tools/regression/mac/mac_portacl/root.t


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

#!/bin/sh
# $FreeBSD$

dir=`dirname $0`
. ${dir}/misc.sh

echo "1..48"

# Verify if security.mac.portacl.suser_exempt=1 really exempts super-user.

trap restore_settings EXIT INT TERM

sysctl security.mac.portacl.suser_exempt=1 >/dev/null

bind_test ok ok uid root tcp 77
bind_test ok ok uid root tcp 7777
bind_test ok ok uid root udp 77
bind_test ok ok uid root udp 7777

bind_test ok ok gid root tcp 77
bind_test ok ok gid root tcp 7777
bind_test ok ok gid root udp 77
bind_test ok ok gid root udp 7777

# Verify if security.mac.portacl.suser_exempt=0 really doesn't exempt super-user.

sysctl security.mac.portacl.suser_exempt=0 >/dev/null

bind_test fl ok uid root tcp 77
bind_test ok ok uid root tcp 7777
bind_test fl ok uid root udp 77
bind_test ok ok uid root udp 7777

bind_test fl ok gid root tcp 77
bind_test ok ok gid root tcp 7777
bind_test fl ok gid root udp 77
bind_test ok ok gid root udp 7777

# Verify if security.mac.portacl.port_high works for super-user.

sysctl security.mac.portacl.port_high=7778 >/dev/null

bind_test fl ok uid root tcp 77
bind_test fl ok uid root tcp 7777
bind_test fl ok uid root udp 77
bind_test fl ok uid root udp 7777

bind_test fl ok gid root tcp 77
bind_test fl ok gid root tcp 7777
bind_test fl ok gid root udp 77
bind_test fl ok gid root udp 7777