nobody.t revision 256281 
1#!/bin/sh
2# $FreeBSD: stable/10/tools/regression/mac/mac_portacl/nobody.t 189832 2009-03-14 21:54:19Z pjd $
3
4dir=`dirname $0`
5. ${dir}/misc.sh
6
7echo "1..64"
8
9# security.mac.portacl.suser_exempt value doesn't affect unprivileged users
10# behaviour.
11# mac_portacl has no impact on ports <= net.inet.ip.portrange.reservedhigh.
12
13sysctl security.mac.portacl.suser_exempt=1 >/dev/null
14sysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null
15
16bind_test fl fl uid nobody tcp 77
17bind_test ok ok uid nobody tcp 7777
18bind_test fl fl uid nobody udp 77
19bind_test ok ok uid nobody udp 7777
20
21bind_test fl fl gid nobody tcp 77
22bind_test ok ok gid nobody tcp 7777
23bind_test fl fl gid nobody udp 77
24bind_test ok ok gid nobody udp 7777
25
26sysctl security.mac.portacl.suser_exempt=0 >/dev/null
27
28bind_test fl fl uid nobody tcp 77
29bind_test ok ok uid nobody tcp 7777
30bind_test fl fl uid nobody udp 77
31bind_test ok ok uid nobody udp 7777
32
33bind_test fl fl gid nobody tcp 77
34bind_test ok ok gid nobody tcp 7777
35bind_test fl fl gid nobody udp 77
36bind_test ok ok gid nobody udp 7777
37
38# Verify if security.mac.portacl.port_high works.
39
40sysctl security.mac.portacl.port_high=7778 >/dev/null
41
42bind_test fl fl uid nobody tcp 77
43bind_test fl ok uid nobody tcp 7777
44bind_test fl fl uid nobody udp 77
45bind_test fl ok uid nobody udp 7777
46
47bind_test fl fl gid nobody tcp 77
48bind_test fl ok gid nobody tcp 7777
49bind_test fl fl gid nobody udp 77
50bind_test fl ok gid nobody udp 7777
51
52# Verify if mac_portacl rules work.
53
54sysctl net.inet.ip.portrange.reservedhigh=76 >/dev/null
55sysctl security.mac.portacl.port_high=7776 >/dev/null
56
57bind_test fl ok uid nobody tcp 77
58bind_test ok ok uid nobody tcp 7777
59bind_test fl ok uid nobody udp 77
60bind_test ok ok uid nobody udp 7777
61
62bind_test fl ok gid nobody tcp 77
63bind_test ok ok gid nobody tcp 7777
64bind_test fl ok gid nobody udp 77
65bind_test ok ok gid nobody udp 7777
66
67restore_settings
68