From owner-cvs-all@FreeBSD.ORG Sun Sep 9 23:08:40 2007 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A646B16A417; Sun, 9 Sep 2007 23:08:40 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 7B61013C4A5; Sun, 9 Sep 2007 23:08:40 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id l89N8ex9095857; Sun, 9 Sep 2007 23:08:40 GMT (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id l89N8eCq095856; Sun, 9 Sep 2007 23:08:40 GMT (envelope-from rwatson) Message-Id: <200709092308.l89N8eCq095856@repoman.freebsd.org> From: Robert Watson Date: Sun, 9 Sep 2007 23:08:40 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src/tools/regression/priv Makefile main.c main.h priv_acct.c priv_adjtime.c priv_audit_control.c priv_audit_getaudit.c priv_audit_setaudit.c priv_audit_submit.c priv_clock_settime.c priv_cred.c priv_io.c priv_kenv_set.c ... X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Sep 2007 23:08:40 -0000 rwatson 2007-09-09 23:08:40 UTC FreeBSD src repository Modified files: tools/regression/priv Makefile main.c main.h priv_acct.c priv_adjtime.c priv_clock_settime.c priv_io.c priv_kenv_set.c priv_kenv_unset.c priv_proc_setlogin.c priv_proc_setrlimit.c priv_sched_rtprio.c priv_sched_setpriority.c priv_settimeofday.c priv_sysctl_write.c priv_vfs_chown.c priv_vfs_chroot.c priv_vfs_clearsugid.c priv_vfs_extattr_system.c priv_vfs_fhopen.c priv_vfs_fhstat.c priv_vfs_fhstatfs.c priv_vfs_generation.c priv_vfs_getfh.c priv_vfs_read_write.c priv_vfs_setgid.c priv_vfs_stickyfile.c priv_vm_madv_protect.c priv_vm_mlock.c priv_vm_munlock.c Added files: tools/regression/priv priv_audit_control.c priv_audit_getaudit.c priv_audit_setaudit.c priv_audit_submit.c priv_cred.c priv_msgbuf.c priv_netinet_raw.c priv_vfs_chflags.c priv_vfs_chmod.c priv_vfs_utimes.c Removed files: tools/regression/priv priv_vfs_admin.c test_utimes.c Log: Enhance and expand kernel privilege regression tests in support of work present in FreeBSD 7.0 to refine the kernel privilege model: - Introduce support for jail as a testing variable, in order to confirm that privileges are properly restricted in the jail environment. - Restructure overall testing approach so that privilege and jail conditions are set in the testing infrastructure before tests are invoked, and done so in a custom-created process to isolate the impact of tests from each other in a more consistent way. - Tests now provide setup and cleanup hooks that occur before and after the test runs. - New privilege tests are now present for several audit privileges, several credential management privileges, dmesg buffer reading privilege, and netinet raw socket creation. - Other existing tests are restructured and generally improved as a result of better framework structure and jail as a variable. For exampe, we now test that certain sysctls are writable only outside jail, while others are writable within jail. On a similar note, privileges relating to setting UFS file flags are now better exercised, as with the right to chmod and utimes files. Approved by: re (bmah) Obtained from: TrustedBSD Project Revision Changes Path 1.2 +14 -6 src/tools/regression/priv/Makefile 1.2 +385 -72 src/tools/regression/priv/main.c 1.2 +261 -38 src/tools/regression/priv/main.h 1.2 +110 -110 src/tools/regression/priv/priv_acct.c 1.2 +35 -26 src/tools/regression/priv/priv_adjtime.c 1.1 +85 -0 src/tools/regression/priv/priv_audit_control.c (new) 1.1 +102 -0 src/tools/regression/priv/priv_audit_getaudit.c (new) 1.1 +109 -0 src/tools/regression/priv/priv_audit_setaudit.c (new) 1.1 +88 -0 src/tools/regression/priv/priv_audit_submit.c (new) 1.2 +33 -25 src/tools/regression/priv/priv_clock_settime.c 1.1 +208 -0 src/tools/regression/priv/priv_cred.c (new) 1.2 +46 -69 src/tools/regression/priv/priv_io.c 1.2 +26 -18 src/tools/regression/priv/priv_kenv_set.c 1.2 +27 -25 src/tools/regression/priv/priv_kenv_unset.c 1.1 +152 -0 src/tools/regression/priv/priv_msgbuf.c (new) 1.1 +82 -0 src/tools/regression/priv/priv_netinet_raw.c (new) 1.2 +40 -25 src/tools/regression/priv/priv_proc_setlogin.c 1.2 +114 -81 src/tools/regression/priv/priv_proc_setrlimit.c 1.2 +224 -129 src/tools/regression/priv/priv_sched_rtprio.c 1.2 +97 -87 src/tools/regression/priv/priv_sched_setpriority.c 1.2 +32 -25 src/tools/regression/priv/priv_settimeofday.c 1.2 +75 -36 src/tools/regression/priv/priv_sysctl_write.c 1.2 +0 -328 src/tools/regression/priv/priv_vfs_admin.c (dead) 1.1 +254 -0 src/tools/regression/priv/priv_vfs_chflags.c (new) 1.1 +146 -0 src/tools/regression/priv/priv_vfs_chmod.c (new) 1.2 +94 -100 src/tools/regression/priv/priv_vfs_chown.c 1.2 +23 -13 src/tools/regression/priv/priv_vfs_chroot.c 1.2 +73 -136 src/tools/regression/priv/priv_vfs_clearsugid.c 1.2 +44 -34 src/tools/regression/priv/priv_vfs_extattr_system.c 1.2 +42 -37 src/tools/regression/priv/priv_vfs_fhopen.c 1.2 +38 -36 src/tools/regression/priv/priv_vfs_fhstat.c 1.2 +41 -37 src/tools/regression/priv/priv_vfs_fhstatfs.c 1.2 +62 -55 src/tools/regression/priv/priv_vfs_generation.c 1.2 +27 -26 src/tools/regression/priv/priv_vfs_getfh.c 1.2 +182 -293 src/tools/regression/priv/priv_vfs_read_write.c 1.2 +61 -83 src/tools/regression/priv/priv_vfs_setgid.c 1.2 +135 -81 src/tools/regression/priv/priv_vfs_stickyfile.c 1.1 +224 -0 src/tools/regression/priv/priv_vfs_utimes.c (new) 1.2 +25 -13 src/tools/regression/priv/priv_vm_madv_protect.c 1.2 +22 -13 src/tools/regression/priv/priv_vm_mlock.c 1.2 +23 -13 src/tools/regression/priv/priv_vm_munlock.c 1.2 +0 -153 src/tools/regression/priv/test_utimes.c (dead)