testing

kmk3 · Mar 31, 2018 · 64699c8 · 64699c8
1 parent 75208ac
commit 64699c8
Show file tree

Hide file tree

Showing 7 changed files with 54 additions and 10 deletions.
diff --git a/Makefile.in b/Makefile.in
@@ -107,6 +107,7 @@ endif
  install -c -m 0755 src/fbuilder/fbuilder $(DESTDIR)/$(libdir)/firejail/.
 ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP)
  install -c -m 0755 src/fsec-print/fsec-print $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 src/fsec-optimize/fsec-optimize $(DESTDIR)/$(libdir)/firejail/.
  install -c -m 0755 src/fseccomp/fseccomp $(DESTDIR)/$(libdir)/firejail/.
  install -c -m 0644 seccomp $(DESTDIR)/$(libdir)/firejail/.
  install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/.

diff --git a/gcov.sh b/gcov.sh
@@ -10,11 +10,18 @@ gcov_init() {
  /usr/lib/firejail/fcopy --help > /dev/null
  /usr/lib/firejail/fldd --help > /dev/null
  firecfg --help > /dev/null
+
+ /usr/lib/firejail/fnetfilter --help > /dev/null
+ /usr/lib/firejail/fsec-print --help > /dev/null
+ /usr/lib/firejail/fsec-optimize --help > /dev/null
+ /usr/lib/firejail/faudit --help > /dev/null
+ /usr/lib/firejail/fbuilder --help > /dev/null
+
  sudo chown $USER:$USER `find .`
 }
 
 generate() {
- lcov -q --capture -d src/firejail -d src/firemon -d  src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new
+ lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new
  lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file
  rm -fr gcov-dir
  genhtml -q gcov-file --output-directory gcov-dir
@@ -25,7 +32,7 @@ generate() {
 
 
 gcov_init
-lcov -q --capture -d src/firejail -d src/firemon -d  src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old
+lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old
 
 #make test-environment
 #generate

diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp
@@ -13,7 +13,7 @@ sleep 1
 send -- "firecfg --clean\r"
 expect {
  timeout {puts "TESTING ERROR 0\n";exit}
- "/usr/local/bin/firefox removed"
+ "less removed"
 }
 sleep 1
 
@@ -30,11 +30,11 @@ sleep 1
 send -- "firecfg\r"
 expect {
  timeout {puts "TESTING ERROR 3\n";exit}
- "firefox created"
+ "less created"
 }
 sleep 1
 
-send -- "file /usr/local/bin/firefox\r"
+send -- "file /usr/local/bin/less\r"
 expect {
  timeout {puts "TESTING ERROR 4\n";exit}
  "symbolic link to /usr/bin/firejail"
@@ -44,7 +44,7 @@ sleep 1
 send -- "firecfg --list\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
- "/usr/local/bin/firefox"
+ "/usr/local/bin/less"
 }
 sleep 1
 

diff --git a/test/root/root.sh b/test/root/root.sh
@@ -110,13 +110,13 @@ echo "TESTING: firemon events (test/root/firemon-events.exp)"
 #********************************
 # firecfg
 #********************************
-which firefox
+which less
 if [ "$?" -eq 0 ];
 then
  echo "TESTING: firecfg (test/root/firecfg.exp)"
  ./firecfg.exp
 else
- echo "TESTING SKIP: firecfg, firefox not found"
+ echo "TESTING SKIP: firecfg, less not found"
 fi
 
 # restore the default config file

diff --git a/test/utils/audit.exp b/test/utils/audit.exp
@@ -76,4 +76,24 @@ expect {
 }
 after 100
 
+# run audit executable without a sandbox
+send -- "faudit\r"
+expect {
+ timeout {puts "TESTING ERROR 13\n";exit}
+ "is not running in a PID namespace"
+}
+expect {
+ timeout {puts "TESTING ERROR 14\n";exit}
+ "BAD: seccomp disabled"
+}
+expect {
+ timeout {puts "TESTING ERROR 15\n";exit}
+ "BAD: the capability map is"
+}
+expect {
+ timeout {puts "TESTING ERROR 16\n";exit}
+ "MAYBE: /dev directory seems to be fully populated"
+}
+after 100
+
 puts "\nall done\n"
diff --git a/test/utils/build.exp b/test/utils/build.exp
@@ -7,7 +7,15 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
 
-send -- "firejail --build ls ~\r"
+send -- "firejail --build cat ~/firejail-test-file-7699\r"
+expect {
+ timeout {puts "TESTING ERROR 0\n";exit}
+ "whitelist ~/firejail-test-file-7699"
+}
+expect {
+ timeout {puts "TESTING ERROR 0.1\n";exit}
+ "include /etc/firejail/whitelist-common.inc"
+}
 expect {
  timeout {puts "TESTING ERROR 1\n";exit}
  "private-tmp"
@@ -22,7 +30,7 @@ expect {
 }
 expect {
  timeout {puts "TESTING ERROR 4\n";exit}
- "private-bin ls,"
+ "private-bin cat,"
 }
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}

diff --git a/test/utils/utils.sh b/test/utils/utils.sh
@@ -6,8 +6,16 @@
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 
+if [ -f /etc/debian_version ]; then
+ libdir=$(dirname "$(dpkg -L firejail | grep faudit)")
+ export PATH="$PATH:$libdir"
+fi
+export PATH="$PATH:/usr/lib/firejail"
+
+echo "testing" > ~/firejail-test-file-7699
 echo "TESTING: build (test/utils/build.exp)"
 ./build.exp
+rm -f ~/firejail-test-file-7699
 
 echo "TESTING: audit (test/utils/audit.exp)"
 ./audit.exp