1
#!/bin/sh
2

3
dir=`dirname $0`
4
. ${dir}/misc.sh
5

6
echo "1..48"
7

8
# Verify if security.mac.portacl.suser_exempt=1 really exempts super-user.
9

10
trap restore_settings EXIT INT TERM
11

12
sysctl security.mac.portacl.suser_exempt=1 >/dev/null
13

14
bind_test ok ok uid root tcp 77
15
bind_test ok ok uid root tcp 7777
16
bind_test ok ok uid root udp 77
17
bind_test ok ok uid root udp 7777
18

19
bind_test ok ok gid root tcp 77
20
bind_test ok ok gid root tcp 7777
21
bind_test ok ok gid root udp 77
22
bind_test ok ok gid root udp 7777
23

24
# Verify if security.mac.portacl.suser_exempt=0 really doesn't exempt super-user.
25

26
sysctl security.mac.portacl.suser_exempt=0 >/dev/null
27

28
bind_test fl ok uid root tcp 77
29
bind_test ok ok uid root tcp 7777
30
bind_test fl ok uid root udp 77
31
bind_test ok ok uid root udp 7777
32

33
bind_test fl ok gid root tcp 77
34
bind_test ok ok gid root tcp 7777
35
bind_test fl ok gid root udp 77
36
bind_test ok ok gid root udp 7777
37

38
# Verify if security.mac.portacl.port_high works for super-user.
39

40
sysctl security.mac.portacl.port_high=7778 >/dev/null
41

42
bind_test fl ok uid root tcp 77
43
bind_test fl ok uid root tcp 7777
44
bind_test fl ok uid root udp 77
45
bind_test fl ok uid root udp 7777
46

47
bind_test fl ok gid root tcp 77
48
bind_test fl ok gid root tcp 7777
49
bind_test fl ok gid root udp 77
50
bind_test fl ok gid root udp 7777
51

52