#
172106 |
|
09-Sep-2007 |
rwatson |
Enhance and expand kernel privilege regression tests in support of work present in FreeBSD 7.0 to refine the kernel privilege model:
- Introduce support for jail as a testing variable, in order to confirm that privileges are properly restricted in the jail environment.
- Restructure overall testing approach so that privilege and jail conditions are set in the testing infrastructure before tests are invoked, and done so in a custom-created process to isolate the impact of tests from each other in a more consistent way.
- Tests now provide setup and cleanup hooks that occur before and after the test runs.
- New privilege tests are now present for several audit privileges, several credential management privileges, dmesg buffer reading privilege, and netinet raw socket creation.
- Other existing tests are restructured and generally improved as a result of better framework structure and jail as a variable. For exampe, we now test that certain sysctls are writable only outside jail, while others are writable within jail. On a similar note, privileges relating to setting UFS file flags are now better exercised, as with the right to chmod and utimes files.
Approved by: re (bmah) Obtained from: TrustedBSD Project
|