003 File Manager
Current Path:
/usr/src/tests/sys/mac/portacl
usr
/
src
/
tests
/
sys
/
mac
/
portacl
/
📁
..
📄
LICENSE
(1.33 KB)
📄
Makefile
(280 B)
📄
Makefile.depend
(176 B)
📄
misc.sh
(2.34 KB)
📄
nobody_test.sh
(1.78 KB)
📄
root_test.sh
(1.27 KB)
Editing: nobody_test.sh
#!/bin/sh # $FreeBSD$ dir=`dirname $0` . ${dir}/misc.sh echo "1..64" # security.mac.portacl.suser_exempt value doesn't affect unprivileged users # behaviour. # mac_portacl has no impact on ports <= net.inet.ip.portrange.reservedhigh. trap restore_settings EXIT INT TERM sysctl security.mac.portacl.suser_exempt=1 >/dev/null sysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null bind_test fl fl uid nobody tcp 77 bind_test ok ok uid nobody tcp 7777 bind_test fl fl uid nobody udp 77 bind_test ok ok uid nobody udp 7777 bind_test fl fl gid nobody tcp 77 bind_test ok ok gid nobody tcp 7777 bind_test fl fl gid nobody udp 77 bind_test ok ok gid nobody udp 7777 sysctl security.mac.portacl.suser_exempt=0 >/dev/null bind_test fl fl uid nobody tcp 77 bind_test ok ok uid nobody tcp 7777 bind_test fl fl uid nobody udp 77 bind_test ok ok uid nobody udp 7777 bind_test fl fl gid nobody tcp 77 bind_test ok ok gid nobody tcp 7777 bind_test fl fl gid nobody udp 77 bind_test ok ok gid nobody udp 7777 # Verify if security.mac.portacl.port_high works. sysctl security.mac.portacl.port_high=7778 >/dev/null bind_test fl fl uid nobody tcp 77 bind_test fl ok uid nobody tcp 7777 bind_test fl fl uid nobody udp 77 bind_test fl ok uid nobody udp 7777 bind_test fl fl gid nobody tcp 77 bind_test fl ok gid nobody tcp 7777 bind_test fl fl gid nobody udp 77 bind_test fl ok gid nobody udp 7777 # Verify if mac_portacl rules work. sysctl net.inet.ip.portrange.reservedhigh=76 >/dev/null sysctl security.mac.portacl.port_high=7776 >/dev/null bind_test fl ok uid nobody tcp 77 bind_test ok ok uid nobody tcp 7777 bind_test fl ok uid nobody udp 77 bind_test ok ok uid nobody udp 7777 bind_test fl ok gid nobody tcp 77 bind_test ok ok gid nobody tcp 7777 bind_test fl ok gid nobody udp 77 bind_test ok ok gid nobody udp 7777
Upload File
Create Folder