1189832Spjd#!/bin/sh 2189832Spjd# $FreeBSD$ 3189832Spjd 4189832Spjddir=`dirname $0` 5189832Spjd. ${dir}/misc.sh 6189832Spjd 7189832Spjdecho "1..64" 8189832Spjd 9189832Spjd# security.mac.portacl.suser_exempt value doesn't affect unprivileged users 10189832Spjd# behaviour. 11189832Spjd# mac_portacl has no impact on ports <= net.inet.ip.portrange.reservedhigh. 12189832Spjd 13189832Spjdsysctl security.mac.portacl.suser_exempt=1 >/dev/null 14189832Spjdsysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null 15189832Spjd 16189832Spjdbind_test fl fl uid nobody tcp 77 17189832Spjdbind_test ok ok uid nobody tcp 7777 18189832Spjdbind_test fl fl uid nobody udp 77 19189832Spjdbind_test ok ok uid nobody udp 7777 20189832Spjd 21189832Spjdbind_test fl fl gid nobody tcp 77 22189832Spjdbind_test ok ok gid nobody tcp 7777 23189832Spjdbind_test fl fl gid nobody udp 77 24189832Spjdbind_test ok ok gid nobody udp 7777 25189832Spjd 26189832Spjdsysctl security.mac.portacl.suser_exempt=0 >/dev/null 27189832Spjd 28189832Spjdbind_test fl fl uid nobody tcp 77 29189832Spjdbind_test ok ok uid nobody tcp 7777 30189832Spjdbind_test fl fl uid nobody udp 77 31189832Spjdbind_test ok ok uid nobody udp 7777 32189832Spjd 33189832Spjdbind_test fl fl gid nobody tcp 77 34189832Spjdbind_test ok ok gid nobody tcp 7777 35189832Spjdbind_test fl fl gid nobody udp 77 36189832Spjdbind_test ok ok gid nobody udp 7777 37189832Spjd 38189832Spjd# Verify if security.mac.portacl.port_high works. 39189832Spjd 40189832Spjdsysctl security.mac.portacl.port_high=7778 >/dev/null 41189832Spjd 42189832Spjdbind_test fl fl uid nobody tcp 77 43189832Spjdbind_test fl ok uid nobody tcp 7777 44189832Spjdbind_test fl fl uid nobody udp 77 45189832Spjdbind_test fl ok uid nobody udp 7777 46189832Spjd 47189832Spjdbind_test fl fl gid nobody tcp 77 48189832Spjdbind_test fl ok gid nobody tcp 7777 49189832Spjdbind_test fl fl gid nobody udp 77 50189832Spjdbind_test fl ok gid nobody udp 7777 51189832Spjd 52189832Spjd# Verify if mac_portacl rules work. 53189832Spjd 54189832Spjdsysctl net.inet.ip.portrange.reservedhigh=76 >/dev/null 55189832Spjdsysctl security.mac.portacl.port_high=7776 >/dev/null 56189832Spjd 57189832Spjdbind_test fl ok uid nobody tcp 77 58189832Spjdbind_test ok ok uid nobody tcp 7777 59189832Spjdbind_test fl ok uid nobody udp 77 60189832Spjdbind_test ok ok uid nobody udp 7777 61189832Spjd 62189832Spjdbind_test fl ok gid nobody tcp 77 63189832Spjdbind_test ok ok gid nobody tcp 7777 64189832Spjdbind_test fl ok gid nobody udp 77 65189832Spjdbind_test ok ok gid nobody udp 7777 66189832Spjd 67189832Spjdrestore_settings 68