#!/usr/bin/expect -f # This file is part of Firejail project # Copyright (C) 2014-2021 Firejail Authors # License GPL v2 set timeout 10 cd /home spawn $env(SHELL) match_max 100000 send -- "rm /etc/firejail/firejail.config\r" after 100 send -- "firejail\r" expect { timeout {puts "TESTING ERROR 1\n";exit} "firejail.config not found" } # seccomp send -- "echo \"seccomp no\" > /etc/firejail/firejail.config\r" after 100 send -- "firejail --noprofile --seccomp\r" expect { timeout {puts "TESTING ERROR 2\n";exit} "seccomp feature is disabled in Firejail configuration file\r" } # whitelist send -- "echo \"whitelist no\" > /etc/firejail/firejail.config\r" after 100 send -- "firejail --noprofile --whitelist=~/.config\r" expect { timeout {puts "TESTING ERROR 3\n";exit} "whitelist feature is disabled in Firejail configuration file\r" } # network send -- "echo \"network no\" > /etc/firejail/firejail.config\r" after 100 send -- "firejail --noprofile --net=eth0\r" expect { timeout {puts "TESTING ERROR 4\n";exit} "networking feature is disabled in Firejail configuration file\r" } # bind send -- "echo \"bind no\" > /etc/firejail/firejail.config\r" after 100 send -- "firejail --noprofile --bind=/tmp,/var/tmp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} "bind feature is disabled in Firejail configuration file\r" } # overlay send -- "echo \"overlayfs no\" > /etc/firejail/firejail.config\r" after 100 send -- "firejail --noprofile --overlay\r" expect { timeout {puts "TESTING ERROR 6\n";exit} "overlayfs feature is disabled in Firejail configuration file\r" } # private-home send -- "echo \"private-home no\" > /etc/firejail/firejail.config\r" after 100 send -- "firejail --noprofile --private-home=/tmp\r" expect { timeout {puts "TESTING ERROR 7\n";exit} "private-home feature is disabled in Firejail configuration file\r" } # chroot send -- "echo \"chroot no\" > /etc/firejail/firejail.config\r" after 100 send -- "firejail --noprofile --chroot=/tmp\r" expect { timeout {puts "TESTING ERROR 8\n";exit} "chroot feature is disabled in Firejail configuration file\r" } # userns send -- "echo \"userns no\" > /etc/firejail/firejail.config\r" after 100 send -- "firejail --noprofile --noroot\r" expect { timeout {puts "TESTING ERROR 9\n";exit} "noroot feature is disabled in Firejail configuration file\r" } sleep 1 # netfilter-default send -- "echo \"netfilter-default blablabla\" > /etc/firejail/firejail.config\r" after 100 send -- "firejail --noprofile\r" expect { timeout {puts "TESTING ERROR 10\n";exit} "netfilter-default file blablabla not available\r" } after 100 # strings send -- "echo \"xephyr-screen 800x600\" > /etc/firejail/firejail.config\r" after 100 send -- "echo \"xvfb-screen 800x600x24\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"xvfb-extra-params blablabla\" >> /etc/firejail/firejail.config\r" sleep 1 send -- "stty -echo\r" after 100 send -- "firejail --noprofile echo done\r" expect { timeout {puts "TESTING ERROR 11\n";exit} "done\r" } sleep 1 after 100 send -- "echo \"join no\" > /etc/firejail/firejail.config\r" after 100 send -- "echo \"cache-tmpfs no\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"file-transfer no\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"x11 no\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"firejail-prompt yes\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"follow-symlink-as-user yes\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"follow-symlink-private-bin yes\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"force-nonewprivs yes\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"seccomp no\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"restricted-network yes\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"xephyr-window-title yes\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"quiet-by-default yes\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"chroot-desktop no\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"private-bin-no-local yes\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"disable-mnt yes\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"xephyr-window-title no\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"remount-proc-sys no\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"disable-mnt no\" >> /etc/firejail/firejail.config\r" after 100 send -- "echo \"blablabla\" >> /etc/firejail/firejail.config\r" after 100 send -- "firejail --noprofile\r" expect { timeout {puts "TESTING ERROR 12\n";exit} "" } after 100 puts "\nall done\n"