1189832Spjd#!/bin/sh 2189832Spjd# $FreeBSD$ 3189832Spjd 4189832Spjddir=`dirname $0` 5189832Spjd. ${dir}/misc.sh 6189832Spjd 7189832Spjdecho "1..48" 8189832Spjd 9189832Spjd# Verify if security.mac.portacl.suser_exempt=1 really exempts super-user. 10189832Spjd 11189832Spjdsysctl security.mac.portacl.suser_exempt=1 >/dev/null 12189832Spjd 13189832Spjdbind_test ok ok uid root tcp 77 14189832Spjdbind_test ok ok uid root tcp 7777 15189832Spjdbind_test ok ok uid root udp 77 16189832Spjdbind_test ok ok uid root udp 7777 17189832Spjd 18189832Spjdbind_test ok ok gid root tcp 77 19189832Spjdbind_test ok ok gid root tcp 7777 20189832Spjdbind_test ok ok gid root udp 77 21189832Spjdbind_test ok ok gid root udp 7777 22189832Spjd 23189832Spjd# Verify if security.mac.portacl.suser_exempt=0 really doesn't exempt super-user. 24189832Spjd 25189832Spjdsysctl security.mac.portacl.suser_exempt=0 >/dev/null 26189832Spjd 27189832Spjdbind_test fl ok uid root tcp 77 28189832Spjdbind_test ok ok uid root tcp 7777 29189832Spjdbind_test fl ok uid root udp 77 30189832Spjdbind_test ok ok uid root udp 7777 31189832Spjd 32189832Spjdbind_test fl ok gid root tcp 77 33189832Spjdbind_test ok ok gid root tcp 7777 34189832Spjdbind_test fl ok gid root udp 77 35189832Spjdbind_test ok ok gid root udp 7777 36189832Spjd 37189832Spjd# Verify if security.mac.portacl.port_high works for super-user. 38189832Spjd 39189832Spjdsysctl security.mac.portacl.port_high=7778 >/dev/null 40189832Spjd 41189832Spjdbind_test fl ok uid root tcp 77 42189832Spjdbind_test fl ok uid root tcp 7777 43189832Spjdbind_test fl ok uid root udp 77 44189832Spjdbind_test fl ok uid root udp 7777 45189832Spjd 46189832Spjdbind_test fl ok gid root tcp 77 47189832Spjdbind_test fl ok gid root tcp 7777 48189832Spjdbind_test fl ok gid root udp 77 49189832Spjdbind_test fl ok gid root udp 7777 50189832Spjd 51189832Spjdrestore_settings 52