1# 2# Copyright (c) 2026, The FreeBSD Foundation 3# 4# This software was developed by Olivier Certner <olce@FreeBSD.org> at 5# Kumacom SARL under sponsorship from the FreeBSD Foundation. 6 7rules_parameter() 8{ 9 echo "$1".rules 10} 11 12 13CONF_ROOT_KNOB=security.mac.do 14RULES_KNOB=$(rules_parameter ${CONF_ROOT_KNOB}) 15PPE_KNOB=${CONF_ROOT_KNOB}.print_parse_error 16 17 18# $1 = knob name, $2 = value 19sysctl_set_and_check() 20{ 21 local knob value 22 23 knob=$1 24 value=$2 25 atf_check -o ignore sysctl "$knob"="$value" 26 atf_check -o inline:"$value\n" sysctl -n "$knob" 27} 28 29# $1 = knob name, $2 = value 30sysctl_set_and_check_fails() 31{ 32 local knob value orig_value 33 34 knob=$1 35 value=$2 36 orig_value=$(sysctl -n "$knob") 37 atf_check -s not-exit:0 -o ignore -e ignore sysctl "$knob"="$value" 38 atf_check -o inline:"${orig_value}\n" sysctl -n "$knob" 39} 40 41# $1 = sysctl function, $2 = value 42sysctl_set_and_check_rules_common() 43{ 44 local func value 45 46 func=$1 47 value=$2 48 "$func" ${RULES_KNOB} "$value" 49 # Same spec but using the older in-rule separator (':') 50 "$func" ${RULES_KNOB} "$(echo "$value" | sed 's%>%:%')" 51} 52 53# $1 = value 54sysctl_set_and_check_rules() 55{ 56 local value 57 58 value=$1 59 sysctl_set_and_check_rules_common sysctl_set_and_check "$value" 60} 61 62# $1 = value 63sysctl_set_and_check_fails_rules() 64{ 65 local value 66 67 value=$1 68 sysctl_set_and_check_rules_common sysctl_set_and_check_fails "$value" 69} 70 71# Do not pollute kernel logs with parse errors 72sysctl $PPE_KNOB=0 >/dev/null 2>&1 73