diff options
Diffstat (limited to 'tests/sys')
| -rw-r--r-- | tests/sys/mac/ipacl/Makefile | 5 | ||||
| -rw-r--r-- | tests/sys/mac/ipacl/ipacl_test.sh | 16 | ||||
| -rw-r--r-- | tests/sys/mac/ipacl/utils.subr | 4 | ||||
| -rw-r--r-- | tests/sys/mac/portacl/Makefile | 1 | ||||
| -rw-r--r-- | tests/sys/mac/portacl/misc.sh | 12 | ||||
| -rw-r--r-- | tests/sys/mac/portacl/nobody_test.sh | 1 | ||||
| -rw-r--r-- | tests/sys/mac/portacl/root_test.sh | 1 |
7 files changed, 22 insertions, 18 deletions
diff --git a/tests/sys/mac/ipacl/Makefile b/tests/sys/mac/ipacl/Makefile index e083f6c1a69c..93b29e250ea5 100644 --- a/tests/sys/mac/ipacl/Makefile +++ b/tests/sys/mac/ipacl/Makefile @@ -6,4 +6,9 @@ ATF_TESTS_SH+= ipacl_test ${PACKAGE}FILES+= utils.subr +.for t in ${ATF_TESTS_SH} +TEST_METADATA.$t+= required_kmods="mac_ipacl" +TEST_METADATA.$t+= is_exclusive="true" +.endfor + .include <bsd.test.mk> diff --git a/tests/sys/mac/ipacl/ipacl_test.sh b/tests/sys/mac/ipacl/ipacl_test.sh index 0de1b414857b..892f4c154b66 100644 --- a/tests/sys/mac/ipacl/ipacl_test.sh +++ b/tests/sys/mac/ipacl/ipacl_test.sh @@ -40,6 +40,9 @@ ipacl_v4_body() { ipacl_test_init + prev_ipacl_ipv4="$(sysctl -n security.mac.ipacl.ipv4)" + prev_ipacl_rules="$(sysctl -n security.mac.ipacl.rules)" + epairA=$(vnet_mkepair) epairB=$(vnet_mkepair) epairC=$(vnet_mkepair) @@ -130,8 +133,9 @@ ipacl_v4_body() atf_check -s not-exit:0 -e ignore \ jexec A ifconfig ${epairA}b 203.0.113.1/24 up - # Reset rules OID. - sysctl security.mac.ipacl.rules= + # Reset sysctls. + sysctl security.mac.ipacl.rules="${prev_ipacl_rules}" + sysctl security.mac.ipacl.ipv4="${prev_ipacl_ipv4}" } ipacl_v4_cleanup() @@ -151,6 +155,9 @@ ipacl_v6_body() { ipacl_test_init + prev_ipacl_ipv6="$(sysctl -n security.mac.ipacl.ipv6)" + prev_ipacl_rules="$(sysctl -n security.mac.ipacl.rules)" + epairA=$(vnet_mkepair) epairB=$(vnet_mkepair) epairC=$(vnet_mkepair) @@ -265,8 +272,9 @@ ipacl_v6_body() atf_check -s not-exit:0 -e ignore jexec A ifconfig \ ${epairA}b inet6 2001:db8::abcd/32 up - # Reset rules OID. - sysctl security.mac.ipacl.rules= + # Reset sysctls. + sysctl security.mac.ipacl.rules="${prev_ipacl_rules}" + sysctl security.mac.ipacl.ipv6="${prev_ipacl_ipv6}" } ipacl_v6_cleanup() diff --git a/tests/sys/mac/ipacl/utils.subr b/tests/sys/mac/ipacl/utils.subr index 1d80414bafea..2fff8b1862da 100644 --- a/tests/sys/mac/ipacl/utils.subr +++ b/tests/sys/mac/ipacl/utils.subr @@ -5,10 +5,6 @@ ipacl_test_init() { vnet_init - - if ! kldstat -q -m mac_ipacl; then - atf_skip "mac_ipacl is not loaded" - fi } ipacl_test_cleanup() diff --git a/tests/sys/mac/portacl/Makefile b/tests/sys/mac/portacl/Makefile index 856a85d331d5..28c3a5cd71ce 100644 --- a/tests/sys/mac/portacl/Makefile +++ b/tests/sys/mac/portacl/Makefile @@ -8,6 +8,7 @@ TAP_TESTS_SH+= nobody_test TAP_TESTS_SH+= root_test .for t in ${TAP_TESTS_SH} +TEST_METADATA.$t+= required_kmods="mac_portacl" TEST_METADATA.$t+= required_user="root" TEST_METADATA.$t+= timeout="450" TEST_METADATA.$t+= is_exclusive="true" diff --git a/tests/sys/mac/portacl/misc.sh b/tests/sys/mac/portacl/misc.sh index a1b729c87777..4d3f18fce1c1 100644 --- a/tests/sys/mac/portacl/misc.sh +++ b/tests/sys/mac/portacl/misc.sh @@ -1,15 +1,5 @@ #!/bin/sh -sysctl security.mac.portacl >/dev/null 2>&1 -if [ $? -ne 0 ]; then - echo "1..0 # SKIP MAC_PORTACL is unavailable." - exit 0 -fi -if [ $(id -u) -ne 0 ]; then - echo "1..0 # SKIP testcases must be run as root" - exit 0 -fi - ntest=1 check_bind() { @@ -95,6 +85,7 @@ bind_test() { sysctl security.mac.portacl.rules= >/dev/null } +portacl_enabled=$(sysctl -n security.mac.portacl.enabled) reserved_high=$(sysctl -n net.inet.ip.portrange.reservedhigh) suser_exempt=$(sysctl -n security.mac.portacl.suser_exempt) port_high=$(sysctl -n security.mac.portacl.port_high) @@ -103,4 +94,5 @@ restore_settings() { sysctl -n net.inet.ip.portrange.reservedhigh=${reserved_high} >/dev/null sysctl -n security.mac.portacl.suser_exempt=${suser_exempt} >/dev/null sysctl -n security.mac.portacl.port_high=${port_high} >/dev/null + sysctl -n security.mac.portacl.enabled=${portacl_enabled} >/dev/null } diff --git a/tests/sys/mac/portacl/nobody_test.sh b/tests/sys/mac/portacl/nobody_test.sh index 7e64f68113ea..a3f2168dc81d 100644 --- a/tests/sys/mac/portacl/nobody_test.sh +++ b/tests/sys/mac/portacl/nobody_test.sh @@ -13,6 +13,7 @@ trap restore_settings EXIT INT TERM sysctl security.mac.portacl.suser_exempt=1 >/dev/null sysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null +sysctl security.mac.portacl.enabled=1 >/dev/null bind_test fl fl uid nobody tcp 77 bind_test ok ok uid nobody tcp 7777 diff --git a/tests/sys/mac/portacl/root_test.sh b/tests/sys/mac/portacl/root_test.sh index daa5b147b4fa..d8898ff4f80e 100644 --- a/tests/sys/mac/portacl/root_test.sh +++ b/tests/sys/mac/portacl/root_test.sh @@ -10,6 +10,7 @@ echo "1..48" trap restore_settings EXIT INT TERM sysctl security.mac.portacl.suser_exempt=1 >/dev/null +sysctl security.mac.portacl.enabled=1 >/dev/null bind_test ok ok uid root tcp 77 bind_test ok ok uid root tcp 7777 |