diff --git a/tests/sys/acl/00.sh b/tests/sys/acl/00.sh index 42b06cb8c484..5853aac2cac8 100644 --- a/tests/sys/acl/00.sh +++ b/tests/sys/acl/00.sh @@ -1,86 +1,90 @@ #!/bin/sh # # Copyright (c) 2008, 2009 Edward Tomasz Napierała # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # This is a wrapper script to run tools-posix.test on UFS filesystem. # # If any of the tests fails, here is how to debug it: go to # the directory with problematic filesystem mounted on it, # and do /path/to/test run /path/to/test tools-posix.test, e.g. # # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test # # Output should be obvious. if [ $(sysctl -n kern.features.ufs_acl 2>/dev/null || echo 0) -eq 0 ]; then echo "1..0 # SKIP system does not have UFS ACL support" exit 0 fi if [ $(id -u) -ne 0 ]; then echo "1..0 # SKIP you must be root" exit 0 fi +if [ ! -c /dev/mdctl ]; then + echo "1..0 # SKIP no /dev/mdctl to create md devices" + exit 0 +fi echo "1..4" TESTDIR=$(dirname $(realpath $0)) # Set up the test filesystem. MD=`mdconfig -at swap -s 10m` MNT=`mktemp -dt acltools` newfs /dev/$MD > /dev/null trap "cd /; umount -f $MNT; rmdir $MNT; mdconfig -d -u $MD" EXIT mount -o acls /dev/$MD $MNT if [ $? -ne 0 ]; then echo "not ok 1 - mount failed." echo 'Bail out!' exit 1 fi echo "ok 1" cd $MNT # First, check whether we can crash the kernel by creating too many # entries. For some reason this won't work in the test file. touch xxx i=0; while :; do i=$(($i+1)); setfacl -m u:$i:rwx xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done chmod 600 xxx rm xxx echo "ok 2" perl $TESTDIR/run $TESTDIR/tools-posix.test >&2 if [ $? -eq 0 ]; then echo "ok 3" else echo "not ok 3" fi cd / echo "ok 4" diff --git a/tests/sys/acl/01.sh b/tests/sys/acl/01.sh index 3521ef37e663..044d1b81ab68 100644 --- a/tests/sys/acl/01.sh +++ b/tests/sys/acl/01.sh @@ -1,85 +1,89 @@ #!/bin/sh # # Copyright (c) 2008, 2009 Edward Tomasz Napierała # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # This is a wrapper script to run tools-nfs4.test on ZFS filesystem. # # WARNING: It uses hardcoded ZFS pool name "acltools" # # If any of the tests fails, here is how to debug it: go to # the directory with problematic filesystem mounted on it, # and do /path/to/test run /path/to/test tools-nfs4.test, e.g. # # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test # # Output should be obvious. if ! sysctl vfs.zfs.version.spa >/dev/null 2>&1; then echo "1..0 # SKIP system doesn't have ZFS loaded" exit 0 fi if [ $(id -u) -ne 0 ]; then echo "1..0 # SKIP you must be root" exit 0 fi +if [ ! -c /dev/mdctl ]; then + echo "1..0 # SKIP no /dev/mdctl to create md devices" + exit 0 +fi echo "1..4" TESTDIR=$(dirname $(realpath $0)) # Set up the test filesystem. MD=`mdconfig -at swap -s 64m` MNT=`mktemp -dt acltools` trap "cd /; zpool destroy -f acltools; rmdir $MNT; mdconfig -d -u $MD" EXIT zpool create -m $MNT acltools /dev/$MD if [ $? -ne 0 ]; then echo "not ok 1 - 'zpool create' failed." echo 'Bail out!' exit 1 fi echo "ok 1" cd $MNT # First, check whether we can crash the kernel by creating too many # entries. For some reason this won't work in the test file. touch xxx setfacl -x2 xxx while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done chmod 600 xxx rm xxx echo "ok 2" perl $TESTDIR/run $TESTDIR/tools-nfs4-psarc.test >&2 if [ $? -eq 0 ]; then echo "ok 3" else echo "not ok 3 # TODO: fails due to ACL changes in ZFS; bug 212323" fi echo "ok 4" diff --git a/tests/sys/acl/02.sh b/tests/sys/acl/02.sh index 069995d9906f..98fe1345b069 100644 --- a/tests/sys/acl/02.sh +++ b/tests/sys/acl/02.sh @@ -1,91 +1,95 @@ #!/bin/sh # # Copyright (c) 2008, 2009 Edward Tomasz Napierała # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # This is a wrapper script to run tools-nfs4.test on UFS filesystem. # # If any of the tests fails, here is how to debug it: go to # the directory with problematic filesystem mounted on it, # and do /path/to/test run /path/to/test tools-nfs4.test, e.g. # # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test # # Output should be obvious. if [ $(sysctl -n kern.features.ufs_acl 2>/dev/null || echo 0) -eq 0 ]; then echo "1..0 # SKIP system does not have UFS ACL support" exit 0 fi if [ $(id -u) -ne 0 ]; then echo "1..0 # SKIP you must be root" exit 0 fi +if [ ! -c /dev/mdctl ]; then + echo "1..0 # SKIP no /dev/mdctl to create md devices" + exit 0 +fi echo "1..4" TESTDIR=$(dirname $(realpath $0)) # Set up the test filesystem. MD=`mdconfig -at swap -s 10m` MNT=`mktemp -dt acltools` newfs /dev/$MD > /dev/null trap "cd /; umount -f $MNT; rmdir $MNT; mdconfig -d -u $MD" EXIT mount -o nfsv4acls /dev/$MD $MNT if [ $? -ne 0 ]; then echo "not ok 1 - mount failed." echo 'Bail out!' exit 1 fi echo "ok 1" cd $MNT # First, check whether we can crash the kernel by creating too many # entries. For some reason this won't work in the test file. touch xxx setfacl -x2 xxx while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done chmod 600 xxx rm xxx echo "ok 2" if [ `sysctl -n vfs.acl_nfs4_old_semantics` = 0 ]; then perl $TESTDIR/run $TESTDIR/tools-nfs4-psarc.test >&2 else perl $TESTDIR/run $TESTDIR/tools-nfs4.test >&2 fi if [ $? -eq 0 ]; then echo "ok 3" else echo "not ok 3" fi cd / echo "ok 4" diff --git a/tests/sys/acl/03.sh b/tests/sys/acl/03.sh index 2de58e31ba3a..4c85638ca8db 100644 --- a/tests/sys/acl/03.sh +++ b/tests/sys/acl/03.sh @@ -1,115 +1,119 @@ #!/bin/sh # # Copyright (c) 2008, 2009 Edward Tomasz Napierała # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # This is a wrapper script to run tools-crossfs.test between UFS without # ACLs, UFS with POSIX.1e ACLs, and ZFS with NFSv4 ACLs. # # WARNING: It uses hardcoded ZFS pool name "acltools" # # Output should be obvious. if ! sysctl vfs.zfs.version.spa >/dev/null 2>&1; then echo "1..0 # SKIP system doesn't have ZFS loaded" exit 0 fi if [ $(id -u) -ne 0 ]; then echo "1..0 # SKIP you must be root" exit 0 fi +if [ ! -c /dev/mdctl ]; then + echo "1..0 # SKIP no /dev/mdctl to create md devices" + exit 0 +fi echo "1..5" TESTDIR=$(dirname $(realpath $0)) MNTROOT=`mktemp -dt acltools` # Set up the test filesystems. MD1=`mdconfig -at swap -s 64m` MNT1=$MNTROOT/nfs4 mkdir $MNT1 zpool create -m $MNT1 acltools /dev/$MD1 if [ $? -ne 0 ]; then echo "not ok 1 - 'zpool create' failed." echo 'Bail out!' exit 1 fi echo "ok 1" MD2=`mdconfig -at swap -s 10m` MNT2=$MNTROOT/posix mkdir $MNT2 newfs /dev/$MD2 > /dev/null mount -o acls /dev/$MD2 $MNT2 if [ $? -ne 0 ]; then echo "not ok 2 - mount failed." echo 'Bail out!' exit 1 fi echo "ok 2" MD3=`mdconfig -at swap -s 10m` MNT3=$MNTROOT/none mkdir $MNT3 newfs /dev/$MD3 > /dev/null mount /dev/$MD3 $MNT3 if [ $? -ne 0 ]; then echo "not ok 3 - mount failed." echo 'Bail out!' exit 1 fi echo "ok 3" cd $MNTROOT perl $TESTDIR/run $TESTDIR/tools-crossfs.test >&2 if [ $? -eq 0 ]; then echo "ok 4" else echo "not ok 4" fi cd / umount -f $MNT3 rmdir $MNT3 mdconfig -du $MD3 umount -f $MNT2 rmdir $MNT2 mdconfig -du $MD2 zpool destroy -f acltools rmdir $MNT1 mdconfig -du $MD1 rmdir $MNTROOT echo "ok 5" diff --git a/tests/sys/acl/04.sh b/tests/sys/acl/04.sh index 33ce5ab9bc17..cfe4b1cb08a8 100644 --- a/tests/sys/acl/04.sh +++ b/tests/sys/acl/04.sh @@ -1,72 +1,76 @@ #!/bin/sh # # Copyright (c) 2011 Edward Tomasz Napierała # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # This is a wrapper script to run tools-nfs4-trivial.test on ZFS filesystem. # # WARNING: It uses hardcoded ZFS pool name "acltools" if ! sysctl vfs.zfs.version.spa >/dev/null 2>&1; then echo "1..0 # SKIP system doesn't have ZFS loaded" exit 0 fi if [ $(id -u) -ne 0 ]; then echo "1..0 # SKIP you must be root" exit 0 fi +if [ ! -c /dev/mdctl ]; then + echo "1..0 # SKIP no /dev/mdctl to create md devices" + exit 0 +fi echo "1..3" TESTDIR=$(dirname $(realpath $0)) # Set up the test filesystem. MD=`mdconfig -at swap -s 64m` MNT=`mktemp -dt acltools` zpool create -m $MNT acltools /dev/$MD if [ $? -ne 0 ]; then echo "not ok 1 - 'zpool create' failed." echo 'Bail out!' exit 1 fi echo "ok 1" cd $MNT perl $TESTDIR/run $TESTDIR/tools-nfs4-trivial.test >&2 if [ $? -eq 0 ]; then echo "ok 2" else echo "not ok 2" fi cd / zpool destroy -f acltools rmdir $MNT mdconfig -du $MD echo "ok 3" diff --git a/tests/sys/cddl/zfs/tests/cache/cache_test.sh b/tests/sys/cddl/zfs/tests/cache/cache_test.sh index 4d77d9fa56a7..79b09dd93183 100755 --- a/tests/sys/cddl/zfs/tests/cache/cache_test.sh +++ b/tests/sys/cddl/zfs/tests/cache/cache_test.sh @@ -1,338 +1,339 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # # Copyright 2012 Spectra Logic. All rights reserved. # Use is subject to license terms. # atf_test_case cache_001_pos cleanup cache_001_pos_head() { atf_set "descr" "Creating a pool with a cache device succeeds." atf_set "require.progs" "ksh93 zpool" atf_set "timeout" 1200 } cache_001_pos_body() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg verify_disk_count "$DISKS" 1 ksh93 $(atf_get_srcdir)/setup.ksh || atf_fail "Setup failed" ksh93 $(atf_get_srcdir)/cache_001_pos.ksh || atf_fail "Testcase failed" } cache_001_pos_cleanup() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg ksh93 $(atf_get_srcdir)/cleanup.ksh || atf_fail "Cleanup failed" } atf_test_case cache_002_pos cleanup cache_002_pos_head() { atf_set "descr" "Adding a cache device to normal pool works." atf_set "require.progs" "ksh93 zpool" atf_set "timeout" 1200 } cache_002_pos_body() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg verify_disk_count "$DISKS" 1 ksh93 $(atf_get_srcdir)/setup.ksh || atf_fail "Setup failed" ksh93 $(atf_get_srcdir)/cache_002_pos.ksh || atf_fail "Testcase failed" } cache_002_pos_cleanup() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg ksh93 $(atf_get_srcdir)/cleanup.ksh || atf_fail "Cleanup failed" } atf_test_case cache_003_pos cleanup cache_003_pos_head() { atf_set "descr" "Adding an extra cache device works." atf_set "require.progs" "ksh93 zpool" atf_set "timeout" 1200 } cache_003_pos_body() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg verify_disk_count "$DISKS" 2 ksh93 $(atf_get_srcdir)/setup.ksh || atf_fail "Setup failed" ksh93 $(atf_get_srcdir)/cache_003_pos.ksh || atf_fail "Testcase failed" } cache_003_pos_cleanup() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg ksh93 $(atf_get_srcdir)/cleanup.ksh || atf_fail "Cleanup failed" } atf_test_case cache_004_neg cleanup cache_004_neg_head() { atf_set "descr" "Attaching a cache device fails." atf_set "require.progs" "ksh93 zpool" atf_set "timeout" 1200 } cache_004_neg_body() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg verify_disk_count "$DISKS" 2 ksh93 $(atf_get_srcdir)/setup.ksh || atf_fail "Setup failed" ksh93 $(atf_get_srcdir)/cache_004_neg.ksh || atf_fail "Testcase failed" } cache_004_neg_cleanup() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg ksh93 $(atf_get_srcdir)/cleanup.ksh || atf_fail "Cleanup failed" } atf_test_case cache_005_neg cleanup cache_005_neg_head() { atf_set "descr" "Replacing a cache device fails." atf_set "require.progs" "ksh93 zpool" atf_set "timeout" 1200 } cache_005_neg_body() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg verify_disk_count "$DISKS" 2 ksh93 $(atf_get_srcdir)/setup.ksh || atf_fail "Setup failed" ksh93 $(atf_get_srcdir)/cache_005_neg.ksh || atf_fail "Testcase failed" } cache_005_neg_cleanup() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg ksh93 $(atf_get_srcdir)/cleanup.ksh || atf_fail "Cleanup failed" } atf_test_case cache_006_pos cleanup cache_006_pos_head() { atf_set "descr" "Exporting and importing pool with cache devices passes." atf_set "require.progs" "ksh93 zpool" atf_set "timeout" 1200 } cache_006_pos_body() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg verify_disk_count "$DISKS" 2 ksh93 $(atf_get_srcdir)/setup.ksh || atf_fail "Setup failed" ksh93 $(atf_get_srcdir)/cache_006_pos.ksh || atf_fail "Testcase failed" } cache_006_pos_cleanup() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg ksh93 $(atf_get_srcdir)/cleanup.ksh || atf_fail "Cleanup failed" } atf_test_case cache_007_neg cleanup cache_007_neg_head() { atf_set "descr" "A mirror/raidz/raidz2 cache is not supported." atf_set "require.progs" "ksh93 zpool" atf_set "timeout" 1200 } cache_007_neg_body() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg verify_disk_count "$DISKS" 2 ksh93 $(atf_get_srcdir)/setup.ksh || atf_fail "Setup failed" ksh93 $(atf_get_srcdir)/cache_007_neg.ksh || atf_fail "Testcase failed" } cache_007_neg_cleanup() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg ksh93 $(atf_get_srcdir)/cleanup.ksh || atf_fail "Cleanup failed" } atf_test_case cache_008_neg cleanup cache_008_neg_head() { atf_set "descr" "A raidz/raidz2 cache can not be added to existed pool." atf_set "require.progs" "ksh93 zpool" atf_set "timeout" 1200 } cache_008_neg_body() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg verify_disk_count "$DISKS" 2 ksh93 $(atf_get_srcdir)/setup.ksh || atf_fail "Setup failed" ksh93 $(atf_get_srcdir)/cache_008_neg.ksh || atf_fail "Testcase failed" } cache_008_neg_cleanup() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg ksh93 $(atf_get_srcdir)/cleanup.ksh || atf_fail "Cleanup failed" } atf_test_case cache_009_pos cleanup cache_009_pos_head() { atf_set "descr" "Offline and online a cache device succeed." atf_set "require.progs" "ksh93 zpool" atf_set "timeout" 1200 } cache_009_pos_body() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg verify_disk_count "$DISKS" 2 ksh93 $(atf_get_srcdir)/setup.ksh || atf_fail "Setup failed" ksh93 $(atf_get_srcdir)/cache_009_pos.ksh || atf_fail "Testcase failed" } cache_009_pos_cleanup() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg ksh93 $(atf_get_srcdir)/cleanup.ksh || atf_fail "Cleanup failed" } atf_test_case cache_010_neg cleanup cache_010_neg_head() { atf_set "descr" "Cache device can only be disk or slice." atf_set "require.progs" "ksh93 zfs zpool" atf_set "timeout" 1200 } cache_010_neg_body() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg + [ -c /dev/mdctl ] || atf_skip "no /dev/mdctl to create md devices" verify_disk_count "$DISKS" 1 ksh93 $(atf_get_srcdir)/setup.ksh || atf_fail "Setup failed" ksh93 $(atf_get_srcdir)/cache_010_neg.ksh || atf_fail "Testcase failed" } cache_010_neg_cleanup() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg ksh93 $(atf_get_srcdir)/cleanup.ksh || atf_fail "Cleanup failed" } atf_test_case cache_011_pos cleanup cache_011_pos_head() { atf_set "descr" "Remove cache device from pool with spare device should succeed" atf_set "require.progs" "ksh93 zpool" atf_set "timeout" 1200 } cache_011_pos_body() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg verify_disk_count "$DISKS" 2 ksh93 $(atf_get_srcdir)/setup.ksh || atf_fail "Setup failed" ksh93 $(atf_get_srcdir)/cache_011_pos.ksh || atf_fail "Testcase failed" } cache_011_pos_cleanup() { . $(atf_get_srcdir)/../../include/default.cfg . $(atf_get_srcdir)/cache.kshlib . $(atf_get_srcdir)/cache.cfg ksh93 $(atf_get_srcdir)/cleanup.ksh || atf_fail "Cleanup failed" } atf_init_test_cases() { atf_add_test_case cache_001_pos atf_add_test_case cache_002_pos atf_add_test_case cache_003_pos atf_add_test_case cache_004_neg atf_add_test_case cache_005_neg atf_add_test_case cache_006_pos atf_add_test_case cache_007_neg atf_add_test_case cache_008_neg atf_add_test_case cache_009_pos atf_add_test_case cache_010_neg atf_add_test_case cache_011_pos } diff --git a/tests/sys/geom/class/eli/conf.sh b/tests/sys/geom/class/eli/conf.sh index fe7c9c2528ea..a21e645f1637 100644 --- a/tests/sys/geom/class/eli/conf.sh +++ b/tests/sys/geom/class/eli/conf.sh @@ -1,91 +1,92 @@ #!/bin/sh class="eli" base=$(atf_get ident) MAX_SECSIZE=8192 attach_md() { local test_md + [ -c /dev/mdctl ] || atf_skip "no /dev/mdctl to create md devices" test_md=$(mdconfig -a "$@") || atf_fail "failed to allocate md(4)" echo $test_md >> $TEST_MDS_FILE || exit echo $test_md } # Execute `func` for each combination of cipher, sectorsize, and hmac algo # `func` usage should be: # func for_each_geli_config() { func=$1 backing_filename=$2 # Double the sector size to allow for the HMACs' storage space. osecsize=$(( $MAX_SECSIZE * 2 )) # geli needs 512B for the label. bytes=`expr $osecsize \* $sectors + 512`b if [ -n "$backing_filename" ]; then # Use a file-backed md(4) device, so we can deliberatly corrupt # it without detaching the geli device first. truncate -s $bytes backing_file md=$(attach_md -t vnode -f backing_file) else md=$(attach_md -t malloc -s $bytes) fi for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do ealgo=${cipher%%:*} keylen=${cipher##*:} for aalgo in hmac/sha1 hmac/ripemd160 hmac/sha256 \ hmac/sha384 hmac/sha512; do for secsize in 512 1024 2048 4096 $MAX_SECSIZE; do ${func} $cipher $aalgo $secsize geli detach ${md} 2>/dev/null done done done } # Execute `func` for each combination of cipher, and sectorsize, with no hmac # `func` usage should be: # func for_each_geli_config_nointegrity() { func=$1 # geli needs 512B for the label. bytes=`expr $MAX_SECSIZE \* $sectors + 512`b md=$(attach_md -t malloc -s $bytes) for cipher in aes-xts:128 aes-xts:256 \ aes-cbc:128 aes-cbc:192 aes-cbc:256 \ camellia-cbc:128 camellia-cbc:192 camellia-cbc:256; do ealgo=${cipher%%:*} keylen=${cipher##*:} for secsize in 512 1024 2048 4096 $MAX_SECSIZE; do ${func} $cipher $secsize geli detach ${md} 2>/dev/null done done } geli_test_cleanup() { if [ -f "$TEST_MDS_FILE" ]; then while read md; do [ -c /dev/${md}.eli ] && \ geli detach $md.eli 2>/dev/null mdconfig -d -u $md 2>/dev/null done < $TEST_MDS_FILE fi true } geli_test_setup() { geom_atf_test_setup } ATF_TEST=true . `dirname $0`/../geom_subr.sh diff --git a/tests/sys/geom/class/geom_subr.sh b/tests/sys/geom/class/geom_subr.sh index 7e572ccd5175..f8eca4c6b220 100644 --- a/tests/sys/geom/class/geom_subr.sh +++ b/tests/sys/geom/class/geom_subr.sh @@ -1,80 +1,81 @@ #!/bin/sh TEST_MDS_FILE="${TMPDIR}/test_mds.$(basename $0)" devwait() { while :; do if [ -c /dev/${class}/${name} ]; then return fi sleep 0.2 done } attach_md() { local test_md + [ -c /dev/mdctl ] || atf_skip "no /dev/mdctl to create md devices" test_md=$(mdconfig -a "$@") || exit echo $test_md >> $TEST_MDS_FILE || exit echo $test_md } detach_md() { local test_md unit test_md=$1 unit=${test_md#md} mdconfig -d -u $unit || exit sed -i '' "/^${test_md}$/d" $TEST_MDS_FILE || exit } geom_test_cleanup() { local test_md if [ -f "$TEST_MDS_FILE" ]; then while read test_md; do # The "#" tells the TAP parser this is a comment echo "# Removing test memory disk: $test_md" mdconfig -d -u $test_md done < $TEST_MDS_FILE rm -f "$TEST_MDS_FILE" fi } geom_load_class_if_needed() { local class=$1 # If the geom class isn't already loaded, try loading it. if ! kldstat -q -m g_${class}; then if ! geom ${class} load; then echo "could not load module for geom class=${class}" return 1 fi fi return 0 } geom_atf_test_setup() { if ! error_message=$(geom_load_class_if_needed $class); then atf_skip "$error_message" fi } geom_tap_test_setup() { if ! error_message=$(geom_load_class_if_needed $class); then echo "1..0 # SKIP $error_message" exit 0 fi } : ${ATF_TEST=false} if ! $ATF_TEST; then geom_tap_test_setup fi diff --git a/tests/sys/geom/class/mirror/8_test.sh b/tests/sys/geom/class/mirror/8_test.sh index 21f6b83c85f7..5b3e5c3543a1 100644 --- a/tests/sys/geom/class/mirror/8_test.sh +++ b/tests/sys/geom/class/mirror/8_test.sh @@ -1,50 +1,55 @@ #!/bin/sh # Regression test for r317712. . `dirname $0`/conf.sh +if ! [ -c /dev/mdctl ]; then + echo "1..0 # SKIP no /dev/mdctl to create md devices" + exit 0 +fi + echo 1..1 ddbs=2048 m1=`mktemp $base.XXXXXX` || exit 1 m2=`mktemp $base.XXXXXX` || exit 1 dd if=/dev/zero of=$m1 bs=$ddbs count=1024 >/dev/null 2>&1 dd if=/dev/zero of=$m2 bs=$ddbs count=1024 >/dev/null 2>&1 us0=$(mdconfig -t vnode -f $m1) || exit 1 us1=$(mdconfig -t vnode -f $m2) || exit 1 gmirror label $name /dev/$us0 /dev/$us1 || exit 1 devwait # Ensure that the mirrors are marked dirty, and then disconnect them. # We need to have the gmirror provider open when destroying the MDs since # gmirror will automatically mark the mirrors clean when the provider is closed. exec 9>/dev/mirror/$name dd if=/dev/zero bs=$ddbs count=1 >&9 2>/dev/null mdconfig -d -u ${us0#md} -o force || exit 1 mdconfig -d -u ${us1#md} -o force || exit 1 exec 9>&- dd if=/dev/random of=$m1 bs=$ddbs count=1 conv=notrunc >/dev/null 2>&1 us0=$(attach_md -t vnode -f $m1) || exit 1 devwait # This will take kern.geom.mirror.timeout seconds. # Re-attach the second mirror and wait for it to synchronize. us1=$(attach_md -t vnode -f $m2) || exit 1 syncwait # Verify the two mirrors are identical. Destroy the gmirror first so that # the mirror metadata is wiped; otherwise the metadata blocks will fail # the comparison. It would be nice to do this with a "gmirror verify" # command instead. gmirror destroy $name if cmp -s ${m1} ${m2}; then echo "ok 1" else echo "not ok 1" fi rm -f $m1 $m2 diff --git a/tests/sys/kern/sendfile_test.sh b/tests/sys/kern/sendfile_test.sh index 03d2c882241c..2e9779d6779c 100755 --- a/tests/sys/kern/sendfile_test.sh +++ b/tests/sys/kern/sendfile_test.sh @@ -1,167 +1,168 @@ # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2020 Netflix, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # These tests exercise a few basic cases for the sendfile() syscall: # - successful operation. # - sendfile() starts an async disk read but that async I/O fails. # - sendfile() fails to read an indirect block and thus cannot # even start an async I/O. # # In all cases we request some read ahead in addition to # the data to be sent to the socket. # MD_DEVS="md.devs" MNT=mnt FILE=$MNT/file HELPER="$(atf_get_srcdir)/sendfile_helper" BSIZE=4096 atf_test_case io_success cleanup io_success_head() { atf_set "descr" "sendfile where all disk I/O succeeds" atf_set "require.user" "root" atf_set "timeout" 15 } io_success_body() { if [ "$(atf_config_get qemu false)" = "true" ]; then atf_skip "Sendfile(4) unimplemented. https://github.com/qemu-bsd-user/qemu-bsd-user/issues/25" fi md=$(alloc_md) common_body_setup $md atf_check $HELPER $FILE 0 0x10000 0x10000 } io_success_cleanup() { common_cleanup } atf_test_case io_fail_sync cleanup io_fail_sync_head() { atf_set "descr" "sendfile where we fail to start async I/O" atf_set "require.user" "root" atf_set "timeout" 15 } io_fail_sync_body() { if [ "$(atf_config_get qemu false)" = "true" ]; then atf_skip "Sendfile(4) unimplemented. https://github.com/qemu-bsd-user/qemu-bsd-user/issues/25" fi md=$(alloc_md) common_body_setup $md atf_check gnop configure -r 100 -e 5 ${md}.nop atf_check -s exit:3 -e ignore $HELPER $FILE $((12 * $BSIZE)) $BSIZE 0x10000 } io_fail_sync_cleanup() { common_cleanup } atf_test_case io_fail_async cleanup io_fail_async_head() { atf_set "descr" "sendfile where an async I/O fails" atf_set "require.user" "root" atf_set "timeout" 15 } io_fail_async_body() { if [ "$(atf_config_get qemu false)" = "true" ]; then atf_skip "Sendfile(4) unimplemented. https://github.com/qemu-bsd-user/qemu-bsd-user/issues/25" fi md=$(alloc_md) common_body_setup $md atf_check gnop configure -r 100 -e 5 ${md}.nop atf_check -s exit:2 -e ignore $HELPER $FILE 0 $BSIZE 0x10000 } io_fail_async_cleanup() { common_cleanup } atf_init_test_cases() { atf_add_test_case io_success atf_add_test_case io_fail_sync atf_add_test_case io_fail_async } alloc_md() { local md + [ -c /dev/mdctl ] || atf_skip "no /dev/mdctl to create md devices" md=$(mdconfig -a -t swap -s 256M) || atf_fail "mdconfig -a failed" echo ${md} >> $MD_DEVS echo ${md} } common_body_setup() { us=$1 atf_check mkdir $MNT atf_check -o ignore -e ignore newfs -b $BSIZE -U -j /dev/${us} atf_check mount /dev/${us} $MNT atf_check -e ignore dd if=/dev/zero of=$FILE bs=1m count=1 atf_check umount $MNT load_gnop atf_check gnop create /dev/${us} atf_check mount /dev/${us}.nop $MNT atf_check -o ignore ls -l $MNT/file } common_cleanup() { umount -f $MNT if [ -f "$MD_DEVS" ]; then while read test_md; do gnop destroy -f ${test_md}.nop 2>/dev/null mdconfig -d -u $test_md 2>/dev/null done < $MD_DEVS rm $MD_DEVS fi true } load_gnop() { if ! kldstat -q -m g_nop; then geom nop load || atf_skip "could not load module for geom nop" fi } diff --git a/tests/sys/mac/bsdextended/matches_test.sh b/tests/sys/mac/bsdextended/matches_test.sh index 40774594fd18..2a28be0f231b 100644 --- a/tests/sys/mac/bsdextended/matches_test.sh +++ b/tests/sys/mac/bsdextended/matches_test.sh @@ -1,398 +1,399 @@ #!/bin/sh # # uidrange="60000:100000" gidrange="60000:100000" uidinrange="nobody" uidoutrange="daemon" gidinrange="nobody" # We expect $uidinrange in this group gidoutrange="daemon" # We expect $uidinrange in this group check_ko() { if ! sysctl -N security.mac.bsdextended >/dev/null 2>&1; then atf_skip "mac_bsdextended(4) support isn't available" fi if [ $(sysctl -n security.mac.bsdextended.enabled) = "0" ]; then # The kernel module is loaded but disabled. Enable it for the # duration of the test. touch enabled_bsdextended sysctl security.mac.bsdextended.enabled=1 fi } setup() { check_ko mkdir mnt + [ -c /dev/mdctl ] || atf_skip "no /dev/mdctl to create md devices" mdmfs -s 25m md mnt \ || atf_fail "failed to mount md device" chmod a+rwx mnt md_device=$(mount -p | grep "$PWD/mnt" | awk '{ gsub(/^\/dev\//, "", $1); print $1 }') if [ -z "$md_device" ]; then atf_fail "md device not properly attached to the system" fi echo $md_device > md_device ugidfw remove 1 cat > mnt/test-script.sh <<'EOF' #!/bin/sh : > $1 EOF if [ $? -ne 0 ]; then atf_fail "failed to create test script" fi file1=mnt/test-$uidinrange file2=mnt/test-$uidoutrange command1="sh mnt/test-script.sh $file1" command2="sh mnt/test-script.sh $file2" # $uidinrange file atf_check -s exit:0 su -m $uidinrange -c "$command1" chown "$uidinrange":"$gidinrange" $file1 chmod a+w $file1 # $uidoutrange file if ! $command2; then atf_fail $desc fi chown "$uidoutrange":"$gidoutrange" $file2 chmod a+w $file2 } cleanup() { ugidfw remove 1 umount -f mnt if [ -f md_device ]; then mdconfig -d -u $( cat md_device ) fi if [ -f enabled_bsdextended ]; then sysctl security.mac.bsdextended.enabled=0 fi } atf_test_case no_rules cleanup no_rules_head() { atf_set "require.user" "root" } no_rules_body() { setup # no rules $uidinrange atf_check -s exit:0 su -fm $uidinrange -c "$command1" # no rules $uidoutrange atf_check -s exit:0 su -fm $uidoutrange -c "$command1" } no_rules_cleanup() { cleanup } atf_test_case subject_match_on_uid cleanup subject_match_on_uid_head() { atf_set "require.user" "root" } subject_match_on_uid_body() { setup atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object mode rasx # subject uid in range atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidinrange -c "$command1" # subject uid out range atf_check -s exit:0 su -fm $uidoutrange -c "$command1" } subject_match_on_uid_cleanup() { cleanup } atf_test_case subject_match_on_gid cleanup subject_match_on_gid_head() { atf_set "require.user" "root" } subject_match_on_gid_body() { setup atf_check -s exit:0 ugidfw set 1 subject gid $gidrange object mode rasx # subject gid in range atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidinrange -c "$command1" # subject gid out range atf_check -s exit:0 su -fm $uidoutrange -c "$command1" } subject_match_on_gid_cleanup() { cleanup } atf_test_case subject_match_on_jail cleanup subject_match_on_jail_head() { atf_set "require.progs" "jail" atf_set "require.user" "root" } subject_match_on_jail_body() { setup atf_expect_fail "this testcase fails (see bug # 205481)" # subject matching jailid jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch mnt/test-jail) &"` atf_check -s exit:0 ugidfw set 1 subject jailid $jailid object mode rasx sleep 10 if [ -f mnt/test-jail ]; then atf_fail "$desc" fi rm -f mnt/test-jail # subject nonmatching jailid jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch mnt/test-jail) &"` sleep 10 if ! [ -f mnt/test-jail ]; then atf_fail $desc fi } subject_match_on_jail_cleanup() { cleanup } atf_test_case object_uid cleanup object_uid_head() { atf_set "require.user" "root" } object_uid_body() { setup atf_check -s exit:0 ugidfw set 1 subject object uid $uidrange mode rasx # object uid in range atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidinrange -c "$command1" # object uid out range atf_check -s exit:0 su -fm $uidinrange -c "$command2" atf_check -s exit:0 ugidfw set 1 subject object uid $uidrange mode rasx # object uid in range (different subject) atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidoutrange -c "$command1" # object uid out range (different subject) atf_check -s exit:0 su -fm $uidoutrange -c "$command2" } object_uid_cleanup() { cleanup } atf_test_case object_gid cleanup object_gid_head() { atf_set "require.user" "root" } object_gid_body() { setup atf_check -s exit:0 ugidfw set 1 subject object gid $uidrange mode rasx # object gid in range atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidinrange -c "$command1" # object gid out range atf_check -s exit:0 su -fm $uidinrange -c "$command2" # object gid in range (different subject) atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidoutrange -c "$command1" # object gid out range (different subject) atf_check -s exit:0 su -fm $uidoutrange -c "$command2" } object_gid_cleanup() { cleanup } atf_test_case object_filesys cleanup object_filesys_head() { atf_set "require.user" "root" } object_filesys_body() { setup atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object filesys / mode rasx # object out of filesys atf_check -s exit:0 su -fm $uidinrange -c "$command1" atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object filesys mnt mode rasx # object in filesys atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidinrange -c "$command1" } object_filesys_cleanup() { cleanup } atf_test_case object_suid cleanup object_suid_head() { atf_set "require.user" "root" } object_suid_body() { setup atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object suid mode rasx # object notsuid atf_check -s exit:0 su -fm $uidinrange -c "$command1" chmod u+s $file1 # object suid atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidinrange -c "$command1" chmod u-s $file1 } object_suid_cleanup() { cleanup } atf_test_case object_sgid cleanup object_sgid_head() { atf_set "require.user" "root" } object_sgid_body() { setup atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object sgid mode rasx # object notsgid atf_check -s exit:0 su -fm $uidinrange -c "$command1" chmod g+s $file1 # object sgid atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidinrange -c "$command1" chmod g-s $file1 } object_sgid_cleanup() { cleanup } atf_test_case object_uid_matches_subject cleanup object_uid_matches_subject_head() { atf_set "require.user" "root" } object_uid_matches_subject_body() { setup atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object uid_of_subject mode rasx # object uid notmatches subject atf_check -s exit:0 su -fm $uidinrange -c "$command2" # object uid matches subject atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidinrange -c "$command1" } object_uid_matches_subject_cleanup() { cleanup } atf_test_case object_gid_matches_subject cleanup object_gid_matches_subject_head() { atf_set "require.user" "root" } object_gid_matches_subject_body() { setup atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object gid_of_subject mode rasx # object gid notmatches subject atf_check -s exit:0 su -fm $uidinrange -c "$command2" # object gid matches subject atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidinrange -c "$command1" } object_gid_matches_subject_cleanup() { cleanup } atf_test_case object_type cleanup object_type_head() { atf_set "require.user" "root" } object_type_body() { setup # object not type atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object type dbclsp mode rasx atf_check -s exit:0 su -fm $uidinrange -c "$command1" # object type atf_check -s exit:0 ugidfw set 1 subject uid $uidrange object type r mode rasx atf_check -s not-exit:0 -e match:"Permission denied" \ su -fm $uidinrange -c "$command1" } object_type_cleanup() { cleanup } atf_init_test_cases() { atf_add_test_case no_rules atf_add_test_case subject_match_on_uid atf_add_test_case subject_match_on_gid atf_add_test_case subject_match_on_jail atf_add_test_case object_uid atf_add_test_case object_gid atf_add_test_case object_filesys atf_add_test_case object_suid atf_add_test_case object_sgid atf_add_test_case object_uid_matches_subject atf_add_test_case object_gid_matches_subject atf_add_test_case object_type }