hidepid part 5

onny · Nov 11, 2016 · bb5b407 · bb5b407
1 parent cffa48d
commit bb5b407
Show file tree

Hide file tree

Showing 33 changed files with 38 additions and 6 deletions.
diff --git a/Makefile.in b/Makefile.in
@@ -251,3 +251,4 @@ test-root:
 test-overlay:
  cd test/overlay; ./overlay.sh | grep TESTING
 
+# mount -o remount,rw,hidepid=2 /proc
diff --git a/test/apps-x11-xorg/firefox.exp b/test/apps-x11-xorg/firefox.exp
@@ -44,6 +44,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  " firefox" {puts "firefox detected\n";}
  " iceweasel" {puts "iceweasel detected\n";}
 }

diff --git a/test/apps-x11-xorg/icedove.exp b/test/apps-x11-xorg/icedove.exp
@@ -41,6 +41,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail"
 }
 expect {

diff --git a/test/apps-x11-xorg/transmission-gtk.exp b/test/apps-x11-xorg/transmission-gtk.exp
@@ -41,6 +41,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail"
 }
 expect {

diff --git a/test/apps-x11/chromium.exp b/test/apps-x11/chromium.exp
@@ -40,6 +40,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail"
 }
 expect {

diff --git a/test/apps-x11/firefox.exp b/test/apps-x11/firefox.exp
@@ -44,6 +44,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  " firefox" {puts "firefox detected\n";}
  " iceweasel" {puts "iceweasel detected\n";}
 }

diff --git a/test/apps-x11/icedove.exp b/test/apps-x11/icedove.exp
@@ -41,6 +41,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail"
 }
 expect {

diff --git a/test/apps-x11/transmission-gtk.exp b/test/apps-x11/transmission-gtk.exp
@@ -41,6 +41,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail"
 }
 expect {

diff --git a/test/apps-x11/xterm.exp b/test/apps-x11/xterm.exp
@@ -41,6 +41,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail"
 }
 expect {

diff --git a/test/apps/chromium.exp b/test/apps/chromium.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail chromium"
 }
 expect {

diff --git a/test/apps/deluge.exp b/test/apps/deluge.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail deluge"
 }
 expect {

diff --git a/test/apps/evince.exp b/test/apps/evince.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail evince"
 }
 expect {

diff --git a/test/apps/fbreader.exp b/test/apps/fbreader.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail fbreader"
 }
 expect {

diff --git a/test/apps/filezilla.exp b/test/apps/filezilla.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail filezilla"
 }
 expect {

diff --git a/test/apps/firefox.exp b/test/apps/firefox.exp
@@ -55,6 +55,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  " firefox" {puts "firefox detected\n";}
  " iceweasel" {puts "iceweasel detected\n";}
 }

diff --git a/test/apps/gnome-mplayer.exp b/test/apps/gnome-mplayer.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail gnome-mplayer"
 }
 expect {

diff --git a/test/apps/gthumb.exp b/test/apps/gthumb.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail gthumb"
 }
 expect {

diff --git a/test/apps/hexchat.exp b/test/apps/hexchat.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  "hexchat"
 }
 expect {

diff --git a/test/apps/icedove.exp b/test/apps/icedove.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail icedove"
 }
 expect {

diff --git a/test/apps/midori.exp b/test/apps/midori.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail midori"
 }
 expect {

diff --git a/test/apps/opera.exp b/test/apps/opera.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail opera"
 }
 expect {

diff --git a/test/apps/qbittorrent.exp b/test/apps/qbittorrent.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail qbittorrent"
 }
 expect {

diff --git a/test/apps/transmission-gtk.exp b/test/apps/transmission-gtk.exp
@@ -44,6 +44,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail transmission-gtk"
 }
 expect {

diff --git a/test/apps/transmission-qt.exp b/test/apps/transmission-qt.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail transmission-qt"
 }
 expect {

diff --git a/test/apps/uget-gtk.exp b/test/apps/uget-gtk.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail uget-gtk"
 }
 expect {

diff --git a/test/apps/vlc.exp b/test/apps/vlc.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  ":firejail vlc"
 }
 expect {

diff --git a/test/apps/xchat.exp b/test/apps/xchat.exp
@@ -49,6 +49,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 5\n";exit}
+ "need to be root" {puts "/proc mounted as hidepid, exiting...\n"; exit}
  " xchat"
 }
 expect {

diff --git a/test/utils/caps.exp → test/utils/firemon-caps.exp b/test/utils/caps.exp → test/utils/firemon-caps.exp
@@ -66,6 +66,7 @@ spawn $env(SHELL)
 send -- "firemon --caps\r"
 expect {
  timeout {puts "TESTING ERROR 8.1\n";exit}
+ "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
  "bingo1"
 }
 expect {

diff --git a/test/utils/firemon-cgroup.exp b/test/utils/firemon-cgroup.exp
@@ -27,6 +27,7 @@ send -- "firemon --cgroup\r"
 sleep 4
 expect {
  timeout {puts "TESTING ERROR 2\n";exit}
+ "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
  "name=test1"
 }
 expect {

diff --git a/test/utils/firemon-cpu.exp b/test/utils/firemon-cpu.exp
@@ -27,6 +27,7 @@ send -- "firemon --cpu\r"
 sleep 4
 expect {
  timeout {puts "TESTING ERROR 2\n";exit}
+ "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
  "name=test1"
 }
 expect {

diff --git a/test/utils/seccomp.exp → test/utils/firemon-seccomp.exp b/test/utils/seccomp.exp → test/utils/firemon-seccomp.exp
@@ -29,6 +29,7 @@ spawn $env(SHELL)
 send -- "firemon --seccomp\r"
 expect {
  timeout {puts "TESTING ERROR 1\n";exit}
+ "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
  "bingo1"
 }
 expect {

diff --git a/test/utils/utils.sh b/test/utils/utils.sh
@@ -82,18 +82,18 @@ rm -f index.html*
 ./trace.exp
 rm -f index.html*
 
-echo "TESTING: firemon --seccomp (test/utils/seccomp.exp)"
-./seccomp.exp
-
-echo "TESTING: firemon --caps (test/utils/caps.exp)"
-./caps.exp
-
 echo "TESTING: top (test/utils/top.exp)"
 ./top.exp
 
 echo "TESTING: file transfer (test/utils/ls.exp)"
 ./ls.exp
 
+echo "TESTING: firemon --seccomp (test/utils/firemon-seccomp.exp)"
+./firemon-seccomp.exp
+
+echo "TESTING: firemon --caps (test/utils/firemon-caps.exp)"
+./firemon-caps.exp
+
 echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"
 ./firemon-cpu.exp
 

diff --git a/todo b/todo
@@ -284,5 +284,6 @@ removable media, partitions, software RAID volumes, logical volumes, and files.
  free(dbus_path);
 }
 
+29. grsecurity - move test after "firejail --name=blablabla" in /test/apps*