Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 17 May 2020 02:35:51 +0000 (UTC)
From:      Alan Somers <asomers@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r361126 - in stable/12/tests/sys: fs/fusefs mac/bsdextended
Message-ID:  <202005170235.04H2Zpeg005361@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: asomers
Date: Sun May 17 02:35:50 2020
New Revision: 361126
URL: https://svnweb.freebsd.org/changeset/base/361126

Log:
  MFC r360339, r360567
  
  r360339:
  mac_bsdextended: ATFify the tests
  
  The new tests have more complete setup and cleanup, are more granular, and
  correctly annotate expected failures and skipped tests. A follow-up commit
  will resolve a conflict with the fusefs tests (bug 244229).
  
  Differential Revision:	https://reviews.freebsd.org/D24257
  
  r360567:
  Resolve conflict between the fusefs(5) and mac_bsdextended(4) tests
  
  mac_bsdextended(4), when enabled, causes ordinary operations to send many
  more VOP_GETATTRs to file system. The fusefs tests expectations aren't
  written with those in mind. Optionally expecting them would greatly
  obfuscate the fusefs tests. Worse, certain fusefs functionality (like
  attribute caching) would be impossible to test if the tests couldn't expect
  an exact number of GETATTR operations.
  
  This commit resolves that conflict by making two changes:
  
  1. The fusefs tests will now check for mac_bsdextended, and skip if it's
     enabled.
  2. The mac_bsdextended tests will now check whether the module is enabled, not
     merely loaded. If it's loaded but disabled, the tests will automatically
     enable it for the duration of the tests.
  
  With these changes, a CI system can achieve best coverage by loading both
  fusefs and mac_bsdextended at boot, and setting
  security.mac.bsdextended.enabled=0
  
  PR:		244229
  Reported by:	lwhsu
  Reviewed by:	cem
  Differential Revision:	https://reviews.freebsd.org/D24577

Modified:
  stable/12/tests/sys/fs/fusefs/utils.cc
  stable/12/tests/sys/mac/bsdextended/Makefile
  stable/12/tests/sys/mac/bsdextended/matches_test.sh
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/tests/sys/fs/fusefs/utils.cc
==============================================================================
--- stable/12/tests/sys/fs/fusefs/utils.cc	Sun May 17 02:21:53 2020	(r361125)
+++ stable/12/tests/sys/fs/fusefs/utils.cc	Sun May 17 02:35:50 2020	(r361126)
@@ -70,6 +70,10 @@ const uint32_t default_max_write = MIN(libfuse_max_wri
 void check_environment()
 {
 	const char *devnode = "/dev/fuse";
+	const char *bsdextended_node = "security.mac.bsdextended.enabled";
+	int bsdextended_val = 0;
+	size_t bsdextended_size = sizeof(bsdextended_val);
+	int bsdextended_found;
 	const char *usermount_node = "vfs.usermount";
 	int usermount_val = 0;
 	size_t usermount_size = sizeof(usermount_val);
@@ -83,9 +87,19 @@ void check_environment()
 			GTEST_SKIP() << strerror(errno);
 		}
 	}
+	// mac_bsdextended(4), when enabled, generates many more GETATTR
+	// operations. The fusefs tests' expectations don't account for those,
+	// and adding extra code to handle them obfuscates the real purpose of
+	// the tests.  Better just to skip the fusefs tests if mac_bsdextended
+	// is enabled.
+	bsdextended_found = sysctlbyname(bsdextended_node, &bsdextended_val,
+					 &bsdextended_size, NULL, 0);
+	if (bsdextended_found == 0 && bsdextended_val != 0)
+		GTEST_SKIP() <<
+		    "The fusefs tests are incompatible with mac_bsdextended.";
 	ASSERT_EQ(sysctlbyname(usermount_node, &usermount_val, &usermount_size,
 			       NULL, 0),
-		  0);;
+		  0);
 	if (geteuid() != 0 && !usermount_val)
 		GTEST_SKIP() << "current user is not allowed to mount";
 }

Modified: stable/12/tests/sys/mac/bsdextended/Makefile
==============================================================================
--- stable/12/tests/sys/mac/bsdextended/Makefile	Sun May 17 02:21:53 2020	(r361125)
+++ stable/12/tests/sys/mac/bsdextended/Makefile	Sun May 17 02:35:50 2020	(r361126)
@@ -2,12 +2,14 @@
 
 TESTSDIR=	${TESTSBASE}/sys/mac/bsdextended
 
+ATF_TESTS_SH+=	matches_test
 TAP_TESTS_C+=	ugidfw_test
-TAP_TESTS_SH+=	matches_test
 
 LIBADD.ugidfw_test+=	ugidfw
 
-TEST_METADATA.matches_test+=	required_user="root"
 TEST_METADATA.ugidfw_test+=	required_user="root"
+# Each test case of matches_test reuses the same ruleset number, so they cannot
+# be run simultaneously
+TEST_METADATA.matches_test+=	is_exclusive=true
 
 .include <bsd.test.mk>

Modified: stable/12/tests/sys/mac/bsdextended/matches_test.sh
==============================================================================
--- stable/12/tests/sys/mac/bsdextended/matches_test.sh	Sun May 17 02:21:53 2020	(r361125)
+++ stable/12/tests/sys/mac/bsdextended/matches_test.sh	Sun May 17 02:35:50 2020	(r361126)
@@ -10,356 +10,390 @@ uidoutrange="daemon"
 gidinrange="nobody" # We expect $uidinrange in this group
 gidoutrange="daemon" # We expect $uidinrange in this group
 
-test_num=1
-pass()
-{
-	echo "ok $test_num # $@"
-	: $(( test_num += 1 ))
-}
 
-fail()
+check_ko()
 {
-	echo "not ok $test_num # $@"
-	: $(( test_num += 1 ))
+	if ! sysctl -N security.mac.bsdextended >/dev/null 2>&1; then
+		atf_skip "mac_bsdextended(4) support isn't available"
+	fi
+	if [ $(sysctl -n security.mac.bsdextended.enabled) = "0" ]; then
+		# The kernel module is loaded but disabled.  Enable it for the
+		# duration of the test.
+		touch enabled_bsdextended
+		sysctl security.mac.bsdextended.enabled=1
+	fi
 }
 
-#
-# Setup
-#
-
-: ${TMPDIR=/tmp}
-if [ $(id -u) -ne 0 ]; then
-	echo "1..0 # SKIP test must be run as root"
-	exit 0
-fi
-if ! sysctl -N security.mac.bsdextended >/dev/null 2>&1; then
-	echo "1..0 # SKIP mac_bsdextended(4) support isn't available"
-	exit 0
-fi
-if [ "$TMPDIR" != "/tmp" ]; then
-	if ! chmod -Rf 0755 $TMPDIR; then
-		echo "1..0 # SKIP failed to chmod $TMPDIR"
-		exit 0
+setup()
+{
+	check_ko
+	mkdir mnt
+	mdmfs -s 25m md mnt \
+		|| atf_fail "failed to mount md device"
+	chmod a+rwx mnt
+	md_device=$(mount -p | grep "$PWD/mnt" | awk '{ gsub(/^\/dev\//, "", $1); print $1 }')
+	if [ -z "$md_device" ]; then
+		atf_fail "md device not properly attached to the system"
 	fi
-fi
-if ! playground=$(mktemp -d $TMPDIR/tmp.XXXXXXX); then
-	echo "1..0 # SKIP failed to create temporary directory"
-	exit 0
-fi
-trap "rmdir $playground" EXIT INT TERM
-if ! mdmfs -s 25m md $playground; then
-	echo "1..0 # SKIP failed to mount md device"
-	exit 0
-fi
-chmod a+rwx $playground
-md_device=$(mount -p | grep "$playground" | awk '{ gsub(/^\/dev\//, "", $1); print $1 }')
-trap "umount -f $playground; mdconfig -d -u $md_device; rmdir $playground" EXIT INT TERM
-if [ -z "$md_device" ]; then
-	mount -p | grep $playground
-	echo "1..0 # SKIP md device not properly attached to the system"
-fi
+	echo $md_device > md_device
 
-ugidfw remove 1
+	ugidfw remove 1
 
-file1=$playground/test-$uidinrange
-file2=$playground/test-$uidoutrange
-cat > $playground/test-script.sh <<'EOF'
+	cat > mnt/test-script.sh <<'EOF'
 #!/bin/sh
 : > $1
 EOF
-if [ $? -ne 0 ]; then
-	echo "1..0 # SKIP failed to create test script"
-	exit 0
-fi
-echo "1..30"
+	if [ $? -ne 0 ]; then
+		atf_fail "failed to create test script"
+	fi
 
-command1="sh $playground/test-script.sh $file1"
-command2="sh $playground/test-script.sh $file2"
+	file1=mnt/test-$uidinrange
+	file2=mnt/test-$uidoutrange
+	command1="sh mnt/test-script.sh $file1"
+	command2="sh mnt/test-script.sh $file2"
 
-desc="$uidinrange file"
-if su -m $uidinrange -c "$command1"; then
-	pass $desc
-else
-	fail $desc
-fi
+	# $uidinrange file
+	atf_check -s exit:0 su -m $uidinrange -c "$command1"
 
-chown "$uidinrange":"$gidinrange" $file1
-chmod a+w $file1
+	chown "$uidinrange":"$gidinrange" $file1
+	chmod a+w $file1
 
-desc="$uidoutrange file"
-if $command2; then
-	pass $desc
-else
-	fail $desc
-fi
+	# $uidoutrange file
+	if ! $command2; then
+		atf_fail $desc
+	fi
 
-chown "$uidoutrange":"$gidoutrange" $file2
-chmod a+w $file2
+	chown "$uidoutrange":"$gidoutrange" $file2
+	chmod a+w $file2
+}
 
-#
-# No rules
-#
-desc="no rules $uidinrange"
-if su -fm $uidinrange -c "$command1"; then
-	pass $desc
-else
-	fail $desc
-fi
+cleanup()
+{
+	ugidfw remove 1
 
-desc="no rules $uidoutrange"
-if su -fm $uidoutrange -c "$command1"; then
-	pass $desc
-else
-	fail $desc
-fi
+	umount -f mnt
+	if [ -f md_device ]; then
+		mdconfig -d -u $( cat md_device )
+	fi
+	if [ -f enabled_bsdextended ]; then
+		sysctl security.mac.bsdextended.enabled=0
+	fi
+}
 
-#
-# Subject Match on uid
-#
-ugidfw set 1 subject uid $uidrange object mode rasx
-desc="subject uid in range"
-if su -fm $uidinrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
+atf_test_case no_rules cleanup
+no_rules_head()
+{
+	atf_set "require.user" "root"
+}
+no_rules_body()
+{
+	setup
 
-desc="subject uid out range"
-if su -fm $uidoutrange -c "$command1"; then
-	pass $desc
-else
-	fail $desc
-fi
+	# no rules $uidinrange
+	atf_check -s exit:0 su -fm $uidinrange -c "$command1"
 
-#
-# Subject Match on gid
-#
-ugidfw set 1 subject gid $gidrange object mode rasx
+	# no rules $uidoutrange
+	atf_check -s exit:0 su -fm $uidoutrange -c "$command1"
+}
+no_rules_cleanup()
+{
+	cleanup
+}
 
-desc="subject gid in range"
-if su -fm $uidinrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
+atf_test_case subject_match_on_uid cleanup
+subject_match_on_uid_head()
+{
+	atf_set "require.user" "root"
+}
+subject_match_on_uid_body()
+{
+	setup
 
-desc="subject gid out range"
-if su -fm $uidoutrange -c "$command1"; then
-	pass $desc
-else
-	fail $desc
-fi
+	atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object mode rasx
+	# subject uid in range
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidinrange -c "$command1"
 
-if which jail >/dev/null; then
-	#
-	# Subject Match on jail
-	#
-	rm -f $playground/test-jail
+	# subject uid out range
+	atf_check -s exit:0 su -fm $uidoutrange -c "$command1"
 
-	desc="subject matching jailid"
-	jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"`
-	ugidfw set 1 subject jailid $jailid object mode rasx
+}
+subject_match_on_uid_cleanup()
+{
+	cleanup
+}
+
+atf_test_case subject_match_on_gid cleanup
+subject_match_on_gid_head()
+{
+	atf_set "require.user" "root"
+}
+subject_match_on_gid_body()
+{
+	setup
+
+	atf_check -s exit:0 ugidfw set 1 subject gid $gidrange object mode rasx
+
+	# subject gid in range
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidinrange -c "$command1"
+
+	# subject gid out range
+	atf_check -s exit:0 su -fm $uidoutrange -c "$command1"
+}
+subject_match_on_gid_cleanup()
+{
+	cleanup
+}
+
+atf_test_case subject_match_on_jail cleanup
+subject_match_on_jail_head()
+{
+	atf_set "require.progs" "jail"
+	atf_set "require.user" "root"
+}
+subject_match_on_jail_body()
+{
+	setup
+
+	atf_expect_fail "this testcase fails (see bug # 205481)"
+	# subject matching jailid
+	jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch mnt/test-jail) &"`
+	atf_check -s exit:0 ugidfw set 1 subject jailid $jailid object mode rasx
 	sleep 10
 
-	if [ -f $playground/test-jail ]; then
-		fail "TODO $desc: this testcase fails (see bug # 205481)"
-	else
-		pass $desc
+	if [ -f mnt/test-jail ]; then
+		atf_fail "$desc"
 	fi
 
-	rm -f $playground/test-jail
-	desc="subject nonmatching jailid"
-	jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"`
+	rm -f mnt/test-jail
+	# subject nonmatching jailid
+	jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch mnt/test-jail) &"`
 	sleep 10
-	if [ -f $playground/test-jail ]; then
-		pass $desc
-	else
-		fail $desc
+	if ! [ -f mnt/test-jail ]; then
+		atf_fail $desc
 	fi
-else
-	# XXX: kyua is too dumb to parse skip ranges, still..
-	pass "skip jail(8) not installed"
-	pass "skip jail(8) not installed"
-fi
+}
+subject_match_on_jail_cleanup()
+{
+	cleanup
+}
 
-#
-# Object uid
-#
-ugidfw set 1 subject object uid $uidrange mode rasx
+atf_test_case object_uid cleanup
+object_uid_head()
+{
+	atf_set "require.user" "root"
+}
+object_uid_body()
+{
+	setup
 
-desc="object uid in range"
-if su -fm $uidinrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
+	atf_check -s exit:0 ugidfw set 1 subject object uid $uidrange mode rasx
 
-desc="object uid out range"
-if su -fm $uidinrange -c "$command2"; then
-	pass $desc
-else
-	fail $desc
-fi
-ugidfw set 1 subject object uid $uidrange mode rasx
+	# object uid in range
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidinrange -c "$command1"
 
-desc="object uid in range (different subject)"
-if su -fm $uidoutrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
+	# object uid out range
+	atf_check -s exit:0 su -fm $uidinrange -c "$command2"
+	atf_check -s exit:0 ugidfw set 1 subject object uid $uidrange mode rasx
 
-desc="object uid out range (different subject)"
-if su -fm $uidoutrange -c "$command2"; then
-	pass $desc
-else
-	fail $desc
-fi
+	# object uid in range (different subject)
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidoutrange -c "$command1"
 
-#
-# Object gid
-#
-ugidfw set 1 subject object gid $uidrange mode rasx
+	# object uid out range (different subject)
+	atf_check -s exit:0 su -fm $uidoutrange -c "$command2"
 
-desc="object gid in range"
-if su -fm $uidinrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
+}
+object_uid_cleanup()
+{
+	cleanup
+}
 
-desc="object gid out range"
-if su -fm $uidinrange -c "$command2"; then
-	pass $desc
-else
-	fail $desc
-fi
-desc="object gid in range (different subject)"
-if su -fm $uidoutrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
+atf_test_case object_gid cleanup
+object_gid_head()
+{
+	atf_set "require.user" "root"
+}
+object_gid_body()
+{
+	setup
 
-desc="object gid out range (different subject)"
-if su -fm $uidoutrange -c "$command2"; then
-	pass $desc
-else
-	fail $desc
-fi
+	atf_check -s exit:0 ugidfw set 1 subject object gid $uidrange mode rasx
 
-#
-# Object filesys
-#
-ugidfw set 1 subject uid $uidrange object filesys / mode rasx
-desc="object out of filesys"
-if su -fm $uidinrange -c "$command1"; then
-	pass $desc
-else
-	fail $desc
-fi
+	# object gid in range
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidinrange -c "$command1"
 
-ugidfw set 1 subject uid $uidrange object filesys $playground mode rasx
-desc="object in filesys"
-if su -fm $uidinrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
+	# object gid out range
+	atf_check -s exit:0 su -fm $uidinrange -c "$command2"
+	# object gid in range (different subject)
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidoutrange -c "$command1"
 
-#
-# Object suid
-#
-ugidfw set 1 subject uid $uidrange object suid mode rasx
-desc="object notsuid"
-if su -fm $uidinrange -c "$command1"; then
-	pass $desc
-else
-	fail $desc
-fi
+	# object gid out range (different subject)
+	atf_check -s exit:0 su -fm $uidoutrange -c "$command2"
+}
+object_gid_cleanup()
+{
+	cleanup
+}
 
-chmod u+s $file1
-desc="object suid"
-if su -fm $uidinrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
-chmod u-s $file1
+atf_test_case object_filesys cleanup
+object_filesys_head()
+{
+	atf_set "require.user" "root"
+}
+object_filesys_body()
+{
+	setup
 
-#
-# Object sgid
-#
-ugidfw set 1 subject uid $uidrange object sgid mode rasx
-desc="object notsgid"
-if su -fm $uidinrange -c "$command1"; then
-	pass $desc
-else
-	fail $desc
-fi
+	atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object filesys / mode rasx
+	# object out of filesys
+	atf_check -s exit:0 su -fm $uidinrange -c "$command1"
 
-chmod g+s $file1
-desc="object sgid"
-if su -fm $uidinrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
-chmod g-s $file1
+	atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object filesys mnt mode rasx
+	# object in filesys
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidinrange -c "$command1"
+}
+object_filesys_cleanup()
+{
+	cleanup
+}
 
-#
-# Object uid matches subject
-#
-ugidfw set 1 subject uid $uidrange object uid_of_subject mode rasx
+atf_test_case object_suid cleanup
+object_suid_head()
+{
+	atf_set "require.user" "root"
+}
+object_suid_body()
+{
+	setup
 
-desc="object uid notmatches subject"
-if su -fm $uidinrange -c "$command2"; then
-	pass $desc
-else
-	fail $desc
-fi
+	atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object suid mode rasx
+	# object notsuid
+	atf_check -s exit:0 su -fm $uidinrange -c "$command1"
 
-desc="object uid matches subject"
-if su -fm $uidinrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
+	chmod u+s $file1
+	# object suid
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidinrange -c "$command1"
+	chmod u-s $file1
 
-#
-# Object gid matches subject
-#
-ugidfw set 1 subject uid $uidrange object gid_of_subject mode rasx
+}
+object_suid_cleanup()
+{
+	cleanup
+}
 
-desc="object gid notmatches subject"
-if su -fm $uidinrange -c "$command2"; then
-	pass $desc
-else
-	fail $desc
-fi
+atf_test_case object_sgid cleanup
+object_sgid_head()
+{
+	atf_set "require.user" "root"
+}
+object_sgid_body()
+{
+	setup
 
-desc="object gid matches subject"
-if su -fm $uidinrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
+	atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object sgid mode rasx
+	# object notsgid
+	atf_check -s exit:0 su -fm $uidinrange -c "$command1"
 
-#
-# Object type
-#
-desc="object not type"
-ugidfw set 1 subject uid $uidrange object type dbclsp mode rasx
-if su -fm $uidinrange -c "$command1"; then
-	pass $desc
-else
-	fail $desc
-fi
+	chmod g+s $file1
+	# object sgid
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidinrange -c "$command1"
+	chmod g-s $file1
+}
+object_sgid_cleanup()
+{
+	cleanup
+}
 
-desc="object type"
-ugidfw set 1 subject uid $uidrange object type r mode rasx
-if su -fm $uidinrange -c "$command1"; then
-	fail $desc
-else
-	pass $desc
-fi
+atf_test_case object_uid_matches_subject cleanup
+object_uid_matches_subject_head()
+{
+	atf_set "require.user" "root"
+}
+object_uid_matches_subject_body()
+{
+	setup
+
+	atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object uid_of_subject mode rasx
+
+	# object uid notmatches subject
+	atf_check -s exit:0 su -fm $uidinrange -c "$command2"
+
+	# object uid matches subject
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidinrange -c "$command1"
+}
+object_uid_matches_subject_cleanup()
+{
+	cleanup
+}
+
+atf_test_case object_gid_matches_subject cleanup
+object_gid_matches_subject_head()
+{
+	atf_set "require.user" "root"
+}
+object_gid_matches_subject_body()
+{
+	setup
+
+	atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object gid_of_subject mode rasx
+
+	# object gid notmatches subject
+	atf_check -s exit:0 su -fm $uidinrange -c "$command2"
+
+	# object gid matches subject
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidinrange -c "$command1"
+
+}
+object_gid_matches_subject_cleanup()
+{
+	cleanup
+}
+
+atf_test_case object_type cleanup
+object_type_head()
+{
+	atf_set "require.user" "root"
+}
+object_type_body()
+{
+	setup
+
+	# object not type
+	atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object type dbclsp mode rasx
+	atf_check -s exit:0 su -fm $uidinrange -c "$command1"
+
+	# object type
+	atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object type r mode rasx
+	atf_check -s not-exit:0 -e match:"Permission denied" \
+		su -fm $uidinrange -c "$command1"
+}
+object_type_cleanup()
+{
+	cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case no_rules
+	atf_add_test_case subject_match_on_uid
+	atf_add_test_case subject_match_on_gid
+	atf_add_test_case subject_match_on_jail
+	atf_add_test_case object_uid
+	atf_add_test_case object_gid
+	atf_add_test_case object_filesys
+	atf_add_test_case object_suid
+	atf_add_test_case object_sgid
+	atf_add_test_case object_uid_matches_subject
+	atf_add_test_case object_gid_matches_subject
+	atf_add_test_case object_type
+}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005170235.04H2Zpeg005361>