From bb5b4077e6f3549b35e8b420d882717141c069b9 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 11 Nov 2016 12:52:05 -0500 Subject: [PATCH] hidepid part 5 --- Makefile.in | 1 + test/apps-x11-xorg/firefox.exp | 1 + test/apps-x11-xorg/icedove.exp | 1 + test/apps-x11-xorg/transmission-gtk.exp | 1 + test/apps-x11/chromium.exp | 1 + test/apps-x11/firefox.exp | 1 + test/apps-x11/icedove.exp | 1 + test/apps-x11/transmission-gtk.exp | 1 + test/apps-x11/xterm.exp | 1 + test/apps/chromium.exp | 1 + test/apps/deluge.exp | 1 + test/apps/evince.exp | 1 + test/apps/fbreader.exp | 1 + test/apps/filezilla.exp | 1 + test/apps/firefox.exp | 1 + test/apps/gnome-mplayer.exp | 1 + test/apps/gthumb.exp | 1 + test/apps/hexchat.exp | 1 + test/apps/icedove.exp | 1 + test/apps/midori.exp | 1 + test/apps/opera.exp | 1 + test/apps/qbittorrent.exp | 1 + test/apps/transmission-gtk.exp | 1 + test/apps/transmission-qt.exp | 1 + test/apps/uget-gtk.exp | 1 + test/apps/vlc.exp | 1 + test/apps/xchat.exp | 1 + test/utils/{caps.exp => firemon-caps.exp} | 1 + test/utils/firemon-cgroup.exp | 1 + test/utils/firemon-cpu.exp | 1 + test/utils/{seccomp.exp => firemon-seccomp.exp} | 1 + test/utils/utils.sh | 12 ++++++------ todo | 1 + 33 files changed, 38 insertions(+), 6 deletions(-) rename test/utils/{caps.exp => firemon-caps.exp} (96%) rename test/utils/{seccomp.exp => firemon-seccomp.exp} (91%) diff --git a/Makefile.in b/Makefile.in index 03b6befbe..6ea9e897f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -251,3 +251,4 @@ test-root: test-overlay: cd test/overlay; ./overlay.sh | grep TESTING +# mount -o remount,rw,hidepid=2 /proc diff --git a/test/apps-x11-xorg/firefox.exp b/test/apps-x11-xorg/firefox.exp index 5231bf8ed..66b82fe92 100755 --- a/test/apps-x11-xorg/firefox.exp +++ b/test/apps-x11-xorg/firefox.exp @@ -44,6 +44,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} " firefox" {puts "firefox detected\n";} " iceweasel" {puts "iceweasel detected\n";} } diff --git a/test/apps-x11-xorg/icedove.exp b/test/apps-x11-xorg/icedove.exp index f676264ed..667c2259f 100755 --- a/test/apps-x11-xorg/icedove.exp +++ b/test/apps-x11-xorg/icedove.exp @@ -41,6 +41,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail" } expect { diff --git a/test/apps-x11-xorg/transmission-gtk.exp b/test/apps-x11-xorg/transmission-gtk.exp index a91a1be08..c52cb5b3a 100755 --- a/test/apps-x11-xorg/transmission-gtk.exp +++ b/test/apps-x11-xorg/transmission-gtk.exp @@ -41,6 +41,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail" } expect { diff --git a/test/apps-x11/chromium.exp b/test/apps-x11/chromium.exp index 38c932aca..2505c0c37 100755 --- a/test/apps-x11/chromium.exp +++ b/test/apps-x11/chromium.exp @@ -40,6 +40,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail" } expect { diff --git a/test/apps-x11/firefox.exp b/test/apps-x11/firefox.exp index e82fc6e72..6a50c8884 100755 --- a/test/apps-x11/firefox.exp +++ b/test/apps-x11/firefox.exp @@ -44,6 +44,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} " firefox" {puts "firefox detected\n";} " iceweasel" {puts "iceweasel detected\n";} } diff --git a/test/apps-x11/icedove.exp b/test/apps-x11/icedove.exp index a07344f36..e306e33ce 100755 --- a/test/apps-x11/icedove.exp +++ b/test/apps-x11/icedove.exp @@ -41,6 +41,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail" } expect { diff --git a/test/apps-x11/transmission-gtk.exp b/test/apps-x11/transmission-gtk.exp index 6391a3717..4083a121f 100755 --- a/test/apps-x11/transmission-gtk.exp +++ b/test/apps-x11/transmission-gtk.exp @@ -41,6 +41,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail" } expect { diff --git a/test/apps-x11/xterm.exp b/test/apps-x11/xterm.exp index 7d61da542..4fa5ddf0c 100755 --- a/test/apps-x11/xterm.exp +++ b/test/apps-x11/xterm.exp @@ -41,6 +41,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail" } expect { diff --git a/test/apps/chromium.exp b/test/apps/chromium.exp index c01f9a54d..d43f70f8e 100755 --- a/test/apps/chromium.exp +++ b/test/apps/chromium.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail chromium" } expect { diff --git a/test/apps/deluge.exp b/test/apps/deluge.exp index df7899b51..0bf1baae2 100755 --- a/test/apps/deluge.exp +++ b/test/apps/deluge.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail deluge" } expect { diff --git a/test/apps/evince.exp b/test/apps/evince.exp index 0c1efcf59..71f760a9c 100755 --- a/test/apps/evince.exp +++ b/test/apps/evince.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail evince" } expect { diff --git a/test/apps/fbreader.exp b/test/apps/fbreader.exp index 30fbb1a77..99c48d87c 100755 --- a/test/apps/fbreader.exp +++ b/test/apps/fbreader.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail fbreader" } expect { diff --git a/test/apps/filezilla.exp b/test/apps/filezilla.exp index 1533eae69..2f7038184 100755 --- a/test/apps/filezilla.exp +++ b/test/apps/filezilla.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail filezilla" } expect { diff --git a/test/apps/firefox.exp b/test/apps/firefox.exp index 64a733f98..5745d9270 100755 --- a/test/apps/firefox.exp +++ b/test/apps/firefox.exp @@ -55,6 +55,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} " firefox" {puts "firefox detected\n";} " iceweasel" {puts "iceweasel detected\n";} } diff --git a/test/apps/gnome-mplayer.exp b/test/apps/gnome-mplayer.exp index aa0ef44fb..6f0e5a312 100755 --- a/test/apps/gnome-mplayer.exp +++ b/test/apps/gnome-mplayer.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail gnome-mplayer" } expect { diff --git a/test/apps/gthumb.exp b/test/apps/gthumb.exp index 8dcd2fcd0..13132cef6 100755 --- a/test/apps/gthumb.exp +++ b/test/apps/gthumb.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail gthumb" } expect { diff --git a/test/apps/hexchat.exp b/test/apps/hexchat.exp index a66cc52cc..5d0bc1093 100755 --- a/test/apps/hexchat.exp +++ b/test/apps/hexchat.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} "hexchat" } expect { diff --git a/test/apps/icedove.exp b/test/apps/icedove.exp index 667f6745d..c0fbd9fc8 100755 --- a/test/apps/icedove.exp +++ b/test/apps/icedove.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail icedove" } expect { diff --git a/test/apps/midori.exp b/test/apps/midori.exp index fdd47954c..45d70eda1 100755 --- a/test/apps/midori.exp +++ b/test/apps/midori.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail midori" } expect { diff --git a/test/apps/opera.exp b/test/apps/opera.exp index b94c9dbbd..036fc2e21 100755 --- a/test/apps/opera.exp +++ b/test/apps/opera.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail opera" } expect { diff --git a/test/apps/qbittorrent.exp b/test/apps/qbittorrent.exp index ee4044a84..8bc6d8564 100755 --- a/test/apps/qbittorrent.exp +++ b/test/apps/qbittorrent.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail qbittorrent" } expect { diff --git a/test/apps/transmission-gtk.exp b/test/apps/transmission-gtk.exp index 33f4ef963..70700d523 100755 --- a/test/apps/transmission-gtk.exp +++ b/test/apps/transmission-gtk.exp @@ -44,6 +44,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail transmission-gtk" } expect { diff --git a/test/apps/transmission-qt.exp b/test/apps/transmission-qt.exp index 991742106..3773b1dc2 100755 --- a/test/apps/transmission-qt.exp +++ b/test/apps/transmission-qt.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail transmission-qt" } expect { diff --git a/test/apps/uget-gtk.exp b/test/apps/uget-gtk.exp index 1511a07af..22c2a0831 100755 --- a/test/apps/uget-gtk.exp +++ b/test/apps/uget-gtk.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail uget-gtk" } expect { diff --git a/test/apps/vlc.exp b/test/apps/vlc.exp index f0903c170..b94ef8e12 100755 --- a/test/apps/vlc.exp +++ b/test/apps/vlc.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} ":firejail vlc" } expect { diff --git a/test/apps/xchat.exp b/test/apps/xchat.exp index 206397f3e..f3284caf7 100755 --- a/test/apps/xchat.exp +++ b/test/apps/xchat.exp @@ -49,6 +49,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 5\n";exit} + "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit} " xchat" } expect { diff --git a/test/utils/caps.exp b/test/utils/firemon-caps.exp similarity index 96% rename from test/utils/caps.exp rename to test/utils/firemon-caps.exp index ab1067921..76aa13725 100755 --- a/test/utils/caps.exp +++ b/test/utils/firemon-caps.exp @@ -66,6 +66,7 @@ spawn $env(SHELL) send -- "firemon --caps\r" expect { timeout {puts "TESTING ERROR 8.1\n";exit} + "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} "bingo1" } expect { diff --git a/test/utils/firemon-cgroup.exp b/test/utils/firemon-cgroup.exp index 3cd4f5a03..b1ab083ae 100755 --- a/test/utils/firemon-cgroup.exp +++ b/test/utils/firemon-cgroup.exp @@ -27,6 +27,7 @@ send -- "firemon --cgroup\r" sleep 4 expect { timeout {puts "TESTING ERROR 2\n";exit} + "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} "name=test1" } expect { diff --git a/test/utils/firemon-cpu.exp b/test/utils/firemon-cpu.exp index 22e44512c..f2ecd4a5c 100755 --- a/test/utils/firemon-cpu.exp +++ b/test/utils/firemon-cpu.exp @@ -27,6 +27,7 @@ send -- "firemon --cpu\r" sleep 4 expect { timeout {puts "TESTING ERROR 2\n";exit} + "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} "name=test1" } expect { diff --git a/test/utils/seccomp.exp b/test/utils/firemon-seccomp.exp similarity index 91% rename from test/utils/seccomp.exp rename to test/utils/firemon-seccomp.exp index c9726ff21..26c478344 100755 --- a/test/utils/seccomp.exp +++ b/test/utils/firemon-seccomp.exp @@ -29,6 +29,7 @@ spawn $env(SHELL) send -- "firemon --seccomp\r" expect { timeout {puts "TESTING ERROR 1\n";exit} + "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit} "bingo1" } expect { diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 557f2c961..7b0ab1096 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh @@ -82,18 +82,18 @@ rm -f index.html* ./trace.exp rm -f index.html* -echo "TESTING: firemon --seccomp (test/utils/seccomp.exp)" -./seccomp.exp - -echo "TESTING: firemon --caps (test/utils/caps.exp)" -./caps.exp - echo "TESTING: top (test/utils/top.exp)" ./top.exp echo "TESTING: file transfer (test/utils/ls.exp)" ./ls.exp +echo "TESTING: firemon --seccomp (test/utils/firemon-seccomp.exp)" +./firemon-seccomp.exp + +echo "TESTING: firemon --caps (test/utils/firemon-caps.exp)" +./firemon-caps.exp + echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)" ./firemon-cpu.exp diff --git a/todo b/todo index ddf886fcd..253704fcf 100644 --- a/todo +++ b/todo @@ -284,5 +284,6 @@ removable media, partitions, software RAID volumes, logical volumes, and files. free(dbus_path); } +29. grsecurity - move test after "firejail --name=blablabla" in /test/apps*