github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

added make test-filters

Browse source
This commit is contained in:
netblue30 2016-04-30 07:27:31 -04:00
parent 899fcb0bfe
commit a1272742cf
25 changed files with 240 additions and 647 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Makefile.in
View file

@ -252,6 +252,7 @@ dist:
cd $(NAME)-$(VERSION); mkdir -p test; cp -a ../test/environment test/.; cd ..
cd $(NAME)-$(VERSION); mkdir -p test; cp -a ../test/compile test/.; cd ..
cd $(NAME)-$(VERSION); mkdir -p test; cp -a ../test/dist-compile test/.; cd ..
cd $(NAME)-$(VERSION); mkdir -p test; cp -a ../test/filters test/.; cd ..
cd $(NAME)-$(VERSION); rm -fr `find . -name .svn`; rm -fr $(NAME)-$(VERSION); cd ..
tar -cjvf $(NAME)-$(VERSION).tar.bz2 $(NAME)-$(VERSION)
rm -fr $(NAME)-$(VERSION)
@ -295,5 +296,8 @@ test-utils:
test-environment:
cd test/environment; ./environment.sh | grep TESTING
test-filters:
cd test/filters; ./filters.sh | grep TESTING
test: test-profiles test-utils test-environment test-apps test-apps-x11
echo "TEST COMPLETE"

72
test/filters/caps.exp Executable file
View file

@ -0,0 +1,72 @@
#!/usr/bin/expect -f
# This file is part of Firejail project
# Copyright (C) 2014-2016 Firejail Authors
# License GPL v2
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --caps.keep=chown,fowner --noprofile\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"Child process initialized"
}
sleep 2
send -- "cat /proc/self/status\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"CapBnd: 0000000000000009"
}
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"Seccomp:"
}
send -- "exit\r"
sleep 1
send -- "firejail --caps.drop=all --noprofile\r"
expect {
timeout {puts "TESTING ERROR 4\n";exit}
"Child process initialized"
}
sleep 2
send -- "cat /proc/self/status\r"
expect {
timeout {puts "TESTING ERROR 5\n";exit}
"CapBnd: 0000000000000000"
}
expect {
timeout {puts "TESTING ERROR 6\n";exit}
"Seccomp:"
}
send -- "exit\r"
sleep 1
send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
expect {
timeout {puts "TESTING ERROR 7\n";exit}
"Child process initialized"
}
sleep 2
send -- "cat /proc/self/status\r"
expect {
timeout {puts "TESTING ERROR 8\n";exit}
"CapBnd:"
}
expect {
timeout {puts "TESTING ERROR 9\n";exit}
"fffffff0"
}
expect {
timeout {puts "TESTING ERROR 10\n";exit}
"Seccomp:"
}
send -- "exit\r"
sleep 1
puts "\nall done\n"

156
test/filters/noroot.exp Executable file
View file

@ -0,0 +1,156 @@
#!/usr/bin/expect -f
# This file is part of Firejail project
# Copyright (C) 2014-2016 Firejail Authors
# License GPL v2
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --noprofile --noroot --caps.drop=all --seccomp\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"Child process initialized"
}
sleep 1
send -- "cat /proc/self/status\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"CapBnd: 0000000000000000"
}
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"Seccomp:"
}
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"2"
}
expect {
timeout {puts "TESTING ERROR 4\n";exit}
"Cpus_allowed:"
}
puts "\n"
send -- "ping 0\r"
expect {
timeout {puts "TESTING ERROR 5\n";exit}
"Operation not permitted"
}
send -- "whoami\r"
expect {
timeout {puts "TESTING ERROR 6\n";exit}
$env(USER)
}
send -- "sudo -s\r"
expect {
timeout {puts "TESTING ERROR 8\n";exit}
"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
}
send -- "cat /proc/self/uid_map | wc -l\r"
expect {
timeout {puts "TESTING ERROR 7\n";exit}
"1"
}
send -- "cat /proc/self/gid_map | wc -l\r"
expect {
timeout {puts "TESTING ERROR 8\n";exit}
"3"
}
puts "\n"
send -- "exit\r"
sleep 2
send -- "firejail --name=test --noroot --noprofile\r"
expect {
timeout {puts "TESTING ERROR 9\n";exit}
"Child process initialized"
}
sleep 1
send -- "cat /proc/self/status\r"
expect {
timeout {puts "TESTING ERROR 10\n";exit}
"CapBnd:"
}
expect {
timeout {puts "TESTING ERROR 11\n";exit}
"ffffffff"
}
expect {
timeout {puts "TESTING ERROR 12\n";exit}
"Seccomp:"
}
expect {
timeout {puts "TESTING ERROR 13\n";exit}
"0"
}
expect {
timeout {puts "TESTING ERROR 14\n";exit}
"Cpus_allowed:"
}
puts "\n"
send -- "whoami\r"
expect {
timeout {puts "TESTING ERROR 15\n";exit}
$env(USER)
}
send -- "sudo -s\r"
expect {
timeout {puts "TESTING ERROR 16\n";exit}
"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
}
send -- "ping 0\r"
expect {
timeout {puts "TESTING ERROR 17\n";exit}
"Operation not permitted"
}
send -- "cat /proc/self/uid_map | wc -l\r"
expect {
timeout {puts "TESTING ERROR 18\n";exit}
"1"
}
send -- "cat /proc/self/gid_map | wc -l\r"
expect {
timeout {puts "TESTING ERROR 19\n";exit}
"3"
}
spawn $env(SHELL)
send -- "firejail --debug --join=test\r"
expect {
timeout {puts "TESTING ERROR 20\n";exit}
"User namespace detected"
}
expect {
timeout {puts "TESTING ERROR 21\n";exit}
"Joining user namespace"
}
sleep 1
send -- "sudo -s\r"
expect {
timeout {puts "TESTING ERROR 22\n";exit}
"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
}
send -- "cat /proc/self/uid_map | wc -l\r"
expect {
timeout {puts "TESTING ERROR 23\n";exit}
"1"
}
send -- "cat /proc/self/gid_map | wc -l\r"
expect {
timeout {puts "TESTING ERROR 24\n";exit}
"3"
}
puts "\nall done\n"

12
test/protocol.exp → test/filters/protocol.exp
View file

@ -4,7 +4,7 @@ set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --noprofile --protocol=unix ../src/tools/syscall_test socket\r"
send -- "firejail --noprofile --protocol=unix ./syscall_test socket\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"Child process initialized"
@ -47,7 +47,7 @@ expect {
}
sleep 1
send -- "firejail --noprofile --protocol=inet6,packet ../src/tools/syscall_test socket\r"
send -- "firejail --noprofile --protocol=inet6,packet ./syscall_test socket\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"Child process initialized"
@ -91,7 +91,7 @@ expect {
sleep 1
# profile testing
send -- "firejail --profile=protocol1.profile ../src/tools/syscall_test socket\r"
send -- "firejail --profile=protocol1.profile ./syscall_test socket\r"
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"Child process initialized"
@ -134,7 +134,7 @@ expect {
}
sleep 1
send -- "firejail --profile=protocol2.profile ../src/tools/syscall_test socket\r"
send -- "firejail --profile=protocol2.profile ./syscall_test socket\r"
expect {
timeout {puts "TESTING ERROR 4\n";exit}
"Child process initialized"
@ -177,8 +177,4 @@ expect {
}
sleep 1
puts "\nall done\n"

0
test/protocol1.profile → test/filters/protocol1.profile
View file

0
test/protocol2.profile → test/filters/protocol2.profile
View file

0
test/seccomp-bad-empty.exp → test/filters/seccomp-bad-empty.exp
View file

0
test/seccomp-bad-empty.profile → test/filters/seccomp-bad-empty.profile
View file

0
test/seccomp-bad-empty2.profile → test/filters/seccomp-bad-empty2.profile
View file

0
test/seccomp.profile → test/filters/seccomp.profile
View file

0
src/tools/syscall_test → test/filters/syscall_test
View file

4
src/tools/syscall_test.c → test/filters/syscall_test.c
View file

@ -1,3 +1,7 @@
// This file is part of Firejail project
// Copyright (C) 2014-2016 Firejail Authors
// License GPL v2
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>

0
src/tools/syscall_test32 → test/filters/syscall_test32
View file

117
test/noroot.exp
View file

@ -1,117 +0,0 @@
#!/usr/bin/expect -f
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --debug --noprofile --noroot --caps.drop=all --seccomp --cpu=0,1 --name=noroot-sandbox\r"
expect {
timeout {puts "TESTING ERROR 0.1\n";exit}
"Child process initialized"
}
sleep 1
send -- "cat /proc/self/status\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"CapBnd:"
}
expect {
timeout {puts "TESTING ERROR 1.1\n";exit}
"0000000000000000"
}
send -- "cat /proc/self/status\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"Cpus_allowed:"
}
expect {
timeout {puts "TESTING ERROR 2.1\n";exit}
"3"
}
expect {
timeout {puts "TESTING ERROR 2.2\n";exit}
"Cpus_allowed_list:"
}
puts "\n"
send -- "cat /proc/self/status\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"Seccomp:"
}
expect {
timeout {puts "TESTING ERROR 2.1\n";exit}
"2"
}
expect {
timeout {puts "TESTING ERROR 2.2\n";exit}
"Cpus_allowed:"
}
puts "\n"
send -- "ping 0\r"
expect {
timeout {puts "TESTING ERROR 4\n";exit}
"Operation not permitted"
}
puts "\n"
send -- "whoami\r"
expect {
timeout {puts "TESTING ERROR 55\\n";exit}
"netblue"
}
puts "\n"
send -- "exit\r"
sleep 2
send -- "firejail --noroot --noprofile\r"
expect {
timeout {puts "TESTING ERROR 6\n";exit}
"Child process initialized"
}
sleep 1
send -- "whoami\r"
expect {
timeout {puts "TESTING ERROR 7\n";exit}
"netblue"
}
send -- "sudo -s\r"
expect {
timeout {puts "TESTING ERROR 8\n";exit}
"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
}
puts "\n"
send -- "exit\r"
sleep 2
send -- "firejail --name=test --noroot --noprofile\r"
expect {
timeout {puts "TESTING ERROR 9\n";exit}
"Child process initialized"
}
sleep 1
spawn $env(SHELL)
send -- "firejail --debug --join=test\r"
expect {
timeout {puts "TESTING ERROR 9\n";exit}
"User namespace detected"
}
expect {
timeout {puts "TESTING ERROR 9\n";exit}
"Joining user namespace"
}
sleep 1
send -- "sudo -s\r"
expect {
timeout {puts "TESTING ERROR 8\n";exit}
"effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";}
"sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";}
}
puts "all done\n"

46
test/seccomp-chmod-profile.exp
View file

@ -1,46 +0,0 @@
#!/usr/bin/expect -f
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --profile=seccomp.profile --private\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"Child process initialized"
}
sleep 2
send -- "touch testfile;pwd\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"/root" {puts "running as root"}
"/home"
}
send -- "ls -l testfile;pwd\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"testfile"
}
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"/root" {puts "running as root"}
"/home"
}
send -- "chmod +x testfile;pwd\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"Bad system call"
}
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"/root" {puts "running as root"}
"/home"
}
send -- "exit\r"
sleep 1
puts "\n"

46
test/seccomp-chmod.exp
View file

@ -1,46 +0,0 @@
#!/usr/bin/expect -f
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --seccomp=chmod,fchmod,fchmodat --private\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"Child process initialized"
}
sleep 2
send -- "touch testfile;pwd\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"/root" {puts "running as root"}
"/home"
}
send -- "ls -l testfile;pwd\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"testfile"
}
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"/root" {puts "running as root"}
"/home"
}
send -- "chmod +x testfile;pwd\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"Bad system call"
}
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"/root" {puts "running as root"}
"/home"
}
send -- "exit\r"
sleep 1
puts "\n"

46
test/seccomp-chown.exp
View file

@ -1,46 +0,0 @@
#!/usr/bin/expect -f
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --seccomp=chown,fchown,fchownat,lchown --private\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"Child process initialized"
}
sleep 2
send -- "touch testfile;pwd\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"/root" {puts "running as root"}
"/home"
}
send -- "ls -l testfile;pwd\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"testfile"
}
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"/root" {puts "running as root"}
"/home"
}
send -- "chown netblue:netblue testfile;pwd\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"Bad system call"
}
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"/root" {puts "running as root"}
"/home"
}
send -- "exit\r"
sleep 1
puts "\n"

28
test/seccomp-debug.exp
View file

@ -1,28 +0,0 @@
#!/usr/bin/expect -f
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --seccomp --debug\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"SECCOMP Filter"
}
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"BLACKLIST"
}
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"open_by_handle_at"
}
expect {
timeout {puts "TESTING ERROR 4\n";exit}
"Child process initialized"
}
sleep 2
send -- "exit\r"
after 100
puts "all done\n"

38
test/seccomp-dualfilter.exp
View file

@ -1,38 +0,0 @@
#!/usr/bin/expect -f
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail ../src/tools/syscall_test mount\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"Child process initialized"
}
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"before mount"
}
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"after mount" {puts "TESTING ERROR 2.1\n";exit}
"Parent is shutting down"
}
sleep 1
send -- "firejail ../src/tools/syscall_test32 mount\r"
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"Child process initialized"
}
expect {
timeout {puts "TESTING ERROR 4\n";exit}
"before mount"
}
expect {
timeout {puts "TESTING ERROR 5\n";exit}
"after mount" {puts "TESTING ERROR 5.1\n";exit}
"Parent is shutting down"
}
puts "\nall done\n"

145
test/seccomp-empty.exp
View file

@ -1,145 +0,0 @@
#!/usr/bin/expect -f
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --debug --seccomp=chmod,fchmod,fchmodat --private\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"VALIDATE_ARCHITECTURE"
}
expect {
timeout {puts "TESTING ERROR 0.1\n";exit}
"mount"
}
expect {
timeout {puts "TESTING ERROR 0.2\n";exit}
"ptrace"
}
expect {
timeout {puts "TESTING ERROR 0.3\n";exit}
"chmod"
}
expect {
timeout {puts "TESTING ERROR 0.4\n";exit}
"fchmod"
}
expect {
timeout {puts "TESTING ERROR 0.5\n";exit}
"fchmodat"
}
expect {
timeout {puts "TESTING ERROR 0.6\n";exit}
"RETURN_ALLOW"
}
expect {
timeout {puts "TESTING ERROR 0.7\n";exit}
"Child process initialized"
}
sleep 2
send -- "exit\r"
sleep 3
puts "\n"
send -- "firejail --debug --seccomp.drop=chmod,fchmod,fchmodat --private\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"VALIDATE_ARCHITECTURE"
}
expect {
timeout {puts "TESTING ERROR 1.1\n";exit}
"mount" {puts "TESTING ERROR 1.2\n";exit}
"ptrace" {puts "TESTING ERROR 1.3\n";exit}
"chmod"
}
expect {
timeout {puts "TESTING ERROR 1.4\n";exit}
"fchmod"
}
expect {
timeout {puts "TESTING ERROR 1.5\n";exit}
"fchmodat"
}
expect {
timeout {puts "TESTING ERROR 1.6\n";exit}
"RETURN_ALLOW"
}
expect {
timeout {puts "TESTING ERROR 1.7\n";exit}
"Child process initialized"
}
sleep 2
send -- "exit\r"
puts "\n"
sleep 2
send -- "firejail --debug --profile=seccomp.profile --private\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"VALIDATE_ARCHITECTURE"
}
expect {
timeout {puts "TESTING ERROR 2.1\n";exit}
"mount"
}
expect {
timeout {puts "TESTING ERROR 2.2\n";exit}
"ptrace"
}
expect {
timeout {puts "TESTING ERROR 2.3\n";exit}
"chmod"
}
expect {
timeout {puts "TESTING ERROR 2.4\n";exit}
"fchmod"
}
expect {
timeout {puts "TESTING ERROR 2.5\n";exit}
"fchmodat"
}
expect {
timeout {puts "TESTING ERROR 2.6\n";exit}
"RETURN_ALLOW"
}
expect {
timeout {puts "TESTING ERROR 2.7\n";exit}
"Child process initialized"
}
sleep 2
send -- "exit\r"
sleep 3
puts "\n"
send -- "firejail --debug --profile=seccomp-empty.profile --private\r"
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"VALIDATE_ARCHITECTURE"
}
expect {
timeout {puts "TESTING ERROR 3.1\n";exit}
"mount" {puts "TESTING ERROR 3.2\n";exit}
"ptrace" {puts "TESTING ERROR 3.3\n";exit}
"chmod"
}
expect {
timeout {puts "TESTING ERROR 3.4\n";exit}
"fchmod"
}
expect {
timeout {puts "TESTING ERROR 3.5\n";exit}
"fchmodat"
}
expect {
timeout {puts "TESTING ERROR 3.6\n";exit}
"RETURN_ALLOW"
}
expect {
timeout {puts "TESTING ERROR 3.7\n";exit}
"Child process initialized"
}
sleep 2
send -- "exit\r"
puts "\n"

1
test/seccomp-empty.profile
View file

@ -1 +0,0 @@
seccomp.drop chmod,fchmod,fchmodat

87
test/seccomp-errno.exp
View file

@ -1,87 +0,0 @@
#!/usr/bin/expect -f
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "touch seccomp-test-file\r"
sleep 1
send -- "firejail --seccomp.enoent=unlinkat rm seccomp-test-file\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"No such file or directory"
}
sleep 1
send -- "firejail --seccomp.enoent=unlinkat --debug rm seccomp-test-file\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"unlinkat 2 ENOENT"
}
sleep 1
send -- "firejail --seccomp.enoent=unlinkat,mkdir\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"Child process initialized"
}
sleep 1
send -- "rm seccomp-test-file\r"
expect {
timeout {puts "TESTING ERROR 3\n";exit}
"No such file or directory"
}
after 100
puts "\n"
send -- "mkdir seccomp-test-dir\r"
expect {
timeout {puts "TESTING ERROR 4\n";exit}
"No such file or directory"
}
after 100
puts "\n"
send -- "exit\r"
sleep 1
send -- "firejail --seccomp.enoent=unlinkat --seccomp.enoent=mkdir\r"
expect {
timeout {puts "TESTING ERROR 5\n";exit}
"errno enoent already configured"
}
sleep 1
send -- "firejail --seccomp.enoent=unlinkat --seccomp.eperm=mkdir\r"
expect {
timeout {puts "TESTING ERROR 6\n";exit}
"Child process initialized"
}
sleep 1
send -- "rm seccomp-test-file\r"
expect {
timeout {puts "TESTING ERROR 7\n";exit}
"No such file or directory"
}
after 100
puts "\n"
send -- "mkdir seccomp-test-dir\r"
expect {
timeout {puts "TESTING ERROR 8\n";exit}
"Operation not permitted"
}
after 100
puts "\n"
send -- "exit\r"
sleep 1
send -- "rm seccomp-test-file\r"
sleep 1
puts "all done\n"

23
test/seccomp-ptrace.exp
View file

@ -1,23 +0,0 @@
#!/usr/bin/expect -f
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --noprofile --seccomp\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"Child process initialized"
}
sleep 2
send -- "strace ls\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"Bad system call" {puts "version 1\n";}
" unexpected signal 31" {puts "version 2\n"}
}
send -- "exit\r"
sleep 1
puts "all done\n"

34
test/seccomp-su.exp
View file

@ -1,34 +0,0 @@
#!/usr/bin/expect -f
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "firejail --noprofile --seccomp\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"Child process initialized"
}
sleep 2
send -- "sudo su -\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"effective uid is not 0"
}
send -- "sudo ls\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"effective uid is not 0"
}
send -- "ping google.com\r"
expect {
timeout {puts "TESTING ERROR 2\n";exit}
"Operation not permitted"
}
send -- "exit\r"
sleep 1
puts "all done\n"

28
test/seccomp-umount.exp
View file

@ -1,28 +0,0 @@
#!/usr/bin/expect -f
set timeout 10
spawn $env(SHELL)
match_max 100000
send -- "sudo ls; sudo whoami; sudo pwd\r"
expect {
timeout {puts "TESTING ERROR: you need to root run this test as root\n";exit}
"root"
}
send -- "firejail --net=br0 --ip=10.10.20.5 --seccomp --noprofile\r"
expect {
timeout {puts "TESTING ERROR 0\n";exit}
"Child process initialized"
}
sleep 2
send -- "umount /proc\r"
expect {
timeout {puts "TESTING ERROR 1\n";exit}
"Bad system call"
}
send -- "exit\r"
sleep 1
puts "\n"