1#!/bin/sh 2 3dir=`dirname $0` 4. ${dir}/misc.sh 5 6echo "1..64" 7 8# security.mac.portacl.suser_exempt value doesn't affect unprivileged users 9# behaviour. 10# mac_portacl has no impact on ports <= net.inet.ip.portrange.reservedhigh. 11 12trap restore_settings EXIT INT TERM 13 14sysctl security.mac.portacl.suser_exempt=1 >/dev/null 15sysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null 16sysctl security.mac.portacl.enabled=1 >/dev/null 17 18bind_test fl fl uid nobody tcp 77 19bind_test ok ok uid nobody tcp 7777 20bind_test fl fl uid nobody udp 77 21bind_test ok ok uid nobody udp 7777 22 23bind_test fl fl gid nobody tcp 77 24bind_test ok ok gid nobody tcp 7777 25bind_test fl fl gid nobody udp 77 26bind_test ok ok gid nobody udp 7777 27 28sysctl security.mac.portacl.suser_exempt=0 >/dev/null 29 30bind_test fl fl uid nobody tcp 77 31bind_test ok ok uid nobody tcp 7777 32bind_test fl fl uid nobody udp 77 33bind_test ok ok uid nobody udp 7777 34 35bind_test fl fl gid nobody tcp 77 36bind_test ok ok gid nobody tcp 7777 37bind_test fl fl gid nobody udp 77 38bind_test ok ok gid nobody udp 7777 39 40# Verify if security.mac.portacl.port_high works. 41 42sysctl security.mac.portacl.port_high=7778 >/dev/null 43 44bind_test fl fl uid nobody tcp 77 45bind_test fl ok uid nobody tcp 7777 46bind_test fl fl uid nobody udp 77 47bind_test fl ok uid nobody udp 7777 48 49bind_test fl fl gid nobody tcp 77 50bind_test fl ok gid nobody tcp 7777 51bind_test fl fl gid nobody udp 77 52bind_test fl ok gid nobody udp 7777 53 54# Verify if mac_portacl rules work. 55 56sysctl net.inet.ip.portrange.reservedhigh=76 >/dev/null 57sysctl security.mac.portacl.port_high=7776 >/dev/null 58 59bind_test fl ok uid nobody tcp 77 60bind_test ok ok uid nobody tcp 7777 61bind_test fl ok uid nobody udp 77 62bind_test ok ok uid nobody udp 7777 63 64bind_test fl ok gid nobody tcp 77 65bind_test ok ok gid nobody tcp 7777 66bind_test fl ok gid nobody udp 77 67bind_test ok ok gid nobody udp 7777 68