xref: /freebsd/tests/sys/mac/portacl/root_test.sh (revision d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf) 
1*870c2f7aSEnji Cooper#!/bin/sh
2*870c2f7aSEnji Cooper
3*870c2f7aSEnji Cooperdir=`dirname $0`
4*870c2f7aSEnji Cooper. ${dir}/misc.sh
5*870c2f7aSEnji Cooper
6*870c2f7aSEnji Cooperecho "1..48"
7*870c2f7aSEnji Cooper
8*870c2f7aSEnji Cooper# Verify if security.mac.portacl.suser_exempt=1 really exempts super-user.
9*870c2f7aSEnji Cooper
10*870c2f7aSEnji Coopertrap restore_settings EXIT INT TERM
11*870c2f7aSEnji Cooper
12*870c2f7aSEnji Coopersysctl security.mac.portacl.suser_exempt=1 >/dev/null
13*870c2f7aSEnji Cooper
14*870c2f7aSEnji Cooperbind_test ok ok uid root tcp 77
15*870c2f7aSEnji Cooperbind_test ok ok uid root tcp 7777
16*870c2f7aSEnji Cooperbind_test ok ok uid root udp 77
17*870c2f7aSEnji Cooperbind_test ok ok uid root udp 7777
18*870c2f7aSEnji Cooper
19*870c2f7aSEnji Cooperbind_test ok ok gid root tcp 77
20*870c2f7aSEnji Cooperbind_test ok ok gid root tcp 7777
21*870c2f7aSEnji Cooperbind_test ok ok gid root udp 77
22*870c2f7aSEnji Cooperbind_test ok ok gid root udp 7777
23*870c2f7aSEnji Cooper
24*870c2f7aSEnji Cooper# Verify if security.mac.portacl.suser_exempt=0 really doesn't exempt super-user.
25*870c2f7aSEnji Cooper
26*870c2f7aSEnji Coopersysctl security.mac.portacl.suser_exempt=0 >/dev/null
27*870c2f7aSEnji Cooper
28*870c2f7aSEnji Cooperbind_test fl ok uid root tcp 77
29*870c2f7aSEnji Cooperbind_test ok ok uid root tcp 7777
30*870c2f7aSEnji Cooperbind_test fl ok uid root udp 77
31*870c2f7aSEnji Cooperbind_test ok ok uid root udp 7777
32*870c2f7aSEnji Cooper
33*870c2f7aSEnji Cooperbind_test fl ok gid root tcp 77
34*870c2f7aSEnji Cooperbind_test ok ok gid root tcp 7777
35*870c2f7aSEnji Cooperbind_test fl ok gid root udp 77
36*870c2f7aSEnji Cooperbind_test ok ok gid root udp 7777
37*870c2f7aSEnji Cooper
38*870c2f7aSEnji Cooper# Verify if security.mac.portacl.port_high works for super-user.
39*870c2f7aSEnji Cooper
40*870c2f7aSEnji Coopersysctl security.mac.portacl.port_high=7778 >/dev/null
41*870c2f7aSEnji Cooper
42*870c2f7aSEnji Cooperbind_test fl ok uid root tcp 77
43*870c2f7aSEnji Cooperbind_test fl ok uid root tcp 7777
44*870c2f7aSEnji Cooperbind_test fl ok uid root udp 77
45*870c2f7aSEnji Cooperbind_test fl ok uid root udp 7777
46*870c2f7aSEnji Cooper
47*870c2f7aSEnji Cooperbind_test fl ok gid root tcp 77
48*870c2f7aSEnji Cooperbind_test fl ok gid root tcp 7777
49*870c2f7aSEnji Cooperbind_test fl ok gid root udp 77
50*870c2f7aSEnji Cooperbind_test fl ok gid root udp 7777
51