Page MenuHomeFreeBSD

D58016.diff
No OneTemporary

D58016.diff

diff --git a/tests/sys/mac/do/common.sh b/tests/sys/mac/do/common.sh
--- a/tests/sys/mac/do/common.sh
+++ b/tests/sys/mac/do/common.sh
@@ -10,21 +10,21 @@
echo "$1".rules
}
-exec_paths_parameter()
+trusted_bins_parameter()
{
- echo "$1".exec_paths
+ echo "$1".trusted_bins
}
: ${MDO:=/usr/bin/mdo}
ROOT_KNOB=security.mac.do
RULES_KNOB=$(rules_parameter ${ROOT_KNOB})
-EXEC_PATHS_KNOB=$(exec_paths_parameter ${ROOT_KNOB})
+TRUSTED_BINS_KNOB=$(trusted_bins_parameter ${ROOT_KNOB})
PPE_KNOB=${ROOT_KNOB}.print_parse_error
ROOT_JAIL_PARAM=mac.do
RULES_JAIL_PARAM=$(rules_parameter ${ROOT_JAIL_PARAM})
-EXEC_PATHS_JAIL_PARAM=$(exec_paths_parameter ${ROOT_JAIL_PARAM})
+TRUSTED_BINS_JAIL_PARAM=$(trusted_bins_parameter ${ROOT_JAIL_PARAM})
# To be overridden to execute commands in a sub-jail
JEXEC=
@@ -33,7 +33,7 @@
mac_do_disabled()
{
[ -z "$($JEXEC sysctl -n ${RULES_KNOB})" ] ||
- [ -z "$($JEXEC sysctl -n ${EXEC_PATHS_KNOB})" ]
+ [ -z "$($JEXEC sysctl -n ${TRUSTED_BINS_KNOB})" ]
}
mac_do_check_disabled()
@@ -51,9 +51,9 @@
$JEXEC sysctl -n ${RULES_KNOB}
}
-sysctl_exec_paths()
+sysctl_trusted_bins()
{
- $JEXEC sysctl -n ${EXEC_PATHS_KNOB}
+ $JEXEC sysctl -n ${TRUSTED_BINS_KNOB}
}
# $1 = sysctl func, $2 = expected value
@@ -76,12 +76,12 @@
}
# $1 = value
-sysctl_check_exec_paths()
+sysctl_check_trusted_bins()
{
local value
value=$1
- sysctl_check sysctl_exec_paths $value
+ sysctl_check sysctl_trusted_bins $value
}
# $1 = knob name, $2 = value
@@ -138,24 +138,24 @@
}
# $1 = sysctl function, $2 = value
-sysctl_set_and_check_exec_paths_common()
+sysctl_set_and_check_trusted_bins_common()
{
local func value
func=$1
value=$2
# Use older in-rule separator (':') first to have final value as specified
- "$func" ${EXEC_PATHS_KNOB} "$(echo "$value" | sed 's%>%:%')"
- "$func" ${EXEC_PATHS_KNOB} "$value"
+ "$func" ${TRUSTED_BINS_KNOB} "$(echo "$value" | sed 's%>%:%')"
+ "$func" ${TRUSTED_BINS_KNOB} "$value"
}
# $1 = value
-sysctl_set_and_check_exec_paths()
+sysctl_set_and_check_trusted_bins()
{
local value
value=$1
- sysctl_set_and_check_exec_paths_common sysctl_set_and_check "$value"
+ sysctl_set_and_check_trusted_bins_common sysctl_set_and_check "$value"
}
# Create a persistent subjail. Echoes its JID.
diff --git a/tests/sys/mac/do/consistency.sh b/tests/sys/mac/do/consistency.sh
--- a/tests/sys/mac/do/consistency.sh
+++ b/tests/sys/mac/do/consistency.sh
@@ -7,14 +7,14 @@
SJ_JID_FILE=sj.jid
-atf_test_case concurrent_rules_exec_paths_changes
-concurrent_rules_exec_paths_changes_head()
+atf_test_case concurrent_rules_trusted_bins_changes
+concurrent_rules_trusted_bins_changes_head()
{
- atf_set descr "Consistency of rules and exec paths changes on same jail"
+ atf_set descr "Consistency of rules and trusted bins changes on same jail"
}
-concurrent_rules_exec_paths_changes_body()
+concurrent_rules_trusted_bins_changes_body()
{
- local rules exec_paths rules_es exec_paths_es
+ local rules trusted_bins rules_es trusted_bins_es
for I in $(jot - 1 1000); do
sysctl_set_and_check_rules "uid=$I>uid=1001"
@@ -22,24 +22,24 @@
rules=$!
for I in $(jot - 1 1000); do
- sysctl_set_and_check_exec_paths /nowhere/nonexistent$I
+ sysctl_set_and_check_trusted_bins /nowhere/nonexistent$I
done &
- exec_paths=$!
+ trusted_bins=$!
wait $rules
rules_es=$?
- wait $exec_paths
- exec_paths_es=$?
+ wait $trusted_bins
+ trusted_bins_es=$?
# atf_check called in the asynchronous AND-OR lists above causes exit of the
# subshells and also a write to the ATF result file. These writes are
# concurrent and may cause the result file to be malformed. Consequently,
# it is important that, once execution becomes sequential again, atf_fail() is
# called again (and not just exit()).
- if [ $rules_es -ne 0 ] || [ $exec_paths_es -ne 0 ]; then
+ if [ $rules_es -ne 0 ] || [ $trusted_bins_es -ne 0 ]; then
atf_fail "Rules exit status: $rules_es, \
-exec paths exit status: $exec_paths_es"
+trusted bins exit status: $trusted_bins_es"
fi
}
@@ -50,7 +50,7 @@
}
inheritance_body()
{
- local sj rules exec_paths
+ local sj rules trusted_bins
# For the sake of not running the test under Kyua
mac_do_ensure_disabled
@@ -78,16 +78,16 @@
# Not really necessary, just to keep mac_do(4) disabled
sysctl_set_and_check_rules ""
- exec_paths="/nowhere/nonexistent"
- sysctl_set_and_check_exec_paths $exec_paths
+ trusted_bins="/nowhere/nonexistent"
+ sysctl_set_and_check_trusted_bins $trusted_bins
JEXEC="jexec $sj"
- sysctl_check_exec_paths $exec_paths
+ sysctl_check_trusted_bins $trusted_bins
JEXEC=
- exec_paths="$MDO"
- sysctl_set_and_check_exec_paths $exec_paths
+ trusted_bins="$MDO"
+ sysctl_set_and_check_trusted_bins $trusted_bins
JEXEC="jexec $sj"
- sysctl_check_exec_paths $exec_paths
+ sysctl_check_trusted_bins $trusted_bins
JEXEC=
}
inheritance_cleanup()
@@ -109,7 +109,7 @@
}
inheritance_relax_parent_jail_body()
{
- local sj rules exec_paths subproc
+ local sj rules trusted_bins subproc
sj=$(launch_subjail)
echo $sj > "${SJ_JID_FILE}"
@@ -121,11 +121,11 @@
JEXEC="jexec $sj"
sysctl_check_rules $rules
JEXEC=
- exec_paths="$MDO"
- sysctl_set_and_check_exec_paths $exec_paths
+ trusted_bins="$MDO"
+ sysctl_set_and_check_trusted_bins $trusted_bins
# Additional inheritance sanity check
JEXEC="jexec $sj"
- sysctl_check_exec_paths $exec_paths
+ sysctl_check_trusted_bins $trusted_bins
JEXEC=
# Launch a process that tries to become 'root' from user 1002, and verify
@@ -143,7 +143,7 @@
JEXEC="jexec $sj"
# Additional sanity check (that rules of the subjail are now independent)
[ "$(sysctl_rules)" == $rules ] || atf_fail "Rules not copied"
- [ "$(sysctl_exec_paths)" == $exec_paths ] ||
+ [ "$(sysctl_trusted_bins)" == $trusted_bins ] ||
atf_fail "Exec paths not copied"
JEXEC=
@@ -164,29 +164,29 @@
}
same_knob_and_jail_parameter_body()
{
- local sj rules exec_paths subproc
+ local sj rules trusted_bins subproc
sj=$(launch_subjail)
echo $sj > "${SJ_JID_FILE}"
# Set sysctl knobs, observe parameters
rules="uid=19999>uid=21700"
- exec_paths="/improbable/path/he"
+ trusted_bins="/improbable/path/he"
JEXEC="jexec $sj"
sysctl_set_and_check_rules $rules
- sysctl_set_and_check_exec_paths $exec_paths
+ sysctl_set_and_check_trusted_bins $trusted_bins
JEXEC=
atf_check -o inline:"$rules\n" jls -j $sj ${RULES_JAIL_PARAM}
- atf_check -o inline:"${exec_paths}\n" jls -j $sj ${EXEC_PATHS_JAIL_PARAM}
+ atf_check -o inline:"${trusted_bins}\n" jls -j $sj ${TRUSTED_BINS_JAIL_PARAM}
# Set parameters, observe knobs
rules="uid=128000>uid=-1"
- exec_paths="/hello/i_ve/changed"
+ trusted_bins="/hello/i_ve/changed"
jail -m jid=$sj ${RULES_JAIL_PARAM}=$rules \
- ${EXEC_PATHS_JAIL_PARAM}=${exec_paths}
+ ${TRUSTED_BINS_JAIL_PARAM}=${trusted_bins}
JEXEC="jexec $sj"
sysctl_check_rules $rules
- sysctl_check_exec_paths $exec_paths
+ sysctl_check_trusted_bins $trusted_bins
JEXEC=
}
same_knob_and_jail_parameter_cleanup()
@@ -201,10 +201,10 @@
{
. $(atf_get_srcdir)/common.sh
atf_require_prog jot
- # Needs an absolute path for mdo(1), to set it in exec_paths
+ # Needs an absolute path for mdo(1), to set it in trusted_bins
atf_require_prog "$MDO"
- atf_add_test_case concurrent_rules_exec_paths_changes
+ atf_add_test_case concurrent_rules_trusted_bins_changes
atf_add_test_case inheritance
atf_add_test_case inheritance_relax_parent_jail
atf_add_test_case same_knob_and_jail_parameter
diff --git a/tests/sys/mac/do/invalid_configs.sh b/tests/sys/mac/do/invalid_configs.sh
--- a/tests/sys/mac/do/invalid_configs.sh
+++ b/tests/sys/mac/do/invalid_configs.sh
@@ -73,7 +73,7 @@
}
# Added after observing a panic() in this situation because of a double-free
-# after introduction of "exec_paths".
+# after introduction of "trusted_bins".
atf_test_case non_first_rule_unparseable
non_first_rule_unparseable_head()
{

File Metadata

Mime Type
text/plain
Expires
Sat, Jul 4, 5:00 PM (6 h, 48 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
34678783
Default Alt Text
D58016.diff (8 KB)

Event Timeline