testing

2026-05-15 22:01:33 -06:00 · 2023-03-08 17:09:17 -05:00 · 2023-03-08 17:09:17 -05:00 · aa0194eae7
commit aa0194eae7
parent acf8efb878
10 changed files with 66 additions and 213 deletions
--- a/test/capabilities/capabilities.sh
+++ b/test/capabilities/capabilities.sh
@ -21,3 +21,6 @@ echo "TESTING: capabilities print (test/filters/caps-print.exp)"
 echo "TESTING: capabilities join (test/filters/caps-join.exp)"
 ./caps-join.exp

+echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
+./firemon-caps.exp
+
--- a/test/capabilities/caps-join.exp
+++ b/test/capabilities/caps-join.exp
@ -35,7 +35,7 @@ sleep 1

 set spawn_id $id1
 send -- "exit\r"
-after 100
+sleep 1

 #
 # no caps
@ -67,7 +67,7 @@ sleep 1

 set spawn_id $id1
 send -- "exit\r"
-after 100
+after 500

 #
 # no caps
@ -91,6 +91,6 @@ sleep 1

 set spawn_id $id1
 send -- "exit\r"
-after 100
+after 500

 puts "all done\n"
--- a/test/capabilities/caps-print.exp
+++ b/test/capabilities/caps-print.exp
@ -68,7 +68,7 @@ expect {
 	timeout {puts "TESTING ERROR 13\n";exit}
 	"syslog              - disabled"
 }
-after 100
+after 500

 send -- "firejail --debug-caps\r"
 expect {
@ -87,7 +87,7 @@ expect {
 	timeout {puts "TESTING ERROR 9\n";exit}
 	"24	- sys_resource"
 }
-after 100
+after 500

 send -- "firejail --caps.keep=\"bla bla bla\"\r"
 expect {
@ -99,5 +99,5 @@ expect {
 	"not found"
 }

-after 100
+after 500
 puts "\nall done\n"
--- a/test/capabilities/caps.exp
+++ b/test/capabilities/caps.exp
@ -7,14 +7,11 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000

-send -- "firejail --caps.keep=chown,fowner --noprofile\r"
+send -- "firejail --caps.keep=chown,fowner --noprofile cat /proc/self/status\r"
 expect {
 	timeout {puts "TESTING ERROR 1\n";exit}
 	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-after 100
-
-send -- "cat /proc/self/status\r"
 expect {
 	timeout {puts "TESTING ERROR 2\n";exit}
 	"CapBnd:	0000000000000009"
@ -23,17 +20,13 @@ expect {
 	timeout {puts "TESTING ERROR 3\n";exit}
 	"Seccomp:"
 }
-send -- "exit\r"
-sleep 1
+after 500

-send -- "firejail --caps.drop=all --noprofile\r"
+send -- "firejail --caps.drop=all --noprofile cat /proc/self/status\r"
 expect {
 	timeout {puts "TESTING ERROR 4\n";exit}
 	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-after 100
-
-send -- "cat /proc/self/status\r"
 expect {
 	timeout {puts "TESTING ERROR 5\n";exit}
 	"CapBnd:	0000000000000000"
@ -42,17 +35,13 @@ expect {
 	timeout {puts "TESTING ERROR 6\n";exit}
 	"Seccomp:"
 }
-send -- "exit\r"
-sleep 1
+after 500

-send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
+send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile cat /proc/self/status\r"
 expect {
 	timeout {puts "TESTING ERROR 7\n";exit}
 	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-after 100
-
-send -- "cat /proc/self/status\r"
 expect {
 	timeout {puts "TESTING ERROR 8\n";exit}
 	"CapBnd:"
@ -65,11 +54,9 @@ expect {
 	timeout {puts "TESTING ERROR 10\n";exit}
 	"Seccomp:"
 }
-send -- "exit\r"
-sleep 1
+after 500

-
-send -- "firejail --profile=caps1.profile --debug\r"
+send -- "firejail --profile=caps1.profile --debug ls\r"
 expect {
 	timeout {puts "TESTING ERROR 11\n";exit}
 	"Drop CAP_SYS_MODULE"
@ -83,10 +70,7 @@ expect {
 	"Drop CAP_" {puts "TESTING ERROR 14\n";exit}
 	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-after 100
-send -- "exit\r"
-sleep 1
-
+after 500

 ## tofix: possible problem with caps.keep in profile files
 ##send -- "firejail --caps.keep=chown,fowner --noprofile\r"
@ -110,14 +94,11 @@ sleep 1
 #sleep 1

 #send -- "firejail --caps.drop=chown,dac_override,dac_read_search,fowner --noprofile\r"
-send -- "firejail --profile=caps3.profile\r"
+send -- "firejail --profile=caps3.profile cat /proc/self/status\r"
 expect {
 	timeout {puts "TESTING ERROR 18\n";exit}
 	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
 }
-after 100
-
-send -- "cat /proc/self/status\r"
 expect {
 	timeout {puts "TESTING ERROR 19\n";exit}
 	"CapBnd:"
@ -130,10 +111,5 @@ expect {
 	timeout {puts "TESTING ERROR 21\n";exit}
 	"Seccomp:"
 }
-send -- "exit\r"
-sleep 1
-
-
-
-after 100
+after 500
 puts "\nall done\n"
--- a/test/capabilities/firemon-caps.exp
+++ b/test/capabilities/firemon-caps.exp
@ -0,0 +1,47 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2023 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --name=bingo1 --noprofile --caps\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 1
+
+spawn $env(SHELL)
+send --  "firejail --name=bingo2 --noprofile\r"
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+sleep 1
+
+spawn $env(SHELL)
+send -- "firemon --caps\r"
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
+	"bingo1"
+}
+expect {
+	timeout {puts "TESTING ERROR 3\n";exit}
+	"31cffff"
+}
+expect {
+	timeout {puts "TESTING ERROR 4\n";exit}
+	"bingo2"
+}
+expect {
+	timeout {puts "TESTING ERROR 5\n";exit}
+	"fffffff"
+}
+
+after 500
+
+puts "all done\n"
--- a/test/utils/caps-print.exp
+++ b/test/utils/caps-print.exp
@ -1,32 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2023 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send -- "firejail --name=test\r"
-expect {
-	timeout {puts "TESTING ERROR 0\n";exit}
-	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 2
-
-spawn $env(SHELL)
-send -- "firejail --caps.print=test\r"
-expect {
-	timeout {puts "TESTING ERROR 1\n";exit}
-	"setgid              - disabled"
-}
-expect {
-	timeout {puts "TESTING ERROR 2\n";exit}
-	"setuid              - disabled"
-}
-expect {
-	timeout {puts "TESTING ERROR 3\n";exit}
-	"net_raw             - disabled"
-}
-after 100
-puts "\nall done\n"
--- a/test/utils/caps1.profile
+++ b/test/utils/caps1.profile
@ -1 +0,0 @@
-caps.drop chown,kill
--- a/test/utils/caps2.profile
+++ b/test/utils/caps2.profile
@ -1 +0,0 @@
-caps.keep chown,kill
--- a/test/utils/firemon-caps.exp
+++ b/test/utils/firemon-caps.exp
@ -1,129 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2023 Firejail Authors
-# License GPL v2
-
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-
-send --  "firejail --name=bingo1 --noprofile --caps\r"
-expect {
-	timeout {puts "TESTING ERROR 0\n";exit}
-	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-
-spawn $env(SHELL)
-send --  "firejail --name=bingo2 --noprofile\r"
-expect {
-	timeout {puts "TESTING ERROR 1\n";exit}
-	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-
-spawn $env(SHELL)
-send --  "firejail --name=bingo3 --noprofile --caps.drop=all\r"
-expect {
-	timeout {puts "TESTING ERROR 2\n";exit}
-	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-
-spawn $env(SHELL)
-send --  "firejail --noprofile --name=bingo4 --caps.drop=chown,kill\r"
-expect {
-	timeout {puts "TESTING ERROR 3\n";exit}
-	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-
-spawn $env(SHELL)
-send --  "firejail --noprofile --name=bingo5 --caps.keep=chown,kill\r"
-expect {
-	timeout {puts "TESTING ERROR 4\n";exit}
-	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-
-spawn $env(SHELL)
-send --  "firejail --name=bingo6 --profile=caps1.profile\r"
-expect {
-	timeout {puts "TESTING ERROR 5\n";exit}
-	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-
-spawn $env(SHELL)
-send --  "firejail --name=bingo7 --profile=caps2.profile\r"
-expect {
-	timeout {puts "TESTING ERROR 0\n";exit}
-	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-sleep 1
-
-spawn $env(SHELL)
-send -- "firemon --caps\r"
-expect {
-	timeout {puts "TESTING ERROR 8.1\n";exit}
-	"need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
-	"bingo1"
-}
-expect {
-	timeout {puts "TESTING ERROR 8.2\n";exit}
-	"31cffff"
-}
-expect {
-	timeout {puts "TESTING ERROR 8.3\n";exit}
-	"bingo2"
-}
-expect {
-	timeout {puts "TESTING ERROR 8.4\n";exit}
-	"fffffff"
-}
-expect {
-	timeout {puts "TESTING ERROR 8.5\n";exit}
-	"bingo3"
-}
-expect {
-	timeout {puts "TESTING ERROR 8.6\n";exit}
-	"000000000000"
-}
-
-expect {
-	timeout {puts "TESTING ERROR 8.7\n";exit}
-	"bingo4"
-}
-expect {
-	timeout {puts "TESTING ERROR 8.8\n";exit}
-	"ffffffde"
-}
-expect {
-	timeout {puts "TESTING ERROR 8.9\n";exit}
-	"bingo5"
-}
-expect {
-	timeout {puts "TESTING ERROR 8.10\n";exit}
-	"0000000000000021"
-}
-
-expect {
-	timeout {puts "TESTING ERROR 8.11\n";exit}
-	"bingo6"
-}
-expect {
-	timeout {puts "TESTING ERROR 8.12\n";exit}
-	"ffffffde"
-}
-expect {
-	timeout {puts "TESTING ERROR 8.13\n";exit}
-	"bingo7"
-}
-expect {
-	timeout {puts "TESTING ERROR 8.14\n";exit}
-	"0000000000000021"
-}
-
-after 100
-
-puts "all done\n"
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@ -61,9 +61,6 @@ echo "TESTING: fs.print (test/utils/fs-print.exp)"
 echo "TESTING: dns.print (test/utils/dns-print.exp)"
 ./dns-print.exp

-echo "TESTING: caps.print (test/utils/caps-print.exp)"
-./caps-print.exp
-
 echo "TESTING: seccomp.print (test/utils/seccomp-print.exp)"
 ./seccomp-print.exp

@ -112,13 +109,6 @@ else
 	echo "TESTING SKIP: seccomp already active (test/utils/firemon-seccomp.exp)"
 fi

-if grep -q "^CapBnd:\\s0000003fffffffff" /proc/self/status; then
-	echo "TESTING: firemon caps (test/utils/firemon-caps.exp)"
-	./firemon-caps.exp
-else
-	echo "TESTING SKIP: other capabilities than expected (test/utils/firemon-caps.exp)"
-fi
-
 echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"
 ./firemon-cpu.exp