firejail/test/fs/whitelist-dev.exp

#!/usr/bin/expect -f
# This file is part of Firejail project
# Copyright (C) 2014-2026 Firejail Authors
# License GPL v2

set timeout 10
spawn $env(SHELL)
match_max 100000

send -- "firejail --whitelist=/dev/null\r"
expect {
	timeout {puts "TESTING ERROR 0\n";exit}
	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
}
sleep 1

send -- "ls /dev | wc -l\r"
expect {
	timeout {puts "TESTING ERROR 1\n";exit}
	"1"
}
after 100
send -- "exit\r"
sleep 1

send -- "firejail --whitelist=/dev/null --whitelist=/dev/random\r"
expect {
	timeout {puts "TESTING ERROR 2\n";exit}
	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
}
sleep 1

send -- "ls /dev | wc -l\r"
expect {
	timeout {puts "TESTING ERROR 3\n";exit}
	"2"
}
after 100
send -- "exit\r"
sleep 1

send -- "firejail --private-dev\r"
expect {
	timeout {puts "TESTING ERROR 4\n";exit}
	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
}
sleep 1

send -- "ls /dev | wc -l\r"
expect {
	timeout {puts "TESTING ERROR 5\n";exit}
	"10" {puts "OK\n"}
	"11" {puts "OK\n"}
	"12" {puts "OK\n"}
	"13" {puts "OK\n"}
	"14" {puts "OK\n"}
	"15" {puts "OK\n"}
	"16" {puts "OK\n"}
	"17" {puts "OK\n"}
	"18" {puts "OK\n"}
	"19" {puts "OK\n"}
	"20" {puts "OK\n"}
	"21" {puts "OK\n"}
	"22" {puts "OK\n"}
	"23" {puts "OK\n"}
	"24" {puts "OK\n"}
}
after 100

set have_dvd 0
send -- "ls -l /dev\r"
expect {
	"dvd" {set have_dvd 1}
}
after 100


set have_dri 0
send -- "ls -l /dev\r"
expect {
	"dri" {set have_dri 1}
}
after 100

set have_snd 0
send -- "ls -l /dev\r"
expect {
	"snd" {set have_snd 1}
}
after 100

send -- "exit\r"
sleep 1

if { $have_snd > 0 } {
	puts "TESTING --private-dev --nosound\n"
	send -- "firejail --private-dev --nosound ls /dev\r"
	expect {
		timeout {puts "TESTING ERROR 7\n";exit}
		-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	}
	expect {
		timeout {puts "TESTING ERROR 8\n";exit}
		"snd" {puts "TESTING ERROR 9\n";exit}
		"Parent is shutting down"
	}
	after 100
} else {
	puts "TESTING skip --private-dev --nosound, no /dev/snd device available\n"
}

if { $have_dvd > 0 } {
	puts "TESTING --private-dev --nodvd\n"
	send -- "firejail --private-dev --nodvd ls /dev\r"
	expect {
		timeout {puts "TESTING ERROR 10\n";exit}
		-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	}
	expect {
		timeout {puts "TESTING ERROR 11\n";exit}
		"dvd" {puts "TESTING ERROR 12\n";exit}
		"cdrom" {puts "TESTING ERROR 13\n";exit}
		"dvdrom" {puts "TESTING ERROR 14\n";exit}
		"cdrw" {puts "TESTING ERROR 15\n";exit}
		"dvdrw" {puts "TESTING ERROR 16\n";exit}
		"Parent is shutting down"
	}
	after 100
} else {
	puts "TESTING skip --private-dev --nodvd, no /dev/dvd device available\n"
}

if { $have_dri > 0 } {
	puts "TESTING --private-dev --no3d\n"
	send -- "firejail --private-dev --no3d ls /dev\r"
	expect {
		timeout {puts "TESTING ERROR 17\n";exit}
		-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
	}
	expect {
		timeout {puts "TESTING ERROR 18\n";exit}
		"dri" {puts "TESTING ERROR 19\n";exit}
		"Parent is shutting down"
	}
	after 100
} else {
	puts "TESTING skip --private-dev --no3d, no /dev/dri device available\n"
}

after 100
puts "\nall done\n"