1228753Smm/*- 2228753Smm * Copyright (c) 2006 nCircle Network Security, Inc. 3228753Smm * Copyright (c) 2007 Robert N. M. Watson 4228753Smm * All rights reserved. 5228753Smm * 6228753Smm * This software was developed by Robert N. M. Watson for the TrustedBSD 7228753Smm * Project under contract to nCircle Network Security, Inc. 8228753Smm * 9228753Smm * Redistribution and use in source and binary forms, with or without 10228753Smm * modification, are permitted provided that the following conditions 11228753Smm * are met: 12228753Smm * 1. Redistributions of source code must retain the above copyright 13228753Smm * notice, this list of conditions and the following disclaimer. 14228753Smm * 2. Redistributions in binary form must reproduce the above copyright 15228753Smm * notice, this list of conditions and the following disclaimer in the 16228753Smm * documentation and/or other materials provided with the distribution. 17228753Smm * 18228753Smm * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19228753Smm * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20228753Smm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21228753Smm * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 22228753Smm * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23228753Smm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 24228753Smm * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25228753Smm * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26228753Smm * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27228753Smm * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28228753Smm * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29228753Smm * 30228753Smm * $FreeBSD$ 31228753Smm */ 32228753Smm 33232153Smm/* 34228753Smm * Test that chroot() requires privilege--do a no-op chroot() to "/". 35232153Smm * 36232153Smm * XXXRW: Would also be good to check fchroot() permission, but that is not 37232153Smm * exposed via the BSD API. 38228753Smm */ 39232153Smm 40232153Smm#include <err.h> 41228753Smm#include <errno.h> 42228753Smm#include <unistd.h> 43228753Smm 44228753Smm#include "main.h" 45228753Smm 46228753Smmint 47228753Smmpriv_vfs_chroot_setup(int asroot, int injail, struct test *test) 48228753Smm{ 49228753Smm 50228753Smm return (0); 51228753Smm} 52228753Smm 53228753Smmvoid 54228753Smmpriv_vfs_chroot(int asroot, int injail, struct test *test) 55228753Smm{ 56228753Smm int error; 57228753Smm 58228753Smm error = chroot("/"); 59228753Smm if (asroot && injail) 60232153Smm expect("priv_vfs_chroot(asroot, injail)", error, 0, 0); 61232153Smm if (asroot && !injail) 62232153Smm expect("priv_vfs_chroot(asroot, !injail)", error, 0, 0); 63248616Smm if (!asroot && injail) 64248616Smm expect("priv_vfs_chroot(!asroot, injail)", error, -1, EPERM); 65248616Smm if (!asroot && !injail) 66248616Smm expect("priv_vfs_chroot(!asroot, !injail)", error, -1, EPERM); 67248616Smm} 68232153Smm 69232153Smmvoid 70232153Smmpriv_vfs_chroot_cleanup(int asroot, int injail, struct test *test) 71232153Smm{ 72228753Smm 73228753Smm} 74228753Smm