Path: blob/main/tests/sys/mac/portacl/nobody_test.sh
107436 views
#!/bin/sh12dir=`dirname $0`3. ${dir}/misc.sh45echo "1..64"67# security.mac.portacl.suser_exempt value doesn't affect unprivileged users8# behaviour.9# mac_portacl has no impact on ports <= net.inet.ip.portrange.reservedhigh.1011trap restore_settings EXIT INT TERM1213sysctl security.mac.portacl.suser_exempt=1 >/dev/null14sysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null15sysctl security.mac.portacl.enabled=1 >/dev/null1617bind_test fl fl uid nobody tcp 7718bind_test ok ok uid nobody tcp 777719bind_test fl fl uid nobody udp 7720bind_test ok ok uid nobody udp 77772122bind_test fl fl gid nobody tcp 7723bind_test ok ok gid nobody tcp 777724bind_test fl fl gid nobody udp 7725bind_test ok ok gid nobody udp 77772627sysctl security.mac.portacl.suser_exempt=0 >/dev/null2829bind_test fl fl uid nobody tcp 7730bind_test ok ok uid nobody tcp 777731bind_test fl fl uid nobody udp 7732bind_test ok ok uid nobody udp 77773334bind_test fl fl gid nobody tcp 7735bind_test ok ok gid nobody tcp 777736bind_test fl fl gid nobody udp 7737bind_test ok ok gid nobody udp 77773839# Verify if security.mac.portacl.port_high works.4041sysctl security.mac.portacl.port_high=7778 >/dev/null4243bind_test fl fl uid nobody tcp 7744bind_test fl ok uid nobody tcp 777745bind_test fl fl uid nobody udp 7746bind_test fl ok uid nobody udp 77774748bind_test fl fl gid nobody tcp 7749bind_test fl ok gid nobody tcp 777750bind_test fl fl gid nobody udp 7751bind_test fl ok gid nobody udp 77775253# Verify if mac_portacl rules work.5455sysctl net.inet.ip.portrange.reservedhigh=76 >/dev/null56sysctl security.mac.portacl.port_high=7776 >/dev/null5758bind_test fl ok uid nobody tcp 7759bind_test ok ok uid nobody tcp 777760bind_test fl ok uid nobody udp 7761bind_test ok ok uid nobody udp 77776263bind_test fl ok gid nobody tcp 7764bind_test ok ok gid nobody tcp 777765bind_test fl ok gid nobody udp 7766bind_test ok ok gid nobody udp 7777676869