Lines Matching +full:s +full:- +full:mode
15 if ! sysctl -N security.mac.bsdextended >/dev/null 2>&1; then
18 if [ $(sysctl -n security.mac.bsdextended.enabled) = "0" ]; then
30 [ -c /dev/mdctl ] || atf_skip "no /dev/mdctl to create md devices"
31 mdmfs -s 25m md mnt \
34 md_device=$(mount -p | grep "$PWD/mnt" | awk '{ gsub(/^\/dev\//, "", $1); print $1 }')
35 if [ -z "$md_device" ]; then
42 cat > mnt/test-script.sh <<'EOF'
46 if [ $? -ne 0 ]; then
50 file1=mnt/test-$uidinrange
51 file2=mnt/test-$uidoutrange
52 command1="sh mnt/test-script.sh $file1"
53 command2="sh mnt/test-script.sh $file2"
56 atf_check -s exit:0 su -m $uidinrange -c "$command1"
74 umount -f mnt
75 if [ -f md_device ]; then
76 mdconfig -d -u $( cat md_device )
78 if [ -f enabled_bsdextended ]; then
93 atf_check -s exit:0 su -fm $uidinrange -c "$command1"
96 atf_check -s exit:0 su -fm $uidoutrange -c "$command1"
112 atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object mode rasx
114 atf_check -s not-exit:0 -e match:"Permission denied" \
115 su -fm $uidinrange -c "$command1"
118 atf_check -s exit:0 su -fm $uidoutrange -c "$command1"
135 atf_check -s exit:0 ugidfw set 1 subject gid $gidrange object mode rasx
138 atf_check -s not-exit:0 -e match:"Permission denied" \
139 su -fm $uidinrange -c "$command1"
142 atf_check -s exit:0 su -fm $uidoutrange -c "$command1"
161 …jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch mnt/test-jai…
162 atf_check -s exit:0 ugidfw set 1 subject jailid $jailid object mode rasx
165 if [ -f mnt/test-jail ]; then
169 rm -f mnt/test-jail
171 …jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch mnt/test-jai…
173 if ! [ -f mnt/test-jail ]; then
191 atf_check -s exit:0 ugidfw set 1 subject object uid $uidrange mode rasx
194 atf_check -s not-exit:0 -e match:"Permission denied" \
195 su -fm $uidinrange -c "$command1"
198 atf_check -s exit:0 su -fm $uidinrange -c "$command2"
199 atf_check -s exit:0 ugidfw set 1 subject object uid $uidrange mode rasx
202 atf_check -s not-exit:0 -e match:"Permission denied" \
203 su -fm $uidoutrange -c "$command1"
206 atf_check -s exit:0 su -fm $uidoutrange -c "$command2"
223 atf_check -s exit:0 ugidfw set 1 subject object gid $uidrange mode rasx
226 atf_check -s not-exit:0 -e match:"Permission denied" \
227 su -fm $uidinrange -c "$command1"
230 atf_check -s exit:0 su -fm $uidinrange -c "$command2"
232 atf_check -s not-exit:0 -e match:"Permission denied" \
233 su -fm $uidoutrange -c "$command1"
236 atf_check -s exit:0 su -fm $uidoutrange -c "$command2"
252 atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object filesys / mode rasx
254 atf_check -s exit:0 su -fm $uidinrange -c "$command1"
256 atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object filesys mnt mode rasx
258 atf_check -s not-exit:0 -e match:"Permission denied" \
259 su -fm $uidinrange -c "$command1"
275 atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object suid mode rasx
277 atf_check -s exit:0 su -fm $uidinrange -c "$command1"
279 chmod u+s $file1
281 atf_check -s not-exit:0 -e match:"Permission denied" \
282 su -fm $uidinrange -c "$command1"
283 chmod u-s $file1
300 atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object sgid mode rasx
302 atf_check -s exit:0 su -fm $uidinrange -c "$command1"
304 chmod g+s $file1
306 atf_check -s not-exit:0 -e match:"Permission denied" \
307 su -fm $uidinrange -c "$command1"
308 chmod g-s $file1
324 atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object uid_of_subject mode rasx
327 atf_check -s exit:0 su -fm $uidinrange -c "$command2"
330 atf_check -s not-exit:0 -e match:"Permission denied" \
331 su -fm $uidinrange -c "$command1"
347 atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object gid_of_subject mode rasx
350 atf_check -s exit:0 su -fm $uidinrange -c "$command2"
353 atf_check -s not-exit:0 -e match:"Permission denied" \
354 su -fm $uidinrange -c "$command1"
372 atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object type dbclsp mode rasx
373 atf_check -s exit:0 su -fm $uidinrange -c "$command1"
376 atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object type r mode rasx
377 atf_check -s not-exit:0 -e match:"Permission denied" \
378 su -fm $uidinrange -c "$command1"