src/tools/regression/priv/priv_vfs_chown.c, branch release/7.0.0_cvs FreeBSD source tree This commit was manufactured by cvs2svn to create tag 2008-02-24T05:45:17+00:00 cvs2svn cvs2svn@FreeBSD.org 2008-02-24T05:45:17+00:00 a9c219fa3cec18ef9f30edec6fa106bf0e2d423d 'RELENG_7_0_0_RELEASE'. This commit was manufactured to restore the state of the 7.0-RELEASE image. 
'RELENG_7_0_0_RELEASE'.

This commit was manufactured to restore the state of the 7.0-RELEASE image.
Enhance and expand kernel privilege regression tests in support of 2007-09-09T23:08:39+00:00 Robert Watson rwatson@FreeBSD.org 2007-09-09T23:08:39+00:00 d903306a267227e32733712fef0c11e71c31b459 work present in FreeBSD 7.0 to refine the kernel privilege model: - Introduce support for jail as a testing variable, in order to confirm that privileges are properly restricted in the jail environment. - Restructure overall testing approach so that privilege and jail conditions are set in the testing infrastructure before tests are invoked, and done so in a custom-created process to isolate the impact of tests from each other in a more consistent way. - Tests now provide setup and cleanup hooks that occur before and after the test runs. - New privilege tests are now present for several audit privileges, several credential management privileges, dmesg buffer reading privilege, and netinet raw socket creation. - Other existing tests are restructured and generally improved as a result of better framework structure and jail as a variable. For exampe, we now test that certain sysctls are writable only outside jail, while others are writable within jail. On a similar note, privileges relating to setting UFS file flags are now better exercised, as with the right to chmod and utimes files. Approved by: re (bmah) Obtained from: TrustedBSD Project 
work present in FreeBSD 7.0 to refine the kernel privilege model:

- Introduce support for jail as a testing variable, in order to
  confirm that privileges are properly restricted in the jail
  environment.

- Restructure overall testing approach so that privilege and jail
  conditions are set in the testing infrastructure before tests
  are invoked, and done so in a custom-created process to isolate
  the impact of tests from each other in a more consistent way.

- Tests now provide setup and cleanup hooks that occur before and
  after the test runs.

- New privilege tests are now present for several audit
  privileges, several credential management privileges, dmesg
  buffer reading privilege, and netinet raw socket creation.

- Other existing tests are restructured and generally improved as
  a result of better framework structure and jail as a variable.
  For exampe, we now test that certain sysctls are writable only
  outside jail, while others are writable within jail.  On a
  similar note, privileges relating to setting UFS file flags are
  now better exercised, as with the right to chmod and utimes
  files.

Approved by:	re (bmah)
Obtained from:	TrustedBSD Project
dd a series of regression tests to validate that privilege requirements are 2006-09-13T09:05:39+00:00 Robert Watson rwatson@FreeBSD.org 2006-09-13T09:05:39+00:00 9fa5f6b4b9580e7fd6829e3f4a267499d0ad3af1 implemented properly for a number of kernel subsystems. In general, they try to exercise the privilege first as the root user, then as a test user, in order to determine when privilege is being checked. Currently, these tests do not compare inside/outside jail, and probably should be enhanced to do that. Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project 
implemented properly for a number of kernel subsystems.  In general, they
try to exercise the privilege first as the root user, then as a test user,
in order to determine when privilege is being checked.

Currently, these tests do not compare inside/outside jail, and probably
should be enhanced to do that.

Sponsored by:	nCircle Network Security, Inc.
Obtained from:	TrustedBSD Project