Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/tests/sys/mac/do/consistency.sh
289024 views
1
# Copyright (c) 2026 The FreeBSD Foundation

2
#

3
# SPDX-License-Identifier: BSD-2-Clause

4
#

5
# This software was developed by Olivier Certner <[email protected]> at

6
# Kumacom SARL under sponsorship from the FreeBSD Foundation.

7


8
SJ_JID_FILE=sj.jid

9


10
atf_test_case concurrent_rules_exec_paths_changes

11
concurrent_rules_exec_paths_changes_head()

12
{

13
    atf_set descr "Consistency of rules and exec paths changes on same jail"

14
}

15
concurrent_rules_exec_paths_changes_body()

16
{

17
    local rules exec_paths rules_es exec_paths_es

18


19
    for I in $(jot - 1 1000); do

20
        sysctl_set_and_check_rules "uid=$I>uid=1001"

21
    done &

22
    rules=$!

23


24
    for I in $(jot - 1 1000); do

25
        sysctl_set_and_check_exec_paths /nowhere/nonexistent$I

26
    done &

27
    exec_paths=$!

28


29
    wait $rules

30
    rules_es=$?

31


32
    wait $exec_paths

33
    exec_paths_es=$?

34


35
    # atf_check called in the asynchronous AND-OR lists above causes exit of the

36
    # subshells and also a write to the ATF result file.  These writes are

37
    # concurrent and may cause the result file to be malformed.  Consequently,

38
    # it is important that, once execution becomes sequential again, atf_fail() is

39
    # called again (and not just exit()).

40
    if [ $rules_es -ne 0 ] || [ $exec_paths_es -ne 0 ]; then

41
        atf_fail "Rules exit status: $rules_es, \

42
exec paths exit status: $exec_paths_es"

43
    fi

44
}

45


46
atf_test_case inheritance cleanup

47
inheritance_head()

48
{

49
    atf_set descr "Simple inheritance test (values propagated to child jail)"

50
}

51
inheritance_body()

52
{

53
    local sj rules exec_paths

54


55
    # For the sake of not running the test under Kyua

56
    mac_do_ensure_disabled

57


58
    sj=$(launch_subjail)

59
    echo $sj > "${SJ_JID_FILE}"

60


61
    jail -m jid=$sj ${ROOT_JAIL_PARAM}=inherit

62
    JEXEC="jexec $sj"

63
    mac_do_check_disabled

64
    JEXEC=

65


66
    rules="uid=1001>uid=0"

67
    sysctl_set_and_check_rules $rules

68
    JEXEC="jexec $sj"

69
    sysctl_check_rules $rules

70
    JEXEC=

71


72
    rules="gid=1001>uid=0"

73
    sysctl_set_and_check_rules $rules

74
    JEXEC="jexec $sj"

75
    sysctl_check_rules $rules

76
    JEXEC=

77


78
    # Not really necessary, just to keep mac_do(4) disabled

79
    sysctl_set_and_check_rules ""

80


81
    exec_paths="/nowhere/nonexistent"

82
    sysctl_set_and_check_exec_paths $exec_paths

83
    JEXEC="jexec $sj"

84
    sysctl_check_exec_paths $exec_paths

85
    JEXEC=

86


87
    exec_paths="$MDO"

88
    sysctl_set_and_check_exec_paths $exec_paths

89
    JEXEC="jexec $sj"

90
    sysctl_check_exec_paths $exec_paths

91
    JEXEC=

92
}

93
inheritance_cleanup()

94
{

95
    # We clean up our subjail manually just for the sake of launching this test

96
    # with atf-sh.  Kyua is informed that these tests should run in a jail, and

97
    # kills it automatically after the test, which kills all subjails.  It is

98
    # annoying that atf-sh does not offer a more practical way to pass

99
    # information from the body to the cleanup part than a file.

100
    jail -r $(cat "${SJ_JID_FILE}")

101
    rm -f "${SJ_JID_FILE}"

102
}

103


104
atf_test_case inheritance_relax_parent_jail cleanup

105
inheritance_relax_parent_jail_head()

106
{

107
    atf_set descr \

108
            "Test sequential consistency in a \"relax parent rules\" scenario"

109
}

110
inheritance_relax_parent_jail_body()

111
{

112
    local sj rules exec_paths subproc

113


114
    sj=$(launch_subjail)

115
    echo $sj > "${SJ_JID_FILE}"

116


117
    jail -m jid=$sj ${ROOT_JAIL_PARAM}=inherit

118
    rules="uid=1001>uid=0"

119
    sysctl_set_and_check_rules $rules

120
    # Additional inheritance sanity check

121
    JEXEC="jexec $sj"

122
    sysctl_check_rules $rules

123
    JEXEC=

124
    exec_paths="$MDO"

125
    sysctl_set_and_check_exec_paths $exec_paths

126
    # Additional inheritance sanity check

127
    JEXEC="jexec $sj"

128
    sysctl_check_exec_paths $exec_paths

129
    JEXEC=

130


131
    # Launch a process that tries to become 'root' from user 1002, and verify

132
    # that this always fails.

133
    { for I in $(jot - 1 1000); do

134
          jexec $sj "$MDO" -u 1002 -g 1002 -G 1002 "$MDO" -i true 2>/dev/null &&

135
              exit 1

136
      done; true; } &

137
    subproc=$!

138


139
    # Decouple the subjail from the parent jail, copying its parameters

140
    jail -m jid=$sj ${ROOT_JAIL_PARAM}=new

141
    # Allow user 1002 to become 'root' on the parent jail

142
    sysctl_set_and_check_rules "$rules;uid=1002>uid=0"

143
    JEXEC="jexec $sj"

144
    # Additional sanity check (that rules of the subjail are now independent)

145
    [ "$(sysctl_rules)" == $rules ] || atf_fail "Rules not copied"

146
    [ "$(sysctl_exec_paths)" == $exec_paths ] ||

147
        atf_fail "Exec paths not copied"

148
    JEXEC=

149


150
    wait $subproc || atf_fail "A transition wrongly succeeded in the subjail!"

151
}

152
inheritance_relax_parent_jail_cleanup()

153
{

154
    # See inheritance_cleanup() for explanations

155
    jail -r $(cat "${SJ_JID_FILE}")

156
    rm -f "${SJ_JID_FILE}"

157
}

158


159
atf_test_case same_knob_and_jail_parameter cleanup

160
same_knob_and_jail_parameter_head()

161
{

162
    atf_set descr \

163
            "Corresponding sysctl knobs and jail parameters have same value"

164
}

165
same_knob_and_jail_parameter_body()

166
{

167
    local sj rules exec_paths subproc

168


169
    sj=$(launch_subjail)

170
    echo $sj > "${SJ_JID_FILE}"

171


172
    # Set sysctl knobs, observe parameters

173
    rules="uid=19999>uid=21700"

174
    exec_paths="/improbable/path/he"

175
    JEXEC="jexec $sj"

176
    sysctl_set_and_check_rules $rules

177
    sysctl_set_and_check_exec_paths $exec_paths

178
    JEXEC=

179
    atf_check -o inline:"$rules\n" jls -j $sj ${RULES_JAIL_PARAM}

180
    atf_check -o inline:"${exec_paths}\n" jls -j $sj ${EXEC_PATHS_JAIL_PARAM}

181


182
    # Set parameters, observe knobs

183
    rules="uid=128000>uid=-1"

184
    exec_paths="/hello/i_ve/changed"

185
    jail -m jid=$sj ${RULES_JAIL_PARAM}=$rules \

186
         ${EXEC_PATHS_JAIL_PARAM}=${exec_paths}

187
    JEXEC="jexec $sj"

188
    sysctl_check_rules $rules

189
    sysctl_check_exec_paths $exec_paths

190
    JEXEC=

191
}

192
same_knob_and_jail_parameter_cleanup()

193
{

194
    # See inheritance_cleanup() for explanations

195
    jail -r $(cat "${SJ_JID_FILE}")

196
    rm -f "${SJ_JID_FILE}"

197
}

198


199


200
atf_init_test_cases()

201
{

202
    . $(atf_get_srcdir)/common.sh

203
    atf_require_prog jot

204
    # Needs an absolute path for mdo(1), to set it in exec_paths

205
    atf_require_prog "$MDO"

206


207
    atf_add_test_case concurrent_rules_exec_paths_changes

208
    atf_add_test_case inheritance

209
    atf_add_test_case inheritance_relax_parent_jail

210
    atf_add_test_case same_knob_and_jail_parameter

211
}

212


213