svn commit: r293138 - stable/10/tools/regression/mac/mac_bsdextended
Garrett Cooper
ngie at FreeBSD.org
Mon Jan 4 06:57:08 UTC 2016
Author: ngie
Date: Mon Jan 4 06:57:06 2016
New Revision: 293138
URL: https://svnweb.freebsd.org/changeset/base/293138
Log:
MFC r292531,r292532,r292533,r292545:
r292531:
Make test_matches.sh into a series of TAP testcases
Use temporary filesystems / memory disks instead of a hardcoded path
which doesn't exist on test systems
r292532:
Mark `subject matching jailid` testcase as an unexpected failure with
TODO to ensure that the testcase isn't marked as a failure
PR: 205481
r292533:
Skip the testcases if mac_bsdextended(4) isn't detected on the
system
r292545:
Redo the TAP integration so it works with Kyua
Kyua needs numbers in the TAP results :/, but prove doesn't
Modified:
stable/10/tools/regression/mac/mac_bsdextended/test_matches.sh
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/tools/regression/mac/mac_bsdextended/test_matches.sh
==============================================================================
--- stable/10/tools/regression/mac/mac_bsdextended/test_matches.sh Mon Jan 4 03:47:31 2016 (r293137)
+++ stable/10/tools/regression/mac/mac_bsdextended/test_matches.sh Mon Jan 4 06:57:06 2016 (r293138)
@@ -10,158 +10,344 @@ uidoutrange="daemon"
gidinrange="nobody" # We expect $uidinrange in this group
gidoutrange="daemon" # We expect $uidinrange in this group
-playground="/stuff/nobody/" # Must not be on root fs
+test_num=1
+pass()
+{
+ echo "ok $test_num # $@"
+ : $(( test_num += 1 ))
+}
+
+fail()
+{
+ echo "not ok $test_num # $@"
+ : $(( test_num += 1 ))
+}
#
# Setup
#
-rm -f $playground/test*
+
+: ${TMPDIR=/tmp}
+if [ $(id -u) -ne 0 ]; then
+ echo "1..0 # SKIP test must be run as root"
+ exit 0
+fi
+if ! sysctl -N security.mac.bsdextended >/dev/null 2>&1; then
+ echo "1..0 # SKIP mac_bsdextended(4) support isn't available"
+ exit 0
+fi
+if ! playground=$(mktemp -d $TMPDIR/tmp.XXXXXXX); then
+ echo "1..0 # SKIP failed to create temporary directory"
+ exit 0
+fi
+trap "rmdir $playground" EXIT INT TERM
+if ! mdmfs -s 25m md $playground; then
+ echo "1..0 # SKIP failed to mount md device"
+ exit 0
+fi
+chmod a+rwx $playground
+md_device=$(mount -p | grep "$playground" | awk '{ gsub(/^\/dev\//, "", $1); print $1 }')
+trap "umount -f $playground; mdconfig -d -u $md_device; rmdir $playground" EXIT INT TERM
+if [ -z "$md_device" ]; then
+ mount -p | grep $playground
+ echo "1..0 # SKIP md device not properly attached to the system"
+fi
+
ugidfw remove 1
file1=$playground/test-$uidinrange
file2=$playground/test-$uidoutrange
-cat <<EOF> $playground/test-script.pl
-if (open(F, ">" . shift)) { exit 0; } else { exit 1; }
+cat > $playground/test-script.sh <<'EOF'
+#!/bin/sh
+: > $1
EOF
-command1="perl $playground/test-script.pl $file1"
-command2="perl $playground/test-script.pl $file2"
+if [ $? -ne 0 ]; then
+ echo "1..0 # SKIP failed to create test script"
+ exit 0
+fi
+echo "1..30"
+
+command1="sh $playground/test-script.sh $file1"
+command2="sh $playground/test-script.sh $file2"
+
+desc="$uidinrange file"
+if su -m $uidinrange -c "$command1"; then
+ pass $desc
+else
+ fail $desc
+fi
-echo -n "$uidinrange file: "
-su -m $uidinrange -c "$command1 && echo good"
chown "$uidinrange":"$gidinrange" $file1
chmod a+w $file1
-echo -n "$uidoutrange file: "
-$command2 && echo good
+desc="$uidoutrange file"
+if $command2; then
+ pass $desc
+else
+ fail $desc
+fi
+
chown "$uidoutrange":"$gidoutrange" $file2
chmod a+w $file2
#
# No rules
#
-echo -n "no rules $uidinrange: "
-su -fm $uidinrange -c "$command1 && echo good"
-echo -n "no rules $uidoutrange: "
-su -fm $uidoutrange -c "$command1 && echo good"
+desc="no rules $uidinrange"
+if su -fm $uidinrange -c "$command1"; then
+ pass $desc
+else
+ fail $desc
+fi
+
+desc="no rules $uidoutrange"
+if su -fm $uidoutrange -c "$command1"; then
+ pass $desc
+else
+ fail $desc
+fi
#
# Subject Match on uid
#
ugidfw set 1 subject uid $uidrange object mode rasx
-echo -n "subject uid in range: "
-su -fm $uidinrange -c "$command1 || echo good"
-echo -n "subject uid out range: "
-su -fm $uidoutrange -c "$command1 && echo good"
+desc="subject uid in range"
+if su -fm $uidinrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
+
+desc="subject uid out range"
+if su -fm $uidoutrange -c "$command1"; then
+ pass $desc
+else
+ fail $desc
+fi
#
# Subject Match on gid
#
ugidfw set 1 subject gid $gidrange object mode rasx
-echo -n "subject gid in range: "
-su -fm $uidinrange -c "$command1 || echo good"
-echo -n "subject gid out range: "
-su -fm $uidoutrange -c "$command1 && echo good"
+
+desc="subject gid in range"
+if su -fm $uidinrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
+
+desc="subject gid out range"
+if su -fm $uidoutrange -c "$command1"; then
+ pass $desc
+else
+ fail $desc
+fi
#
# Subject Match on jail
#
-echo -n "subject matching jailid: "
rm -f $playground/test-jail
-jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 3; touch $playground/test-jail) &"`
+
+desc="subject matching jailid"
+jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"`
ugidfw set 1 subject jailid $jailid object mode rasx
-sleep 6
-if [ ! -f $playground/test-jail ] ; then echo good ; fi
+sleep 10
+
+if [ -f $playground/test-jail ]; then
+ fail "TODO $desc: this testcase fails (see bug # 205481)"
+else
+ pass $desc
+fi
-echo -n "subject nonmatching jailid: "
rm -f $playground/test-jail
-jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 3; touch $playground/test-jail) &"`
-sleep 6
-if [ -f $playground/test-jail ] ; then echo good ; fi
+desc="subject nonmatching jailid"
+jailid=`jail -i / localhost 127.0.0.1 /usr/sbin/daemon -f /bin/sh -c "(sleep 5; touch $playground/test-jail) &"`
+sleep 10
+if [ -f $playground/test-jail ]; then
+ pass $desc
+else
+ fail $desc
+fi
#
# Object uid
#
ugidfw set 1 subject object uid $uidrange mode rasx
-echo -n "object uid in range: "
-su -fm $uidinrange -c "$command1 || echo good"
-echo -n "object uid out range: "
-su -fm $uidinrange -c "$command2 && echo good"
+
+desc="object uid in range"
+if su -fm $uidinrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
+
+desc="object uid out range"
+if su -fm $uidinrange -c "$command2"; then
+ pass $desc
+else
+ fail $desc
+fi
ugidfw set 1 subject object uid $uidrange mode rasx
-echo -n "object uid in range (differennt subject): "
-su -fm $uidoutrange -c "$command1 || echo good"
-echo -n "object uid out range (differennt subject): "
-su -fm $uidoutrange -c "$command2 && echo good"
+
+desc="object uid in range (different subject)"
+if su -fm $uidoutrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
+
+desc="object uid out range (different subject)"
+if su -fm $uidoutrange -c "$command2"; then
+ pass $desc
+else
+ fail $desc
+fi
#
# Object gid
#
ugidfw set 1 subject object gid $uidrange mode rasx
-echo -n "object gid in range: "
-su -fm $uidinrange -c "$command1 || echo good"
-echo -n "object gid out range: "
-su -fm $uidinrange -c "$command2 && echo good"
-echo -n "object gid in range (differennt subject): "
-su -fm $uidoutrange -c "$command1 || echo good"
-echo -n "object gid out range (differennt subject): "
-su -fm $uidoutrange -c "$command2 && echo good"
+
+desc="object gid in range"
+if su -fm $uidinrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
+
+desc="object gid out range"
+if su -fm $uidinrange -c "$command2"; then
+ pass $desc
+else
+ fail $desc
+fi
+desc="object gid in range (different subject)"
+if su -fm $uidoutrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
+
+desc="object gid out range (different subject)"
+if su -fm $uidoutrange -c "$command2"; then
+ pass $desc
+else
+ fail $desc
+fi
#
# Object filesys
#
ugidfw set 1 subject uid $uidrange object filesys / mode rasx
-echo -n "object out of filesys: "
-su -fm $uidinrange -c "$command1 && echo good"
+desc="object out of filesys"
+if su -fm $uidinrange -c "$command1"; then
+ pass $desc
+else
+ fail $desc
+fi
+
ugidfw set 1 subject uid $uidrange object filesys $playground mode rasx
-echo -n "object in filesys: "
-su -fm $uidinrange -c "$command1 || echo good"
+desc="object in filesys"
+if su -fm $uidinrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
#
# Object suid
#
ugidfw set 1 subject uid $uidrange object suid mode rasx
-echo -n "object notsuid: "
-su -fm $uidinrange -c "$command1 && echo good"
+desc="object notsuid"
+if su -fm $uidinrange -c "$command1"; then
+ pass $desc
+else
+ fail $desc
+fi
+
chmod u+s $file1
-echo -n "object suid: "
-su -fm $uidinrange -c "$command1 || echo good"
+desc="object suid"
+if su -fm $uidinrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
chmod u-s $file1
#
# Object sgid
#
ugidfw set 1 subject uid $uidrange object sgid mode rasx
-echo -n "object notsgid: "
-su -fm $uidinrange -c "$command1 && echo good"
+desc="object notsgid"
+if su -fm $uidinrange -c "$command1"; then
+ pass $desc
+else
+ fail $desc
+fi
+
chmod g+s $file1
-echo -n "object sgid: "
-su -fm $uidinrange -c "$command1 || echo good"
+desc="object sgid"
+if su -fm $uidinrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
chmod g-s $file1
#
# Object uid matches subject
#
ugidfw set 1 subject uid $uidrange object uid_of_subject mode rasx
-echo -n "object uid notmatches subject: "
-su -fm $uidinrange -c "$command2 && echo good"
-echo -n "object uid matches subject: "
-su -fm $uidinrange -c "$command1 || echo good"
+
+desc="object uid notmatches subject"
+if su -fm $uidinrange -c "$command2"; then
+ pass $desc
+else
+ fail $desc
+fi
+
+desc="object uid matches subject"
+if su -fm $uidinrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
#
# Object gid matches subject
#
ugidfw set 1 subject uid $uidrange object gid_of_subject mode rasx
-echo -n "object gid notmatches subject: "
-su -fm $uidinrange -c "$command2 && echo good"
-echo -n "object gid matches subject: "
-su -fm $uidinrange -c "$command1 || echo good"
+
+desc="object gid notmatches subject"
+if su -fm $uidinrange -c "$command2"; then
+ pass $desc
+else
+ fail $desc
+fi
+
+desc="object gid matches subject"
+if su -fm $uidinrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
#
# Object type
#
+desc="object not type"
ugidfw set 1 subject uid $uidrange object type dbclsp mode rasx
-echo -n "object not type: "
-su -fm $uidinrange -c "$command1 && echo good"
-ugidfw set 1 subject uid $uidrange object type r mode rasx
-echo -n "object type: "
-su -fm $uidinrange -c "$command1 || echo good"
+if su -fm $uidinrange -c "$command1"; then
+ pass $desc
+else
+ fail $desc
+fi
+desc="object type"
+ugidfw set 1 subject uid $uidrange object type r mode rasx
+if su -fm $uidinrange -c "$command1"; then
+ fail $desc
+else
+ pass $desc
+fi
More information about the svn-src-all
mailing list