1
#!/bin/sh
2

3
dir=`dirname $0`
4
. ${dir}/misc.sh
5

6
echo "1..48"
7

8
# Verify if security.mac.portacl.suser_exempt=1 really exempts super-user.
9

10
trap restore_settings EXIT INT TERM
11

12
sysctl security.mac.portacl.suser_exempt=1 >/dev/null
13
sysctl security.mac.portacl.enabled=1 >/dev/null
14

15
bind_test ok ok uid root tcp 77
16
bind_test ok ok uid root tcp 7777
17
bind_test ok ok uid root udp 77
18
bind_test ok ok uid root udp 7777
19

20
bind_test ok ok gid root tcp 77
21
bind_test ok ok gid root tcp 7777
22
bind_test ok ok gid root udp 77
23
bind_test ok ok gid root udp 7777
24

25
# Verify if security.mac.portacl.suser_exempt=0 really doesn't exempt super-user.
26

27
sysctl security.mac.portacl.suser_exempt=0 >/dev/null
28

29
bind_test fl ok uid root tcp 77
30
bind_test ok ok uid root tcp 7777
31
bind_test fl ok uid root udp 77
32
bind_test ok ok uid root udp 7777
33

34
bind_test fl ok gid root tcp 77
35
bind_test ok ok gid root tcp 7777
36
bind_test fl ok gid root udp 77
37
bind_test ok ok gid root udp 7777
38

39
# Verify if security.mac.portacl.port_high works for super-user.
40

41
sysctl security.mac.portacl.port_high=7778 >/dev/null
42

43
bind_test fl ok uid root tcp 77
44
bind_test fl ok uid root tcp 7777
45
bind_test fl ok uid root udp 77
46
bind_test fl ok uid root udp 7777
47

48
bind_test fl ok gid root tcp 77
49
bind_test fl ok gid root tcp 7777
50
bind_test fl ok gid root udp 77
51
bind_test fl ok gid root udp 7777
52

53