git: 170aac934794 - main - tests/mac_portacl: restore sysctls after modification
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Oct 2025 15:07:06 UTC
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=170aac93479467334062813c1175a80200400b79
commit 170aac93479467334062813c1175a80200400b79
Author: Siva Mahadevan <me@svmhdvn.name>
AuthorDate: 2025-07-15 16:45:24 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-10-08 14:34:09 +0000
tests/mac_portacl: restore sysctls after modification
While here, use 'required_kmods' instead of ad-hoc
checks.
Signed-off-by: Siva Mahadevan <me@svmhdvn.name>
Reviewed by: markj
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/1855
---
tests/sys/mac/portacl/Makefile | 1 +
tests/sys/mac/portacl/misc.sh | 12 ++----------
tests/sys/mac/portacl/nobody_test.sh | 1 +
tests/sys/mac/portacl/root_test.sh | 1 +
4 files changed, 5 insertions(+), 10 deletions(-)
diff --git a/tests/sys/mac/portacl/Makefile b/tests/sys/mac/portacl/Makefile
index 856a85d331d5..28c3a5cd71ce 100644
--- a/tests/sys/mac/portacl/Makefile
+++ b/tests/sys/mac/portacl/Makefile
@@ -8,6 +8,7 @@ TAP_TESTS_SH+= nobody_test
TAP_TESTS_SH+= root_test
.for t in ${TAP_TESTS_SH}
+TEST_METADATA.$t+= required_kmods="mac_portacl"
TEST_METADATA.$t+= required_user="root"
TEST_METADATA.$t+= timeout="450"
TEST_METADATA.$t+= is_exclusive="true"
diff --git a/tests/sys/mac/portacl/misc.sh b/tests/sys/mac/portacl/misc.sh
index a1b729c87777..4d3f18fce1c1 100644
--- a/tests/sys/mac/portacl/misc.sh
+++ b/tests/sys/mac/portacl/misc.sh
@@ -1,15 +1,5 @@
#!/bin/sh
-sysctl security.mac.portacl >/dev/null 2>&1
-if [ $? -ne 0 ]; then
- echo "1..0 # SKIP MAC_PORTACL is unavailable."
- exit 0
-fi
-if [ $(id -u) -ne 0 ]; then
- echo "1..0 # SKIP testcases must be run as root"
- exit 0
-fi
-
ntest=1
check_bind() {
@@ -95,6 +85,7 @@ bind_test() {
sysctl security.mac.portacl.rules= >/dev/null
}
+portacl_enabled=$(sysctl -n security.mac.portacl.enabled)
reserved_high=$(sysctl -n net.inet.ip.portrange.reservedhigh)
suser_exempt=$(sysctl -n security.mac.portacl.suser_exempt)
port_high=$(sysctl -n security.mac.portacl.port_high)
@@ -103,4 +94,5 @@ restore_settings() {
sysctl -n net.inet.ip.portrange.reservedhigh=${reserved_high} >/dev/null
sysctl -n security.mac.portacl.suser_exempt=${suser_exempt} >/dev/null
sysctl -n security.mac.portacl.port_high=${port_high} >/dev/null
+ sysctl -n security.mac.portacl.enabled=${portacl_enabled} >/dev/null
}
diff --git a/tests/sys/mac/portacl/nobody_test.sh b/tests/sys/mac/portacl/nobody_test.sh
index 7e64f68113ea..a3f2168dc81d 100644
--- a/tests/sys/mac/portacl/nobody_test.sh
+++ b/tests/sys/mac/portacl/nobody_test.sh
@@ -13,6 +13,7 @@ trap restore_settings EXIT INT TERM
sysctl security.mac.portacl.suser_exempt=1 >/dev/null
sysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null
+sysctl security.mac.portacl.enabled=1 >/dev/null
bind_test fl fl uid nobody tcp 77
bind_test ok ok uid nobody tcp 7777
diff --git a/tests/sys/mac/portacl/root_test.sh b/tests/sys/mac/portacl/root_test.sh
index daa5b147b4fa..d8898ff4f80e 100644
--- a/tests/sys/mac/portacl/root_test.sh
+++ b/tests/sys/mac/portacl/root_test.sh
@@ -10,6 +10,7 @@ echo "1..48"
trap restore_settings EXIT INT TERM
sysctl security.mac.portacl.suser_exempt=1 >/dev/null
+sysctl security.mac.portacl.enabled=1 >/dev/null
bind_test ok ok uid root tcp 77
bind_test ok ok uid root tcp 7777