Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F161432293
D58016.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
8 KB
Referenced Files
None
Subscribers
None
D58016.diff
View Options
diff --git a/tests/sys/mac/do/common.sh b/tests/sys/mac/do/common.sh
--- a/tests/sys/mac/do/common.sh
+++ b/tests/sys/mac/do/common.sh
@@ -10,21 +10,21 @@
echo "$1".rules
}
-exec_paths_parameter()
+trusted_bins_parameter()
{
- echo "$1".exec_paths
+ echo "$1".trusted_bins
}
: ${MDO:=/usr/bin/mdo}
ROOT_KNOB=security.mac.do
RULES_KNOB=$(rules_parameter ${ROOT_KNOB})
-EXEC_PATHS_KNOB=$(exec_paths_parameter ${ROOT_KNOB})
+TRUSTED_BINS_KNOB=$(trusted_bins_parameter ${ROOT_KNOB})
PPE_KNOB=${ROOT_KNOB}.print_parse_error
ROOT_JAIL_PARAM=mac.do
RULES_JAIL_PARAM=$(rules_parameter ${ROOT_JAIL_PARAM})
-EXEC_PATHS_JAIL_PARAM=$(exec_paths_parameter ${ROOT_JAIL_PARAM})
+TRUSTED_BINS_JAIL_PARAM=$(trusted_bins_parameter ${ROOT_JAIL_PARAM})
# To be overridden to execute commands in a sub-jail
JEXEC=
@@ -33,7 +33,7 @@
mac_do_disabled()
{
[ -z "$($JEXEC sysctl -n ${RULES_KNOB})" ] ||
- [ -z "$($JEXEC sysctl -n ${EXEC_PATHS_KNOB})" ]
+ [ -z "$($JEXEC sysctl -n ${TRUSTED_BINS_KNOB})" ]
}
mac_do_check_disabled()
@@ -51,9 +51,9 @@
$JEXEC sysctl -n ${RULES_KNOB}
}
-sysctl_exec_paths()
+sysctl_trusted_bins()
{
- $JEXEC sysctl -n ${EXEC_PATHS_KNOB}
+ $JEXEC sysctl -n ${TRUSTED_BINS_KNOB}
}
# $1 = sysctl func, $2 = expected value
@@ -76,12 +76,12 @@
}
# $1 = value
-sysctl_check_exec_paths()
+sysctl_check_trusted_bins()
{
local value
value=$1
- sysctl_check sysctl_exec_paths $value
+ sysctl_check sysctl_trusted_bins $value
}
# $1 = knob name, $2 = value
@@ -138,24 +138,24 @@
}
# $1 = sysctl function, $2 = value
-sysctl_set_and_check_exec_paths_common()
+sysctl_set_and_check_trusted_bins_common()
{
local func value
func=$1
value=$2
# Use older in-rule separator (':') first to have final value as specified
- "$func" ${EXEC_PATHS_KNOB} "$(echo "$value" | sed 's%>%:%')"
- "$func" ${EXEC_PATHS_KNOB} "$value"
+ "$func" ${TRUSTED_BINS_KNOB} "$(echo "$value" | sed 's%>%:%')"
+ "$func" ${TRUSTED_BINS_KNOB} "$value"
}
# $1 = value
-sysctl_set_and_check_exec_paths()
+sysctl_set_and_check_trusted_bins()
{
local value
value=$1
- sysctl_set_and_check_exec_paths_common sysctl_set_and_check "$value"
+ sysctl_set_and_check_trusted_bins_common sysctl_set_and_check "$value"
}
# Create a persistent subjail. Echoes its JID.
diff --git a/tests/sys/mac/do/consistency.sh b/tests/sys/mac/do/consistency.sh
--- a/tests/sys/mac/do/consistency.sh
+++ b/tests/sys/mac/do/consistency.sh
@@ -7,14 +7,14 @@
SJ_JID_FILE=sj.jid
-atf_test_case concurrent_rules_exec_paths_changes
-concurrent_rules_exec_paths_changes_head()
+atf_test_case concurrent_rules_trusted_bins_changes
+concurrent_rules_trusted_bins_changes_head()
{
- atf_set descr "Consistency of rules and exec paths changes on same jail"
+ atf_set descr "Consistency of rules and trusted bins changes on same jail"
}
-concurrent_rules_exec_paths_changes_body()
+concurrent_rules_trusted_bins_changes_body()
{
- local rules exec_paths rules_es exec_paths_es
+ local rules trusted_bins rules_es trusted_bins_es
for I in $(jot - 1 1000); do
sysctl_set_and_check_rules "uid=$I>uid=1001"
@@ -22,24 +22,24 @@
rules=$!
for I in $(jot - 1 1000); do
- sysctl_set_and_check_exec_paths /nowhere/nonexistent$I
+ sysctl_set_and_check_trusted_bins /nowhere/nonexistent$I
done &
- exec_paths=$!
+ trusted_bins=$!
wait $rules
rules_es=$?
- wait $exec_paths
- exec_paths_es=$?
+ wait $trusted_bins
+ trusted_bins_es=$?
# atf_check called in the asynchronous AND-OR lists above causes exit of the
# subshells and also a write to the ATF result file. These writes are
# concurrent and may cause the result file to be malformed. Consequently,
# it is important that, once execution becomes sequential again, atf_fail() is
# called again (and not just exit()).
- if [ $rules_es -ne 0 ] || [ $exec_paths_es -ne 0 ]; then
+ if [ $rules_es -ne 0 ] || [ $trusted_bins_es -ne 0 ]; then
atf_fail "Rules exit status: $rules_es, \
-exec paths exit status: $exec_paths_es"
+trusted bins exit status: $trusted_bins_es"
fi
}
@@ -50,7 +50,7 @@
}
inheritance_body()
{
- local sj rules exec_paths
+ local sj rules trusted_bins
# For the sake of not running the test under Kyua
mac_do_ensure_disabled
@@ -78,16 +78,16 @@
# Not really necessary, just to keep mac_do(4) disabled
sysctl_set_and_check_rules ""
- exec_paths="/nowhere/nonexistent"
- sysctl_set_and_check_exec_paths $exec_paths
+ trusted_bins="/nowhere/nonexistent"
+ sysctl_set_and_check_trusted_bins $trusted_bins
JEXEC="jexec $sj"
- sysctl_check_exec_paths $exec_paths
+ sysctl_check_trusted_bins $trusted_bins
JEXEC=
- exec_paths="$MDO"
- sysctl_set_and_check_exec_paths $exec_paths
+ trusted_bins="$MDO"
+ sysctl_set_and_check_trusted_bins $trusted_bins
JEXEC="jexec $sj"
- sysctl_check_exec_paths $exec_paths
+ sysctl_check_trusted_bins $trusted_bins
JEXEC=
}
inheritance_cleanup()
@@ -109,7 +109,7 @@
}
inheritance_relax_parent_jail_body()
{
- local sj rules exec_paths subproc
+ local sj rules trusted_bins subproc
sj=$(launch_subjail)
echo $sj > "${SJ_JID_FILE}"
@@ -121,11 +121,11 @@
JEXEC="jexec $sj"
sysctl_check_rules $rules
JEXEC=
- exec_paths="$MDO"
- sysctl_set_and_check_exec_paths $exec_paths
+ trusted_bins="$MDO"
+ sysctl_set_and_check_trusted_bins $trusted_bins
# Additional inheritance sanity check
JEXEC="jexec $sj"
- sysctl_check_exec_paths $exec_paths
+ sysctl_check_trusted_bins $trusted_bins
JEXEC=
# Launch a process that tries to become 'root' from user 1002, and verify
@@ -143,7 +143,7 @@
JEXEC="jexec $sj"
# Additional sanity check (that rules of the subjail are now independent)
[ "$(sysctl_rules)" == $rules ] || atf_fail "Rules not copied"
- [ "$(sysctl_exec_paths)" == $exec_paths ] ||
+ [ "$(sysctl_trusted_bins)" == $trusted_bins ] ||
atf_fail "Exec paths not copied"
JEXEC=
@@ -164,29 +164,29 @@
}
same_knob_and_jail_parameter_body()
{
- local sj rules exec_paths subproc
+ local sj rules trusted_bins subproc
sj=$(launch_subjail)
echo $sj > "${SJ_JID_FILE}"
# Set sysctl knobs, observe parameters
rules="uid=19999>uid=21700"
- exec_paths="/improbable/path/he"
+ trusted_bins="/improbable/path/he"
JEXEC="jexec $sj"
sysctl_set_and_check_rules $rules
- sysctl_set_and_check_exec_paths $exec_paths
+ sysctl_set_and_check_trusted_bins $trusted_bins
JEXEC=
atf_check -o inline:"$rules\n" jls -j $sj ${RULES_JAIL_PARAM}
- atf_check -o inline:"${exec_paths}\n" jls -j $sj ${EXEC_PATHS_JAIL_PARAM}
+ atf_check -o inline:"${trusted_bins}\n" jls -j $sj ${TRUSTED_BINS_JAIL_PARAM}
# Set parameters, observe knobs
rules="uid=128000>uid=-1"
- exec_paths="/hello/i_ve/changed"
+ trusted_bins="/hello/i_ve/changed"
jail -m jid=$sj ${RULES_JAIL_PARAM}=$rules \
- ${EXEC_PATHS_JAIL_PARAM}=${exec_paths}
+ ${TRUSTED_BINS_JAIL_PARAM}=${trusted_bins}
JEXEC="jexec $sj"
sysctl_check_rules $rules
- sysctl_check_exec_paths $exec_paths
+ sysctl_check_trusted_bins $trusted_bins
JEXEC=
}
same_knob_and_jail_parameter_cleanup()
@@ -201,10 +201,10 @@
{
. $(atf_get_srcdir)/common.sh
atf_require_prog jot
- # Needs an absolute path for mdo(1), to set it in exec_paths
+ # Needs an absolute path for mdo(1), to set it in trusted_bins
atf_require_prog "$MDO"
- atf_add_test_case concurrent_rules_exec_paths_changes
+ atf_add_test_case concurrent_rules_trusted_bins_changes
atf_add_test_case inheritance
atf_add_test_case inheritance_relax_parent_jail
atf_add_test_case same_knob_and_jail_parameter
diff --git a/tests/sys/mac/do/invalid_configs.sh b/tests/sys/mac/do/invalid_configs.sh
--- a/tests/sys/mac/do/invalid_configs.sh
+++ b/tests/sys/mac/do/invalid_configs.sh
@@ -73,7 +73,7 @@
}
# Added after observing a panic() in this situation because of a double-free
-# after introduction of "exec_paths".
+# after introduction of "trusted_bins".
atf_test_case non_first_rule_unparseable
non_first_rule_unparseable_head()
{
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Jul 4, 5:00 PM (6 h, 48 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
34678783
Default Alt Text
D58016.diff (8 KB)
Attached To
Mode
D58016: MAC/do: update tests to reflect exec_paths to trusted_bins change
Attached
Detach File
Event Timeline
Log In to Comment