#!/usr/bin/expect -f # This file is part of Firejail project # Copyright (C) 2014-2023 Firejail Authors # License GPL v2 set timeout 10 spawn $env(SHELL) match_max 100000 # # clone # send -- "firejail --noprofile ./namespaces clone cgroup,ipc,mnt,net,pid,user,uts\r" expect { timeout {puts "TESTING ERROR 0\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 1\n";exit} "clone successful" } after 200 send -- "firejail --noprofile --restrict-namespaces ./namespaces clone user\r" expect { timeout {puts "TESTING ERROR 2\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 3\n";exit} "Error: clone: Operation not permitted" } after 200 send -- "firejail --noprofile --restrict-namespaces=user ./namespaces clone user\r" expect { timeout {puts "TESTING ERROR 4\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 5\n";exit} "Error: clone: Operation not permitted" } after 200 send -- "firejail --noprofile --restrict-namespaces=user ./namespaces clone cgroup,ipc,mnt,net,pid,user,uts\r" expect { timeout {puts "TESTING ERROR 6\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 7\n";exit} "Error: clone: Operation not permitted" } after 200 send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces clone cgroup,user\r" expect { timeout {puts "TESTING ERROR 8\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 9\n";exit} "Error: clone: Operation not permitted" } after 200 send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces clone ipc,user\r" expect { timeout {puts "TESTING ERROR 10\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 11\n";exit} "Error: clone: Operation not permitted" } after 200 send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces clone mnt,net,pid,user,uts\r" expect { timeout {puts "TESTING ERROR 12\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 13\n";exit} "clone successful" } after 200 # # unshare # send -- "firejail --noprofile ./namespaces unshare cgroup,ipc,mnt,net,pid,user,uts\r" expect { timeout {puts "TESTING ERROR 14\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 15\n";exit} "unshare successful" } after 200 send -- "firejail --noprofile --restrict-namespaces ./namespaces unshare user\r" expect { timeout {puts "TESTING ERROR 16\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 17\n";exit} "Error: unshare: Operation not permitted" } after 200 send -- "firejail --noprofile --restrict-namespaces=user ./namespaces unshare user\r" expect { timeout {puts "TESTING ERROR 18\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 19\n";exit} "Error: unshare: Operation not permitted" } after 200 send -- "firejail --noprofile --restrict-namespaces=user ./namespaces unshare cgroup,ipc,mnt,net,pid,user,uts\r" expect { timeout {puts "TESTING ERROR 20\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 21\n";exit} "Error: unshare: Operation not permitted" } after 200 send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces unshare cgroup,user\r" expect { timeout {puts "TESTING ERROR 22\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 23\n";exit} "Error: unshare: Operation not permitted" } after 200 send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces unshare ipc,user\r" expect { timeout {puts "TESTING ERROR 24\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 25\n";exit} "Error: unshare: Operation not permitted" } after 200 send -- "firejail --noprofile --restrict-namespaces=cgroup,ipc ./namespaces unshare mnt,net,pid,user,uts\r" expect { timeout {puts "TESTING ERROR 26\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 27\n";exit} "unshare successful" } after 200 # # clone3 # send -- "firejail --noprofile ./namespaces clone3 cgroup,ipc,mnt,net,pid,user,uts\r" expect { timeout {puts "TESTING ERROR 28\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 29\n";exit} "Error: clone3: Function not implemented" {puts "OK, clone3 not available on this system\n"} "clone3 successful" { after 200 send -- "firejail --noprofile --restrict-namespaces ./namespaces clone3 user\r" expect { timeout {puts "TESTING ERROR 30\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 31\n";exit} "Error: clone3: Function not implemented" } after 200 # clone3 arguments are not checked send -- "firejail --noprofile --restrict-namespaces=mnt ./namespaces clone3 cgroup,ipc,net,pid,user,uts\r" expect { timeout {puts "TESTING ERROR 32\n";exit} -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" } expect { timeout {puts "TESTING ERROR 33\n";exit} "Error: clone3: Function not implemented" } } } after 200 puts "\nall done\n"