| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r292530:
- Use 1 for an exit code instead of -1 with err, errx, and exit
- Add unistd.h for getuid(3)
- Sort #includes
r292546:
- Convert testcase to TAP format
- Use nitems(x) instead of handrolled sizeof(x) / sizeof(*x) macro
- Do not mark count != 0 case with bsde_get_rule_count as a failure; this
generates false positives on systems with ugidfw rules set on it
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r292531:
Make test_matches.sh into a series of TAP testcases
Use temporary filesystems / memory disks instead of a hardcoded path
which doesn't exist on test systems
r292532:
Mark `subject matching jailid` testcase as an unexpected failure with
TODO to ensure that the testcase isn't marked as a failure
PR: 205481
r292533:
Skip the testcases if mac_bsdextended(4) isn't detected on the
system
r292545:
Redo the TAP integration so it works with Kyua
Kyua needs numbers in the TAP results :/, but prove doesn't
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the mac_portacl testcases work / more robust
- A trap(1) call has been added to the test scripts to better
ensure that the tests do a better job at trying to restore the
test host state at the end of the tests (if the test was
interrupted before it would leave the system in an odd state,
potentially making the test results for subsequent runs
non-deterministic).
- Add root user checks
- Fix nc(1) usage:
-- -o is deprecated
-- Using `-w 10` will make the call timeout after 10 seconds so it
doesn't block indefinitely
- Use local variables
- Be more terse in the error messages
- Parameterize out "127.0.0.1"
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
| |
Skip the MAC portacl tests if MAC_PORTACL support is missing instead of
marking them failed
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
r264400:
NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
r265836:
Remove last two NO_MAN= in the tree. In both of these cases, MAN= is
what is needed.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
|
| | |
|
|
|
Currently only performs basic tests against the library string routines,
and queries less important kernel state.
Obtained from: TrustedBSD Project
Sponsored by: SPAWAR, SPARTA
MFC after: 3 days
|
