From owner-svn-src-all@freebsd.org Mon Dec 21 08:14:47 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 26C87A4D535; Mon, 21 Dec 2015 08:14:47 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 032F511C1; Mon, 21 Dec 2015 08:14:46 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tBL8Ekui067657; Mon, 21 Dec 2015 08:14:46 GMT (envelope-from ngie@FreeBSD.org) Received: (from ngie@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tBL8Ekx2067656; Mon, 21 Dec 2015 08:14:46 GMT (envelope-from ngie@FreeBSD.org) Message-Id: <201512210814.tBL8Ekx2067656@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ngie set sender to ngie@FreeBSD.org using -f From: Garrett Cooper Date: Mon, 21 Dec 2015 08:14:46 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r292531 - head/tools/regression/mac/mac_bsdextended X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Dec 2015 08:14:47 -0000 Author: ngie Date: Mon Dec 21 08:14:45 2015 New Revision: 292531 URL: https://svnweb.freebsd.org/changeset/base/292531 Log: Make test_matches.sh into a series of TAP testcases Use temporary filesystems / memory disks instead of a hardcoded path which doesn't exist on test systems MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division Modified: head/tools/regression/mac/mac_bsdextended/test_matches.sh Modified: head/tools/regression/mac/mac_bsdextended/test_matches.sh ============================================================================== --- head/tools/regression/mac/mac_bsdextended/test_matches.sh Mon Dec 21 07:04:01 2015 (r292530) +++ head/tools/regression/mac/mac_bsdextended/test_matches.sh Mon Dec 21 08:14:45 2015 (r292531) @@ -10,158 +10,185 @@ uidoutrange="daemon" gidinrange="nobody" # We expect $uidinrange in this group gidoutrange="daemon" # We expect $uidinrange in this group -playground="/stuff/nobody/" # Must not be on root fs - # # Setup # -rm -f $playground/test* + +: ${TMPDIR=/tmp} +if [ $(id -u) -ne 0 ]; then + echo "1..0 # SKIP test must be run as root" + exit 0 +fi +if ! playground=$(mktemp -d $TMPDIR/tmp.XXXXXXX); then + echo "1..0 # SKIP failed to create temporary directory" + exit 0 +fi +trap "rmdir $playground" EXIT INT TERM +if ! mdmfs -s 25m md $playground; then + echo "1..0 # SKIP failed to mount md device" + exit 0 +fi +chmod a+rwx $playground +md_device=$(mount -p | grep "$playground" | awk '{ gsub(/^\/dev\//, "", $1); print $1 }') +trap "umount -f $playground; mdconfig -d -u $md_device; rmdir $playground" EXIT INT TERM +if [ -z "$md_device" ]; then + mount -p | grep $playground + echo "1..0 # md device not properly attached to the system" +fi + ugidfw remove 1 file1=$playground/test-$uidinrange file2=$playground/test-$uidoutrange -cat < $playground/test-script.pl -if (open(F, ">" . shift)) { exit 0; } else { exit 1; } +cat > $playground/test-script.sh <<'EOF' +#!/bin/sh +: > $1 EOF -command1="perl $playground/test-script.pl $file1" -command2="perl $playground/test-script.pl $file2" +if [ $? -ne 0 ]; then + echo "1..0 # SKIP failed to create test script" + exit 0 +fi +echo "1..30" + +command1="sh $playground/test-script.sh $file1" +command2="sh $playground/test-script.sh $file2" -echo -n "$uidinrange file: " -su -m $uidinrange -c "$command1 && echo good" +echo "# $uidinrange file:" +su -m $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" chown "$uidinrange":"$gidinrange" $file1 chmod a+w $file1 -echo -n "$uidoutrange file: " -$command2 && echo good +echo "# $uidoutrange file:" +if $command2; then echo ok; else echo not ok; fi chown "$uidoutrange":"$gidoutrange" $file2 chmod a+w $file2 # # No rules # -echo -n "no rules $uidinrange: " -su -fm $uidinrange -c "$command1 && echo good" -echo -n "no rules $uidoutrange: " -su -fm $uidoutrange -c "$command1 && echo good" +echo "# no rules $uidinrange:" +su -fm $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" +echo "# no rules $uidoutrange:" +su -fm $uidoutrange -c "if $command1; then echo ok; else echo not ok; fi" # # Subject Match on uid # ugidfw set 1 subject uid $uidrange object mode rasx -echo -n "subject uid in range: " -su -fm $uidinrange -c "$command1 || echo good" -echo -n "subject uid out range: " -su -fm $uidoutrange -c "$command1 && echo good" +echo "# subject uid in range:" +su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" +echo "# subject uid out range:" +su -fm $uidoutrange -c "if $command1; then echo ok; else echo not ok; fi" # # Subject Match on gid # ugidfw set 1 subject gid $gidrange object mode rasx -echo -n "subject gid in range: " -su -fm $uidinrange -c "$command1 || echo good" -echo -n "subject gid out range: " -su -fm $uidoutrange -c "$command1 && echo good" +echo "# subject gid in range:" +su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" +echo "# subject gid out range:" +su -fm $uidoutrange -c "if $command1; then echo ok; else echo not ok; fi" # # Subject Match on jail # -echo -n "subject matching jailid: " rm -f $playground/test-jail -jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 3; touch $playground/test-jail) &"` +echo "# subject matching jailid:" +jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"` ugidfw set 1 subject jailid $jailid object mode rasx -sleep 6 -if [ ! -f $playground/test-jail ] ; then echo good ; fi +sleep 10 +if [ -f $playground/test-jail ]; then echo not ok; else echo ok; fi -echo -n "subject nonmatching jailid: " rm -f $playground/test-jail -jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 3; touch $playground/test-jail) &"` -sleep 6 -if [ -f $playground/test-jail ] ; then echo good ; fi +echo "# subject nonmatching jailid:" +jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"` +sleep 10 +if [ -f $playground/test-jail ]; then echo ok; else echo not ok; fi # # Object uid # ugidfw set 1 subject object uid $uidrange mode rasx -echo -n "object uid in range: " -su -fm $uidinrange -c "$command1 || echo good" -echo -n "object uid out range: " -su -fm $uidinrange -c "$command2 && echo good" +echo "# object uid in range:" +su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" +echo "# object uid out range:" +su -fm $uidinrange -c "if $command2; then echo ok; else echo not ok; fi" ugidfw set 1 subject object uid $uidrange mode rasx -echo -n "object uid in range (differennt subject): " -su -fm $uidoutrange -c "$command1 || echo good" -echo -n "object uid out range (differennt subject): " -su -fm $uidoutrange -c "$command2 && echo good" +echo "# object uid in range (differennt subject):" +su -fm $uidoutrange -c "if $command1; then echo not ok; else echo ok; fi" +echo "# object uid out range (differennt subject):" +su -fm $uidoutrange -c "if $command2; then echo ok; else echo not ok; fi" # # Object gid # ugidfw set 1 subject object gid $uidrange mode rasx -echo -n "object gid in range: " -su -fm $uidinrange -c "$command1 || echo good" -echo -n "object gid out range: " -su -fm $uidinrange -c "$command2 && echo good" -echo -n "object gid in range (differennt subject): " -su -fm $uidoutrange -c "$command1 || echo good" -echo -n "object gid out range (differennt subject): " -su -fm $uidoutrange -c "$command2 && echo good" +echo "# object gid in range:" +su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" +echo "# object gid out range:" +su -fm $uidinrange -c "if $command2; then echo ok; else echo not ok; fi" +echo "# object gid in range (different subject):" +su -fm $uidoutrange -c "if $command1; then echo not ok; else echo ok; fi" +echo "# object gid out range (different subject):" +su -fm $uidoutrange -c "if $command2; then echo ok; else echo not ok; fi" # # Object filesys # ugidfw set 1 subject uid $uidrange object filesys / mode rasx -echo -n "object out of filesys: " -su -fm $uidinrange -c "$command1 && echo good" +echo "# object out of filesys:" +su -fm $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" ugidfw set 1 subject uid $uidrange object filesys $playground mode rasx -echo -n "object in filesys: " -su -fm $uidinrange -c "$command1 || echo good" +echo "# object in filesys:" +su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" # # Object suid # ugidfw set 1 subject uid $uidrange object suid mode rasx -echo -n "object notsuid: " -su -fm $uidinrange -c "$command1 && echo good" +echo "# object notsuid:" +su -fm $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" chmod u+s $file1 -echo -n "object suid: " -su -fm $uidinrange -c "$command1 || echo good" +echo "# object suid:" +su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" chmod u-s $file1 # # Object sgid # ugidfw set 1 subject uid $uidrange object sgid mode rasx -echo -n "object notsgid: " -su -fm $uidinrange -c "$command1 && echo good" +echo "# object notsgid:" +su -fm $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" chmod g+s $file1 -echo -n "object sgid: " -su -fm $uidinrange -c "$command1 || echo good" +echo "# object sgid:" +su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" chmod g-s $file1 # # Object uid matches subject # ugidfw set 1 subject uid $uidrange object uid_of_subject mode rasx -echo -n "object uid notmatches subject: " -su -fm $uidinrange -c "$command2 && echo good" -echo -n "object uid matches subject: " -su -fm $uidinrange -c "$command1 || echo good" +echo "# object uid notmatches subject:" +su -fm $uidinrange -c "if $command2; then echo ok; else echo not ok; fi" +echo "# object uid matches subject:" +su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" # # Object gid matches subject # ugidfw set 1 subject uid $uidrange object gid_of_subject mode rasx -echo -n "object gid notmatches subject: " -su -fm $uidinrange -c "$command2 && echo good" -echo -n "object gid matches subject: " -su -fm $uidinrange -c "$command1 || echo good" +echo "# object gid notmatches subject:" +su -fm $uidinrange -c "if $command2; then echo ok; else echo not ok; fi" +echo "# object gid matches subject:" +su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi" # # Object type # ugidfw set 1 subject uid $uidrange object type dbclsp mode rasx -echo -n "object not type: " -su -fm $uidinrange -c "$command1 && echo good" +echo "# object not type:" +su -fm $uidinrange -c "if $command1; then echo ok; else echo not ok; fi" ugidfw set 1 subject uid $uidrange object type r mode rasx -echo -n "object type: " -su -fm $uidinrange -c "$command1 || echo good" +echo "# object type:" +su -fm $uidinrange -c "if $command1; then echo not ok; else echo ok; fi"