blob: 9b7402b952f2b14dd76693f2ee6a846c18985b23 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
#!/usr/bin/expect -f
# This file is part of Firejail project
# Copyright (C) 2014-2017 Firejail Authors
# License GPL v2
set timeout 10
cd /home
spawn $env(SHELL)
match_max 100000
send -- "rm /etc/firejail/firejail.config\r"
after 100
send -- "firejail\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"firejail.config not found"
}
# seccomp
send -- "echo \"seccomp no\" > /etc/firejail/firejail.config\r"
after 100
send -- "firejail --noprofile --seccomp\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"seccomp feature is disabled in Firejail configuration file\r"
}
# whitelist
send -- "echo \"whitelist no\" > /etc/firejail/firejail.config\r"
after 100
send -- "firejail --noprofile --whitelist=~/.config\r"
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"whitelist feature is disabled in Firejail configuration file\r"
}
# network
send -- "echo \"network no\" > /etc/firejail/firejail.config\r"
after 100
send -- "firejail --noprofile --net=eth0\r"
expect {
timeout {puts "TESTING ERROR 4\n";exit}
"networking feature is disabled in Firejail configuration file\r"
}
# bind
send -- "echo \"bind no\" > /etc/firejail/firejail.config\r"
after 100
send -- "firejail --noprofile --bind=/tmp,/var/tmp\r"
expect {
timeout {puts "TESTING ERROR 5\n";exit}
"bind feature is disabled in Firejail configuration file\r"
}
# overlay
send -- "echo \"overlayfs no\" > /etc/firejail/firejail.config\r"
after 100
send -- "firejail --noprofile --overlay\r"
expect {
timeout {puts "TESTING ERROR 6\n";exit}
"overlayfs feature is disabled in Firejail configuration file\r"
}
# private-home
send -- "echo \"private-home no\" > /etc/firejail/firejail.config\r"
after 100
send -- "firejail --noprofile --private-home=/tmp\r"
expect {
timeout {puts "TESTING ERROR 7\n";exit}
"private-home feature is disabled in Firejail configuration file\r"
}
# chroot
send -- "echo \"chroot no\" > /etc/firejail/firejail.config\r"
after 100
send -- "firejail --noprofile --chroot=/tmp\r"
expect {
timeout {puts "TESTING ERROR 8\n";exit}
"chroot feature is disabled in Firejail configuration file\r"
}
# userns
send -- "echo \"userns no\" > /etc/firejail/firejail.config\r"
after 100
send -- "firejail --noprofile --noroot\r"
expect {
timeout {puts "TESTING ERROR 9\n";exit}
"noroot feature is disabled in Firejail configuration file\r"
}
sleep 1
# netfilter-default
send -- "echo \"netfilter-default blablabla\" > /etc/firejail/firejail.config\r"
after 100
send -- "firejail --noprofile\r"
expect {
timeout {puts "TESTING ERROR 10\n";exit}
"netfilter-default file blablabla not available\r"
}
after 100
# strings
send -- "echo \"xephyr-screen 800x600\" > /etc/firejail/firejail.config\r"
after 100
send -- "echo \"xvfb-screen 800x600x24\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"xvfb-extra-params blablabla\" >> /etc/firejail/firejail.config\r"
sleep 1
send -- "stty -echo\r"
after 100
send -- "firejail --noprofile echo done\r"
expect {
timeout {puts "TESTING ERROR 11\n";exit}
"done\r"
}
sleep 1
after 100
send -- "echo \"join no\" > /etc/firejail/firejail.config\r"
after 100
send -- "echo \"cache-tmpfs no\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"file-transfer no\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"x11 no\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"firejail-prompt yes\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"follow-symlink-as-user yes\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"follow-symlink-private-bin yes\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"force-nonewprivs yes\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"seccomp no\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"restricted-network yes\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"xephyr-window-title yes\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"quiet-by-default yes\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"chroot-desktop no\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"private-bin-no-local yes\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"disable-mnt yes\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"xephyr-window-title no\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"remount-proc-sys no\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"disable-mnt no\" >> /etc/firejail/firejail.config\r"
after 100
send -- "echo \"blablabla\" >> /etc/firejail/firejail.config\r"
after 100
send -- "firejail --noprofile\r"
expect {
timeout {puts "TESTING ERROR 12\n";exit}
""
}
after 100
puts "\nall done\n"
|
