Changeset View
Changeset View
Standalone View
Standalone View
usr.sbin/jail/tests/jail_basic_test.sh
| # | # | ||||
| # SPDX-License-Identifier: BSD-2-Clause-FreeBSD | # SPDX-License-Identifier: BSD-2-Clause-FreeBSD | ||||
| # | # | ||||
| # Copyright (c) 2019 Michael Zhilin | # Copyright (c) 2019 Michael Zhilin | ||||
| # | # | ||||
| # Redistribution and use in source and binary forms, with or without | # Redistribution and use in source and binary forms, with or without | ||||
| # modification, are permitted provided that the following conditions | # modification, are permitted provided that the following conditions | ||||
| Context not available. | |||||
| # $FreeBSD$ | # $FreeBSD$ | ||||
| atf_test_case "basic" "cleanup" | atf_test_case "basic" "cleanup" | ||||
| atf_test_case "remove" "cleanup" | |||||
| atf_test_case "nested" "cleanup" | atf_test_case "nested" "cleanup" | ||||
| atf_test_case "commands" "cleanup" | atf_test_case "commands" "cleanup" | ||||
| Context not available. | |||||
| jail -r basejail | jail -r basejail | ||||
| } | } | ||||
| remove_head() | |||||
| { | |||||
| atf_set descr 'Basic jail with ipv4.addr removal test' | |||||
| atf_set require.user root | |||||
| } | |||||
| remove_body() | |||||
| { | |||||
| # Configure custom loopback IP | |||||
| atf_check -s exit:0 ifconfig lo0 inet 172.254.254.254/32 alias | |||||
asomers: This looks like a valid public IP address. You should use an RFC 5735 address instead, like 192. | |||||
jlduran_gmail.comUnsubmitted Not Done Inline ActionsMaybe s/172/127/g would suffice? jlduran_gmail.com: Maybe `s/172/127/g` would suffice? | |||||
| # Create the jail | |||||
| atf_check -s exit:0 -o ignore jail -c name=removejail persist ip4.addr=172.254.254.254 | |||||
| # Display ifconfig (trigger jail leak) | |||||
| # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264981 | |||||
| atf_check -s exit:0 -o ignore jexec removejail ifconfig lo0 | |||||
| # Stop jail | |||||
| atf_check -s exit:0 -o ignore jail -R removejail | |||||
| # This jail should be no more after few seconds (not stuck in dying state) | |||||
| sleep 5 | |||||
| atf_check -s exit:1 -o ignore -e ignore jls -d -j removejail | |||||
| } | |||||
| remove_cleanup() | |||||
| { | |||||
| ifconfig lo0 inet 172.254.254.254/32 -alias | |||||
| } | |||||
| nested_head() | nested_head() | ||||
| { | { | ||||
| atf_set descr 'Hierarchical jails test' | atf_set descr 'Hierarchical jails test' | ||||
| Context not available. | |||||
| atf_check -s exit:1 -o empty -e inline:"jail: prison limit exceeded\n"\ | atf_check -s exit:1 -o empty -e inline:"jail: prison limit exceeded\n"\ | ||||
| jexec basejail \ | jexec basejail \ | ||||
| jail -c name=secondnestedjail persist ip4.addr=192.0.1.1 | jail -c name=secondnestedjail persist ip4.addr=192.0.1.1 | ||||
| # Check output of jls | # Check output of jls | ||||
| atf_check -s exit:0 -o ignore \ | atf_check -s exit:0 -o ignore \ | ||||
| jexec basejail jls | jexec basejail jls | ||||
| Context not available. | |||||
| atf_check -s exit:1 -o empty \ | atf_check -s exit:1 -o empty \ | ||||
| -e inline:"jail: jail_set: Operation not permitted\n" \ | -e inline:"jail: jail_set: Operation not permitted\n" \ | ||||
| jexec basejail_nochild \ | jexec basejail_nochild \ | ||||
| jail -c name=nestedjail persist ip4.addr=192.0.1.1 | jail -c name=nestedjail persist ip4.addr=192.0.1.1 | ||||
| } | } | ||||
| nested_cleanup() | nested_cleanup() | ||||
| Context not available. | |||||
| jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail | jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail | ||||
| # exec.prestop by jailname | # exec.prestop by jailname | ||||
| atf_check -s exit:0 -o inline:"STOP\n" \ | atf_check -s exit:0 -o inline:"STOP\n" \ | ||||
| jail -f $(atf_get_srcdir)/commands.jail.conf -qr basejail | jail -f $(atf_get_srcdir)/commands.jail.conf -qr basejail | ||||
| # exec.prestop by jid | # exec.prestop by jid | ||||
| jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail | jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail | ||||
| atf_check -s exit:0 -o inline:"STOP\n" \ | atf_check -s exit:0 -o inline:"STOP\n" \ | ||||
| jail -f $(atf_get_srcdir)/commands.jail.conf -qr `jls -j basejail jid` | jail -f $(atf_get_srcdir)/commands.jail.conf -qr `jls -j basejail jid` | ||||
| } | } | ||||
| commands_cleanup() | commands_cleanup() | ||||
| { | { | ||||
| jls -j basejail > /dev/null 2>&1 | jls -j basejail > /dev/null 2>&1 | ||||
| if [ $? -e 0 ] | if [ $? -e 0 ] | ||||
| then | then | ||||
| jail -r basejail | jail -r basejail | ||||
| fi | fi | ||||
| Context not available. | |||||
| atf_init_test_cases() | atf_init_test_cases() | ||||
| { | { | ||||
| atf_add_test_case "basic" | atf_add_test_case "basic" | ||||
| atf_add_test_case "remove" | |||||
| atf_add_test_case "nested" | atf_add_test_case "nested" | ||||
| atf_add_test_case "commands" | atf_add_test_case "commands" | ||||
| } | } | ||||
| Context not available. | |||||
This looks like a valid public IP address. You should use an RFC 5735 address instead, like 192.0.2.0/24.