b/test/chromium.exp @@ -4,10 +4,10 @@ set timeout 10 spawn $env(SHELL) match_max 100000 -send -- "firejail chromium-browser www.gentoo.org\r" +send -- "firejail chromium www.gentoo.org\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "Reading profile /etc/firejail/chromium-browser.profile" + "Reading profile /etc/firejail/chromium.profile" } expect { timeout {puts "TESTING ERROR 1\n";exit} @@ -23,7 +23,7 @@ expect { } expect { timeout {puts "TESTING ERROR 3.1\n";exit} - "chromium-browser" + "chromium" } sleep 1 @@ -38,7 +38,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} - ":firejail chromium-browser" + ":firejail chromium" } expect { timeout {puts "TESTING ERROR 5.1\n";exit} @@ -52,7 +52,7 @@ sleep 1 send -- "firemon --caps\r" expect { timeout {puts "TESTING ERROR 6\n";exit} - ":firejail chromium-browser" + ":firejail chromium" } expect { timeout {puts "TESTING ERROR 6.1\n";exit} diff --git a/test/fscheck-shell.exp b/test/fscheck-shell.exp index d2320a4c3..548955e60 100755 --- a/test/fscheck-shell.exp +++ b/test/fscheck-shell.exp @@ -15,7 +15,7 @@ after 100 # .. send -- "firejail --net=br0 --shell=../test/fscheck-dir\r" expect { - timeout {puts "TESTING ERROR 0.1\n";exit} + timeout {puts "TESTING ERROR 1\n";exit} "Error" } after 100 @@ -23,7 +23,7 @@ after 100 # dir link send -- "firejail --net=br0 --shell=fscheck-dir-link\r" expect { - timeout {puts "TESTING ERROR 1\n";exit} + timeout {puts "TESTING ERROR 2\n";exit} "Error" } after 100 @@ -31,7 +31,7 @@ after 100 # .. send -- "firejail --net=br0 --shell=../test/fscheck-dir-link\r" expect { - timeout {puts "TESTING ERROR 1.1\n";exit} + timeout {puts "TESTING ERROR 3\n";exit} "Error" } after 100 @@ -39,7 +39,7 @@ after 100 # file link send -- "firejail --net=br0 --shell=fscheck-file-link\r" expect { - timeout {puts "TESTING ERROR 2\n";exit} + timeout {puts "TESTING ERROR 4\n";exit} "Error" } after 100 @@ -47,7 +47,7 @@ after 100 # .. send -- "firejail --net=br0 --shell=../test/fscheck-file-link\r" expect { - timeout {puts "TESTING ERROR 2\n";exit} + timeout {puts "TESTING ERROR 5\n";exit} "Error" } after 100 @@ -55,7 +55,7 @@ after 100 # no file send -- "firejail --net=br0 --shell=../test/nofile\r" expect { - timeout {puts "TESTING ERROR 3\n";exit} + timeout {puts "TESTING ERROR 6\n";exit} "Error" } after 100 @@ -63,7 +63,7 @@ after 100 # real GID/UID send -- "firejail --net=br0 --shell=/etc/shadow\r" expect { - timeout {puts "TESTING ERROR 4\n";exit} + timeout {puts "TESTING ERROR 7\n";exit} "Error" } after 100 diff --git a/test/private-bin.exp b/test/private-bin.exp new file mode 100755 index 000000000..cc5ea99c7 --- /dev/null +++ b/test/private-bin.exp @@ -0,0 +1,71 @@ +#!/usr/bin/expect -f + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --private-bin=bash,ls,sh\r" +expect { + timeout {puts "TESTING ERROR 1\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls -al /bin\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "bash" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "ls" +} +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "sh" +} + +send -- "ls -al /bin\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "ping" {puts "TESTING ERROR 6\n";exit} + "sh" +} +send -- "exit\r" +sleep 1 + +send -- "firejail --profile=private-bin.profile\r" +expect { + timeout {puts "TESTING ERROR 7\n";exit} + "Child process initialized" +} +sleep 1 + +send -- "ls -al /bin\r" +expect { + timeout {puts "TESTING ERROR 8\n";exit} + "bash" +} +expect { + timeout {puts "TESTING ERROR 9\n";exit} + "ls" +} +expect { + timeout {puts "TESTING ERROR 10\n";exit} + "sh" +} + +send -- "ls -al /bin\r" +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "ping" {puts "TESTING ERROR 6\n";exit} + "sh" +} +send -- "exit\r" + + + + +sleep 1 +puts "\nall done\n" + diff --git a/test/private-bin.profile b/test/private-bin.profile new file mode 100644 index 000000000..24cf5929a --- /dev/null +++ b/test/private-bin.profile @@ -0,0 +1 @@ +private-bin bash,ls,sh diff --git a/test/test.sh b/test/test.sh index 6f198cd52..2e7b1e2bc 100755 --- a/test/test.sh +++ b/test/test.sh @@ -18,9 +18,15 @@ echo "TESTING: environment variables" echo "TESTING: private-etc" ./private-etc.exp +echo "TESTING: private-bin" +./private-bin.exp + +sleep 1 +rm -fr dir\ with\ space mkdir dir\ with\ space echo "TESTING: blacklist" ./blacklist.exp +sleep 1 rm -fr dir\ with\ space ln -s auto auto2 @@ -155,7 +161,7 @@ else echo "TESTING: midori not found" fi -which chromium-browser +which chromium if [ "$?" -eq 0 ]; then echo "TESTING: chromium" @@ -278,10 +284,10 @@ echo "TESTING: seccomp su" echo "TESTING: seccomp ptrace" ./seccomp-ptrace.exp -echo "TESTING: seccomp chmod (seccomp lists)" +echo "TESTING: seccomp chmod - seccomp lists" ./seccomp-chmod.exp -echo "TESTING: seccomp chmod profile (seccomp lists)" +echo "TESTING: seccomp chmod profile - seccomp lists" ./seccomp-chmod-profile.exp echo "TESTING: seccomp empty" -- cgit v1.2.3-54-g00ecf