From owner-p4-projects@FreeBSD.ORG Wed Mar 12 06:51:41 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C079D1065672; Wed, 12 Mar 2008 06:51:41 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 804EF106566B for ; Wed, 12 Mar 2008 06:51:41 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 63ABA8FC1A for ; Wed, 12 Mar 2008 06:51:41 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m2C6pfsL010103 for ; Wed, 12 Mar 2008 06:51:41 GMT (envelope-from zhouzhouyi@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m2C6pfjZ010101 for perforce@freebsd.org; Wed, 12 Mar 2008 06:51:41 GMT (envelope-from zhouzhouyi@FreeBSD.org) Date: Wed, 12 Mar 2008 06:51:41 GMT Message-Id: <200803120651.m2C6pfjZ010101@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to zhouzhouyi@FreeBSD.org using -f From: Zhouyi ZHOU To: Perforce Change Reviews Cc: Subject: PERFORCE change 137469 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2008 06:51:42 -0000 http://perforce.freebsd.org/chv.cgi?CH=137469 Change 137469 by zhouzhouyi@zhouzhouyi_mactest on 2008/03/12 06:51:30 Test cases for setuid and setgid for MAC Framework Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#16 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/00.t#8 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/mactest.c#16 (text+ko) ==== @@ -660,6 +660,7 @@ } logfd = open(LOGDEV, O_RDWR); + ioctl(logfd, BEGINLOG, NULL); if (gids != NULL) { set_gids(gids); @@ -675,7 +676,6 @@ /*Begin to log */ - ioctl(logfd, BEGINLOG, NULL); for (;;) { scall = find_syscall(argv[0]); ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/open/00.t#8 (text+ko) ==== @@ -30,11 +30,11 @@ touch ${mactest_conf} setfmac "mls/equal,biba/equal" ${mactest_conf} - echo "1..7" + echo "1..8" n0=`namegen` n1=`namegen` - + n2=`namegen` dvplabel=`getfmac ".."| sed 's/\(\.\.:\ \)\([a-z\,\/]*\)/\2/`; @@ -119,6 +119,16 @@ echo "biba/high(low-high),mls/5(low-high) biba/high,mls/8" >> ${mactest_conf} mactestexpect "" 0 -m "mls/5" -f ${mactest_conf} chown . 65535 65535 +#case 8 setuid and setgid: + echo -n "pid = -1 proc_check_setegid:" > ${mactest_conf} + echo "biba/high(low-high),mls/5(low-high)" >> ${mactest_conf} + echo -n "pid = -1 proc_check_setuid:" >> ${mactest_conf} + echo "biba/high(low-high),mls/5(low-high)" >> ${mactest_conf} + echo -n "pid = -1 proc_check_setgroups:" >> ${mactest_conf} + echo "biba/high(low-high),mls/5(low-high)" >> ${mactest_conf} + mactestexpect "" 0 -u 65535 -g 65535 -m "mls/5" -f ${mactest_conf} mkdir ${n2} 0755 + + #cleanup: sysctl security.mac.mls.enabled=0 >/dev/null