testing

Makefile.in

@@ -266,6 +266,10 @@ test-appimage:
 test-network:
  cd test/network; ./network.sh | grep TESTING
 
+# requires the same setup as test-network
+test-stress:
+ cd test/stress; ./stress.sh | grep TESTING
+
 # Tesets running a root user
 test-root:
  cd test/root; su -c ./root.sh | grep TESTING

gcov.sh

@@ -45,6 +45,10 @@ make test-network
 generate
 sleep 2
 
+make test-stress
+generate
+sleep 2
+
 make test-appimage
 generate
 sleep 2

test/stress/blacklist.exp

@@ -0,0 +1,60 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2017 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+set MAXi 100
+
+# blacklist testing
+set i 1
+send -- "firejail --profile=blacklist.profile\r"
+expect {
+ timeout {puts "TESTING ERROR 1\n";exit}
+ "Child process initialized"
+}
+
+while { $i <= $MAXi } {
+ send -- "cat ~/fj-stress-test/testfile$i\r"
+ expect {
+ timeout {puts "TESTING ERROR 1\n";exit}
+ "denied"
+ }
+ incr i
+ after 100
+}
+after 100
+
+send -- "exit\r"
+sleep 1
+
+# noblacklist testing
+set i 1
+send -- "firejail --profile=noblacklist.profile\r"
+expect {
+ timeout {puts "TESTING ERROR 1\n";exit}
+ "Child process initialized"
+}
+
+while { $i <= $MAXi } {
+ send -- "cat ~/fj-stress-test/testfile$i\r"
+ expect {
+ timeout {puts "TESTING ERROR 1\n";exit}
+ "hello"
+ }
+ incr i
+ after 100
+}
+after 100
+
+send -- "exit\r"
+sleep 1
+
+
+
+after 100
+puts "\nall done\n"
+

test/stress/env.exp

@@ -0,0 +1,31 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2017 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+# env testing
+send -- "firejail --profile=env.profile\r"
+expect {
+ timeout {puts "TESTING ERROR 1\n";exit}
+ "Child process initialized"
+}
+
+send -- "env | grep FJSTRESS77\r"
+expect {
+ timeout {puts "TESTING ERROR 2\n";exit}
+ "FJSTRESS77=stress"
+}
+
+send -- "env | grep FJSTRESS | wc -l\r"
+expect {
+ timeout {puts "TESTING ERROR 3\n";exit}
+ "100"
+}
+
+send -- "exit\r"
+after 100
+puts "\nall done\n"

test/stress/net_macvlan.exp

@@ -7,19 +7,9 @@ set timeout 10
 spawn $env(SHELL)
 match_max 100000
 
-# check the existing address
-spawn $env(SHELL)
-send -- "firejail --net=eth0 --ip=192.168.1.60\r"
-expect {
- timeout {puts "TESTING ERROR 1.1\n";puts "Please open a sandbox on 192.168.1.60\n";exit}
- "192.168.1.60 is interface eth0 address"
-}
-
-
-
-# grab 30 ip addresses
-set MAXi 229
-set i 200
+# grab 10 ip addresses
+set MAXi 210
+set i 201
 while { $i <= $MAXi } {
  spawn $env(SHELL)
  send -- "firejail --net=eth0 --ip=192.168.1.$i\r"
@@ -32,62 +22,31 @@ while { $i <= $MAXi } {
 }
 
 
-# check an existing address
-spawn $env(SHELL)
-send -- "firejail --net=eth0 --ip=192.168.1.200\r"
-expect {
- timeout {puts "TESTING ERROR 1\n";exit}
- "the address 192.168.1.200 is already in use"
-}
-
-
-set MAXi 254
-set i 2
+# grab 10 more
+set MAXi 210
+set i 201
 while { $i <= $MAXi } {
  spawn $env(SHELL)
- send -- "firejail --net=eth0\r"
+ send -- "firejail --net=eth0 --iprange=192.168.1.201,192.168.1.220\r"
  expect {
- timeout {puts "TESTING ERROR 2.1\n";exit}
- "192.168.1.60" {puts "TESTING ERROR 2.2\n";exit}
- "192.168.1.200" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.201" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.202" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.203" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.204" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.205" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.206" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.207" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.208" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.209" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.210" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.211" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.212" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.213" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.214" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.215" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.216" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.217" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.218" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.219" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.220" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.221" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.222" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.223" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.224" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.225" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.226" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.227" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.228" {puts "TESTING ERROR 3\n";exit}
- "192.168.1.229" {puts "TESTING ERROR 3\n";exit}
+ timeout {puts "TESTING ERROR 2\n";exit}
  "Child process initialized"
  }
  puts "************ $i ******************\n"
  incr i
  after 100
-# sleep 1
 }
-send -- "exit\r"
-after 100
 
-puts "\n"
+# the next one should fail, all 20 addresses are in use
+spawn $env(SHELL)
+send -- "firejail --debug --net=eth0 --iprange=192.168.1.201,192.168.1.220\r"
+expect {
+ timeout {puts "TESTING ERROR 3\n";exit}
+ "cannot assign an IP address"
+}
+
+
+
+after 100
+puts "\nall done\n"
 

test/stress/stress.sh

@@ -6,6 +6,35 @@
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 
-echo "TESTING: macvlan (net_macvlan.exp)"
+
+# blacklist testing
+rm -fr ~/fj-stress-test
+mkdir ~/fj-stress-test
+rm blacklist.profile
+rm noblacklist.profile
+rm env.profile
+for i in `seq 1 100`;
+do
+ echo $i
+ echo "hello" > ~/fj-stress-test/testfile$i
+ echo "blacklist ~/fj-stress-test/testfile$i" >> blacklist.profile
+ echo "noblacklist ~/fj-stress-test/testfile$i" >> noblacklist.profile
+ echo "env FJSTRESS$i=stress" >> env.profile
+done
+echo "include blacklist.profile" >> noblacklist.profile
+
+echo "TESTING: stress blacklist/noblacklist (/test/stress/blacklist.exp)"
+./blacklist.exp
+
+echo "TESTING: stress env (/test/stress/env.exp)"
+./env.exp
+
+rm -fr ~/fj-stress-test
+rm blacklist.profile
+rm noblacklist.profile
+rm env.profile
+
+# network arp testing
+echo "TESTING: macvlan (test/stress/net_macvlan.exp)"
 ./net_macvlan.exp