1#!/bin/sh 2 3dir=`dirname $0` 4. ${dir}/misc.sh 5 6echo "1..64" 7 8# security.mac.portacl.suser_exempt value doesn't affect unprivileged users 9# behaviour. 10# mac_portacl has no impact on ports <= net.inet.ip.portrange.reservedhigh. 11 12trap restore_settings EXIT INT TERM 13 14sysctl security.mac.portacl.suser_exempt=1 >/dev/null 15sysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null 16 17bind_test fl fl uid nobody tcp 77 18bind_test ok ok uid nobody tcp 7777 19bind_test fl fl uid nobody udp 77 20bind_test ok ok uid nobody udp 7777 21 22bind_test fl fl gid nobody tcp 77 23bind_test ok ok gid nobody tcp 7777 24bind_test fl fl gid nobody udp 77 25bind_test ok ok gid nobody udp 7777 26 27sysctl security.mac.portacl.suser_exempt=0 >/dev/null 28 29bind_test fl fl uid nobody tcp 77 30bind_test ok ok uid nobody tcp 7777 31bind_test fl fl uid nobody udp 77 32bind_test ok ok uid nobody udp 7777 33 34bind_test fl fl gid nobody tcp 77 35bind_test ok ok gid nobody tcp 7777 36bind_test fl fl gid nobody udp 77 37bind_test ok ok gid nobody udp 7777 38 39# Verify if security.mac.portacl.port_high works. 40 41sysctl security.mac.portacl.port_high=7778 >/dev/null 42 43bind_test fl fl uid nobody tcp 77 44bind_test fl ok uid nobody tcp 7777 45bind_test fl fl uid nobody udp 77 46bind_test fl ok uid nobody udp 7777 47 48bind_test fl fl gid nobody tcp 77 49bind_test fl ok gid nobody tcp 7777 50bind_test fl fl gid nobody udp 77 51bind_test fl ok gid nobody udp 7777 52 53# Verify if mac_portacl rules work. 54 55sysctl net.inet.ip.portrange.reservedhigh=76 >/dev/null 56sysctl security.mac.portacl.port_high=7776 >/dev/null 57 58bind_test fl ok uid nobody tcp 77 59bind_test ok ok uid nobody tcp 7777 60bind_test fl ok uid nobody udp 77 61bind_test ok ok uid nobody udp 7777 62 63bind_test fl ok gid nobody tcp 77 64bind_test ok ok gid nobody tcp 7777 65bind_test fl ok gid nobody udp 77 66bind_test ok ok gid nobody udp 7777 67