opnsense-src/tests/sys/mac/portacl/root_test.sh

#!/bin/sh
# $FreeBSD$

dir=`dirname $0`
. ${dir}/misc.sh

echo "1..48"

# Verify if security.mac.portacl.suser_exempt=1 really exempts super-user.

trap restore_settings EXIT INT TERM

sysctl security.mac.portacl.suser_exempt=1 >/dev/null

bind_test ok ok uid root tcp 77
bind_test ok ok uid root tcp 7777
bind_test ok ok uid root udp 77
bind_test ok ok uid root udp 7777

bind_test ok ok gid root tcp 77
bind_test ok ok gid root tcp 7777
bind_test ok ok gid root udp 77
bind_test ok ok gid root udp 7777

# Verify if security.mac.portacl.suser_exempt=0 really doesn't exempt super-user.

sysctl security.mac.portacl.suser_exempt=0 >/dev/null

bind_test fl ok uid root tcp 77
bind_test ok ok uid root tcp 7777
bind_test fl ok uid root udp 77
bind_test ok ok uid root udp 7777

bind_test fl ok gid root tcp 77
bind_test ok ok gid root tcp 7777
bind_test fl ok gid root udp 77
bind_test ok ok gid root udp 7777

# Verify if security.mac.portacl.port_high works for super-user.

sysctl security.mac.portacl.port_high=7778 >/dev/null

bind_test fl ok uid root tcp 77
bind_test fl ok uid root tcp 7777
bind_test fl ok uid root udp 77
bind_test fl ok uid root udp 7777

bind_test fl ok gid root tcp 77
bind_test fl ok gid root tcp 7777
bind_test fl ok gid root udp 77
bind_test fl ok gid root udp 7777
Regression tests for mac_portacl(4). 2009-03-14 17:54:19 -04:00			`#!/bin/sh`
			`# $FreeBSD$`

			dir=`dirname $0`
			`. ${dir}/misc.sh`

			`echo "1..48"`

			`# Verify if security.mac.portacl.suser_exempt=1 really exempts super-user.`

Make the mac_portacl testcases work / more robust - A trap(1) call has been added to the test scripts to better ensure that the tests do a better job at trying to restore the test host state at the end of the tests (if the test was interrupted before it would leave the system in an odd state, potentially making the test results for subsequent runs non-deterministic). - Add root user checks - Fix nc(1) usage: -- -o is deprecated -- Using `-w 10` will make the call timeout after 10 seconds so it doesn't block indefinitely - Use local variables - Be more terse in the error messages - Parameterize out "127.0.0.1" MFC after: 1 week Sponsored by: EMC / Isilon Storage Division 2015-12-21 16:15:23 -05:00			`trap restore_settings EXIT INT TERM`

Regression tests for mac_portacl(4). 2009-03-14 17:54:19 -04:00			`sysctl security.mac.portacl.suser_exempt=1 >/dev/null`

			`bind_test ok ok uid root tcp 77`
			`bind_test ok ok uid root tcp 7777`
			`bind_test ok ok uid root udp 77`
			`bind_test ok ok uid root udp 7777`

			`bind_test ok ok gid root tcp 77`
			`bind_test ok ok gid root tcp 7777`
			`bind_test ok ok gid root udp 77`
			`bind_test ok ok gid root udp 7777`

			`# Verify if security.mac.portacl.suser_exempt=0 really doesn't exempt super-user.`

			`sysctl security.mac.portacl.suser_exempt=0 >/dev/null`

			`bind_test fl ok uid root tcp 77`
			`bind_test ok ok uid root tcp 7777`
			`bind_test fl ok uid root udp 77`
			`bind_test ok ok uid root udp 7777`

			`bind_test fl ok gid root tcp 77`
			`bind_test ok ok gid root tcp 7777`
			`bind_test fl ok gid root udp 77`
			`bind_test ok ok gid root udp 7777`

			`# Verify if security.mac.portacl.port_high works for super-user.`

			`sysctl security.mac.portacl.port_high=7778 >/dev/null`

			`bind_test fl ok uid root tcp 77`
			`bind_test fl ok uid root tcp 7777`
			`bind_test fl ok uid root udp 77`
			`bind_test fl ok uid root udp 7777`

			`bind_test fl ok gid root tcp 77`
			`bind_test fl ok gid root tcp 7777`
			`bind_test fl ok gid root udp 77`
			`bind_test fl ok gid root udp 7777`