diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-09-09 23:08:39 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-09-09 23:08:39 +0000 |
| commit | 2f5eb093a49d608441a859f9e1771c6dbbc128e0 (patch) | |
| tree | 31905091a75e03080d113f8836c9872dcff17a5f /tools/regression/priv/priv_vm_mlock.c | |
| parent | 5e60afe4dd87cca48fda764041753bfa24da562b (diff) | |
| download | FreeBSD-src-2f5eb093a49d608441a859f9e1771c6dbbc128e0.zip FreeBSD-src-2f5eb093a49d608441a859f9e1771c6dbbc128e0.tar.gz | |
Enhance and expand kernel privilege regression tests in support of
work present in FreeBSD 7.0 to refine the kernel privilege model:
- Introduce support for jail as a testing variable, in order to
confirm that privileges are properly restricted in the jail
environment.
- Restructure overall testing approach so that privilege and jail
conditions are set in the testing infrastructure before tests
are invoked, and done so in a custom-created process to isolate
the impact of tests from each other in a more consistent way.
- Tests now provide setup and cleanup hooks that occur before and
after the test runs.
- New privilege tests are now present for several audit
privileges, several credential management privileges, dmesg
buffer reading privilege, and netinet raw socket creation.
- Other existing tests are restructured and generally improved as
a result of better framework structure and jail as a variable.
For exampe, we now test that certain sysctls are writable only
outside jail, while others are writable within jail. On a
similar note, privileges relating to setting UFS file flags are
now better exercised, as with the right to chmod and utimes
files.
Approved by: re (bmah)
Obtained from: TrustedBSD Project
Diffstat (limited to 'tools/regression/priv/priv_vm_mlock.c')
| -rw-r--r-- | tools/regression/priv/priv_vm_mlock.c | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/tools/regression/priv/priv_vm_mlock.c b/tools/regression/priv/priv_vm_mlock.c index 3da06d3..5cdbc70 100644 --- a/tools/regression/priv/priv_vm_mlock.c +++ b/tools/regression/priv/priv_vm_mlock.c @@ -1,5 +1,6 @@ /*- * Copyright (c) 2006 nCircle Network Security, Inc. + * Copyright (c) 2007 Robert N. M. Watson * All rights reserved. * * This software was developed by Robert N. M. Watson for the TrustedBSD @@ -30,8 +31,7 @@ */ /* - * Test that mlock() requires privilege by running it first with privilege, - * then again without. + * Test that mlock() requires privilege. */ #include <sys/types.h> @@ -43,22 +43,31 @@ #include "main.h" +int +priv_vm_mlock_setup(int asroot, int injail, struct test *test) +{ + + return (0); +} + void -priv_vm_mlock(void) +priv_vm_mlock(int asroot, int injail, struct test *test) { int error; - assert_root(); - error = mlock(&error, getpagesize()); - if (error) - err(-1, "mlock as root"); + if (asroot && injail) + expect("priv_vm_mlock(asroot, injail)", error, -1, EPERM); + if (asroot && !injail) + expect("priv_vm_mlock(asroot, !injail", error, 0, 0); + if (!asroot && injail) + expect("priv_vm_mlock(!asroot, injail", error, -1, EPERM); + if (!asroot && !injail) + expect("priv_vm_mlock(!asroot, !injail", error, -1, EPERM); +} - set_euid(UID_OTHER); +void +priv_vm_mlock_cleanup(int asroot, int injail, struct test *test) +{ - error = mlock(&error, getpagesize()); - if (error == 0) - errx(-1, "mlock as !root succeeded"); - if (errno != EPERM) - err(-1, "mlock as !root wrong errno %d", errno); } |
