1189832Spjd#!/bin/sh 2189832Spjd# $FreeBSD: stable/11/tests/sys/mac/portacl/root_test.sh 324404 2017-10-07 23:10:16Z ngie $ 3189832Spjd 4189832Spjddir=`dirname $0` 5189832Spjd. ${dir}/misc.sh 6189832Spjd 7189832Spjdecho "1..48" 8189832Spjd 9189832Spjd# Verify if security.mac.portacl.suser_exempt=1 really exempts super-user. 10189832Spjd 11292569Sngietrap restore_settings EXIT INT TERM 12292569Sngie 13189832Spjdsysctl security.mac.portacl.suser_exempt=1 >/dev/null 14189832Spjd 15189832Spjdbind_test ok ok uid root tcp 77 16189832Spjdbind_test ok ok uid root tcp 7777 17189832Spjdbind_test ok ok uid root udp 77 18189832Spjdbind_test ok ok uid root udp 7777 19189832Spjd 20189832Spjdbind_test ok ok gid root tcp 77 21189832Spjdbind_test ok ok gid root tcp 7777 22189832Spjdbind_test ok ok gid root udp 77 23189832Spjdbind_test ok ok gid root udp 7777 24189832Spjd 25189832Spjd# Verify if security.mac.portacl.suser_exempt=0 really doesn't exempt super-user. 26189832Spjd 27189832Spjdsysctl security.mac.portacl.suser_exempt=0 >/dev/null 28189832Spjd 29189832Spjdbind_test fl ok uid root tcp 77 30189832Spjdbind_test ok ok uid root tcp 7777 31189832Spjdbind_test fl ok uid root udp 77 32189832Spjdbind_test ok ok uid root udp 7777 33189832Spjd 34189832Spjdbind_test fl ok gid root tcp 77 35189832Spjdbind_test ok ok gid root tcp 7777 36189832Spjdbind_test fl ok gid root udp 77 37189832Spjdbind_test ok ok gid root udp 7777 38189832Spjd 39189832Spjd# Verify if security.mac.portacl.port_high works for super-user. 40189832Spjd 41189832Spjdsysctl security.mac.portacl.port_high=7778 >/dev/null 42189832Spjd 43189832Spjdbind_test fl ok uid root tcp 77 44189832Spjdbind_test fl ok uid root tcp 7777 45189832Spjdbind_test fl ok uid root udp 77 46189832Spjdbind_test fl ok uid root udp 7777 47189832Spjd 48189832Spjdbind_test fl ok gid root tcp 77 49189832Spjdbind_test fl ok gid root tcp 7777 50189832Spjdbind_test fl ok gid root udp 77 51189832Spjdbind_test fl ok gid root udp 7777 52