subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
o Add mount and umount actions so that partitions can be in use.
o Extend the testing of the add verb to include overlapping
partitions.
o Add tests for the remove verb. this includes tests to remove
a partition when in use (i.e. is mounted).
o Add a MD5 checksum to the output of the conf action so that
it can be tested. Make sure the MD5 doesn't vary based on
certain dynamic behaviour that is irrelevant to the output.
o Add MD5 checksums to the expected result of conf actions.
Add support for read-write parameters. Allow an optional initializer
for read-write parameters. Print the value of those parameters on
success following the PASS.
the first part before starting, or the TCP port we want to bind may be in
use still. Sleep for a short period between tests.
Use SIGTERM instead of SIGKILL.
pru_abort() by closing a listen socket while completed connections are
presenting in its listen queue. Unfortunately, it's difficult to
trigger the other two pru_abort() cases using user APIs, so they are
not covered by this test.
mode. Support both connection via connect() and sendto(), but don't
compile in sendto() for now, since netipx doesn't appear to actually
implement that (doh).
times, with variable length sleeps between socket() and close(). This
will help to ensure that IPX/SPX timers fire while the sockets are
open, and hence have PCB's on the IPX pcb list, so that if timers are
going to stumble over PCB types they don't expect, it will happen as
part of this test.
o Change the result of gctl(001) now that a bogus verb still requires
a valid geom,
o Insert gctl(024) to test for an appropriate error when a bogus verb
is given that does have a proper geom parameter.
whole name. This does not unnecessarily close the door that in some
future we want to test on something other than md(4) devices.
Also add a "conf" action so that we can check whether a gctl actually
did the right thing or not. It's one thing to check that the result
strings are as expected, but it doesn't tell us if the end result is
correct. This needs a bit more fleshing out, but for now a visual
(i.e. manual) check suffices.
mdconfig(8), because we need a disk to work on.
o Extend the number of tests now that we have a disk.
o Simplify the driver. All parameters are ASCII strings now.
The testsuite is based on a simple driver program that builds a
request from the arguments passed to it and issues the request to
Geom. The driver emits FAIL with the error string or PASS depending
on whether the request completed with an error or not. A -v option
has been added to the driver and causes the request to be dumped.
The -v option to prove(1) controls the -v option to the driver.
The testsuite itself contains a hash of which the key constitutes
the arguments and the value is the expected result.
creation and at time of update using an additional call to listen().
This test also exercises SO_LISTENQLIMIT, a forthcoming socket option
that allows the retrieval (but not setting) of the queue limit.
Discussed with: andre
relating to O_RDWR file descriptors, which while not defined in POSIX,
are in fact used:
(1) Revise assumption that we have two file descriptors when testing I/O
operations on a fifo. Provide cleanup routines that handle either
two or three file descriptors (including a kqueue descriptor).
(2) Add an openfifo_rw() routine to supplement openfifo().
(3) kqueue_setup() now configures an existing kqueue to monitor a new
file descriptor, rather than allocating a new kqueue to monitor two
existing file descriptors.
(4) Wrap all direct poll/select/kqueue/FIONREAD interactions in a single
function, assert_status(), which takes a file descriptor, kqueue
descriptor, assertion of read/writable/exception states, and
test description, then tests the assertion. This reduces the bulk
of calls in many of the tests, making them shorter, more readable,
and easier to determine correct.
(5) Add a new test_events_rdwr() function, which performs a basic create/
write/read event test on a O_RDWR fifo file descriptor. This is
currently failed by our fifo code in HEAD due to a bug in FIONREAD
handling. Fix to be merged shortly.
Add test_kqueue(), which registers and unregisters various kqueue filter
types on a fifo in order to make sure that EVFILT_READ, EVFILT_WRITE can
be registered, and that EVFILT_NETDEV can't be registered. For now, we
don't test that EVFILT_VNODE can be registered on fifos, as that has been
broken at some point.
- Teach fifo_io about kqueue monitoring of fifo file descriptor status,
and add test cases for kqueue to match existing case for poll and
select. Add a new cleanup routine, cleanfifokq(), for use in tests that
use kqueues. kqueue_setup() sets up kqueue sessions, and kqueue_status()
returns file descriptor status.
- Correct a bug in select handling relating to the nfds argument, which
was incorrect so resulted in select occuring on the wrong file descriptor,
and possible false positive/negative results.
- Clarify error reporting in one byte write+read tests to distinguish
errors in the after case from the before case.
that don't obviously fit into create, open, and io. For now, add only a
regression test to make sure that lseek() fails with ESPIPE (which it
doesn't).
multicast group using a raw socket, then removing the interface on which
the group is found, and joining a multicast group using a udp socket,
then removing the interface on which the group is found. An if_disc
interface is used as the interface on which to attach.
NB: A panic currently results from running this regression test, so do
so with caution.
PR: 77665
Reported by: Gavin Atkinson <gavin dot atkinson at ury dot york dot ac dot uk>
Reported by: Brooks Davis <brooks at FreeBSD dot org>
- Test that the basic socket options have the right defaults, that we can
change them, read them back, etc.
- Add and remove some multicast addresses.
- Send a loopback multicast address and make sure it arrives intact.
There's more that could be done here, but it's a start.
MFC after: 3 days
using my own script to handle it. I wrote my own partially because
of all the quoting-issues involved with testing what I wanted to test,
and partially because this lets me commit one script and one data file,
instead of one-file-per-regression-test.
This suite was good enough for my initial testing (and it did help me
find a few bugs that would have otherwise been missed). I'm not sure
how well it will work in general use, but I figured I might as well
commit it. It won't *hurt* to have it available. At the worst, people
can just ignore it.
Approved by: re (blanket `env')
o getsockopt(SO_ACCEPTFILTER) always returns success on listen socket
even we didn't install accept filter on the socket.
o Fix these bugs and add regression tests for them.
Submitted by: Igor Sysoev [1]
Reviewed by: alfred
MFC after: 2 weeks
so that make(1) will run in an almost clean environment and enhance the
description of the test infrastructure.
Add the ability to have multiple tests carried out per test script.
Give some tests more meaningful names.
Fix the usage message from the test scripts.
Make it possible to pass several commands to the test scripts like:
'sh test.t setup run compare clean'.
shell meta characters it is not passed to the shell, but the command
is executed directly (given that the line is not a shell builtin) and
that the line with a meta character is passed to the shell.
Currently only performs basic tests against the library string routines,
and queries less important kernel state.
Obtained from: TrustedBSD Project
Sponsored by: SPAWAR, SPARTA
MFC after: 3 days
intended to verify that SIGPIPE is delivered to a process writing or
sending on a socket that has been shut down for write. If available,
SO_NOSIGPIPE is also tested.
This regression test is currently passed by RELENG_4, but not by HEAD or
RELENG_5, due to a bug in the write() code for sockets. SO_NOSIGPIPE is not
present in RELENG_4, however, so is not tested there.
Reported by: Mikko Tyolajarvi <mbsd at pacbell dot net>
PR: 78478
and adjust the path in the Makefile for the upgrade_checks target.
These checks are really feature upgrade checks that should be fast
and just find out whether we need to build a new make before
proceeding with other targets like buildworld. This makes the
place free for a real regression test suite in the old place.
http://www.ambrisko.com/doug/listio_kqueue/listio_kqueue.patch
Note: it is a good idea to run this against a physical drive to
exercise the physio fast path (ie. lio_kqueue /dev/<something safe>)
This will ensure op's counting per LIO request is correct. It is
currently broken the above patch fixes it.
Sponsored by: IronPort
against a disk as the argument. If you don't it will use a temp file.
The raw disk will use the kernel physio fast path method until the
max number of pending op's is reached then it will queue them. File
system op's are always queued. This is more important with LIO since
operation can get split across and accounting of op's is broken with LIO.
Note that this was broken when locking was added to kqueue (ie. 5.3)
My fix needs to be better integrated with FreeBSD.
Next is an LIO test and implementation.
Sponsored by: IronPort
- Use fesetround() instead of fpsetround(), and add tests for
various rounding modes.
- Test that all NaNs generated are quiet.
Some of these tests won't pass until problems in vendor sources
(gdtoa and gcc) are fixed and new versions imported, but I
want to get these changes into the tree before I accidentally
blow them away again. :-(
tests. (Buy 10, get one free!) The separate categories were
already there; they just weren't labeled.
- Use fesetround() instead of fpsetround(), since the former is
standard and implemented on all supported architectures. Add
tests for each rounding mode.
- Add additional tests for subnormals.
Some of these tests won't pass until problems in vendor sources
(gdtoa and gcc) are fixed and new versions imported, but I
want to get these changes into the tree before I accidentally
blow them away.
bind()/connect() system calls, which is intended to confirm that the
right successes and errors occur when rendezvousing via the file system
name space.
and as long as we're not compiling with IPA, gcc(1) won't optimize
the call away. The whole purpose of using memcpy(3) is to avoid
misaligned loads and stores when we need to read or write the value
in the unaligned memory location. But if gcc(1) optimizes the call
to memcpy(3) away, it will typically introduce misaligned loads and
stores. In this context that's not a good idea.
60. The postinc store tests currently fail (value mismatch). Hence
the score as of this commit is 48 out of 60. Either the kernel or
the tests need to be fixed.
the given providers. Without even one of the configured components there
should be no way to get the secret.
Supported by: WHEEL Sp. z o.o.
http://www.wheel.pl
float, double and long double types. No post-increment tests yet.
All tests are skipped if the debug.unaligned_test sysctl variable
cannot be set to 1.
by forcing the creation of an object directory for the make regression
tests. Let make handle the tracking of the dependency and installation
of test_shell script.
Submitted by: ru
then reads from a fairly broad range of object types: regular file,
fifo, UNIX socketpair, pty, UNIX pipe, and an md device. Not a deep
test of functionality, just a basic test that aio_write followed by
aio_read returns the correct data in a relatively timely manner.
Requested by: phk
that you create one of the object directories make knows (see make(1)).
This uses the -C flag, so add a test that checks that make actually accepts
-C. Also fix the test that selects csh via the .SHELL target to work for
tcsh users too.
This commit renames shell_test to shell_test.sh. There is no history
to preserve so go without a repo-copy.
Reviewed by: ru
other until the window is closed. Then one of the sockets is closed, which
will generate a RST once the TCP at the other socket does a window probe.
All versions of FreeBSD prior to 11/26/2004 will ignore this RST into a 0
window, causing the connection (and application) to hang indefinitely.
On patched versions of FreeBSD (and other operating systems), the RST
will be accepted and the program will exit in a few seconds.
Submitted by: Michiel Boland
Reviewed by: silby
understood by Perl's Test::Harness module and prove(1) commands.
Update README to describe the new protocol. The work's broken down into
two main sets of changes.
First, update the existing test programs (shell scripts and C programs)
to produce output in the ok/not ok format, and to, where possible, also
produce a header describing the number of tests that are expected to be
run.
Second, provide the .t files that actually run the tests. In some cases
these are copies of, or very similar too, scripts that already existed.
I've kept the old scripts around so that it's possible to verify that
behaviour under this new system (in terms of whether or not a test fails)
is identical to the behaviour under the old system.
Add a TODO file.
performs a non-blocking connect from another socket, and then closes
the listen socket rather than accepting. This is intended to
exercise the close path in which connections are aborted due to a
close on the listen socket while the connection is in the listen
queue.
- Consistently use err/errx/warnx throughout, rather than using perror()
and exit().
- Teach the tests how to better manage (and therefore test) privilege:
in particular, how to create sockes with root credentials but exercise
the privileges with non-root credentials, etc.
- Teach the test suite to apply each of the non-IP_HDRINCL options across
each of SOCK_DGRAM, SOCK_STREAM, and SOCK_RAW.
atempts to read and write various IP-level socket options as root and
nobody, making sure the initial values are as expected, that they can
be changed to valid values and take effect, etc. No attempt is made
to check for the correct implementation of side effects (such as
changes in packet headers) as yet.
The IP options section is currently broken but will be fixed shortly.
Not all multicast options are currently tested.
elementary exercising of kqueues on datagram and stream sockets. Note
that the datagram write kqueue case is left untested due to potentially
confusing behavior for the developer (me) that might require attention.
features. The gmirror(8) utility should be used for control of this class.
There is no manual page yet, but I'm working on it with keramida@.
Many useful tests provided by: simon (thank you!)
Some ideas from: scottl, simon, phk
filter to an inet socket and check at various points during the socket
life cycle that the filter can or cannot be attached, and that once
attached that the right one is attached and that it can be queried.
This isn't a classic regression test in that it doesn't have a notion of
pass fail, it's more of an exercise tool. It attempts to exercise
unbound, bound, unconnected, and connected variations on SOCK_DGRAM
sockets.
empty file so if you accidently apply a patch created with diff -N
twice, you get files with duplicate contents.
Reported by: Antoine Brodin <antoine.brodin at laposte.net>
regressions would be to see the program or your kernel crashing.
If you want to give it something to really test out, try a much more
reentrant version of the resolver.
<URL:http://green.homeunix.org/~green/reentrant_resolver.patch>
Any Mozilla-based browser would show you a clear difference.
UNI protocols. The actual test suites are not in these directories because
of their size. One needs to install the atmsupport port (the script
will remind you, if it cannot find the port).
The SSCOP test suite includes booth the ETSI and the ITU-T test suite,
the SSCF-UNI test suite is home grown and the UNI test suite is the
P2MP ETSI test suite. Others may follow.
While here, disable some of the long double tests on i386, since
FreeBSD/i386 is the only port that doesn't evaluate long doubles in
their full precision (due to constant folding bugs in gcc).
vendor's strtod() implementation.
While here, disable some of the long double tests on i386, since
FreeBSD/i386 is the only port that doesn't evaluate long doubles in
their full precision (due to constant folding bugs in gcc).
regular expression as the first argument to a substitute command. If
used to test a sed which (erroneously) evaluates this at translation
time rather than at execution time, the bugged sed is put into an
infinite loop. This mode of failure seems excessive. Such a failing
sed is the Free Software Foundation's sed 3.02.
The specific test was also not being executed for the BSD sed.
Both problems are now fixed.
PR: misc/25585
Submitted by: Walter Briscoe <w.briscoe@ponl.com>
Approved by: schweikh (mentor)
MFC after: 2 weeks
warning: duplicate script for target "double" ignored
The regression-tests do try to hide that message, but the message does
still appear when using -j (eg: 'make -j5 buildworld'). This changes the
regression-test so the expected warning message will not be seen even
when -j is specified.
Reviewed by: jmallett ru
the value of the supplied wide character is ignored and L'\0' is used
instead. Remove incorrect comments about "internal buffer" since wcrtomb()
does not have one (wctomb() does).
If somebody wanted to, this could for the beginning of a "libkernel"
which could be used to run kernel code in userland.
Sponsored by: DARPA & NAI Labs.