Commit Graph

3 Commits

Author SHA1 Message Date
bz
a693328e46 Start respecting WITHOUT_INET6.
Make regression/priv compile again after the multi-IP jail
changes.  Note that we are still using the legacy jail(2)
rather than the jail_set(2)/jail(3) syscall.
Add an IPv4,  and an IPv6 loopback address in case we compile
with INET6 enabled.

Make the priv_vfs_extattr_system compile on amd64 as well using the
proper length modifier to printf(3) for ssize_t.

Reviewed by:	rwatson
Approved by:	re (kib)
2009-08-13 09:11:47 +00:00
rwatson
2f5eb093a4 Enhance and expand kernel privilege regression tests in support of
work present in FreeBSD 7.0 to refine the kernel privilege model:

- Introduce support for jail as a testing variable, in order to
  confirm that privileges are properly restricted in the jail
  environment.

- Restructure overall testing approach so that privilege and jail
  conditions are set in the testing infrastructure before tests
  are invoked, and done so in a custom-created process to isolate
  the impact of tests from each other in a more consistent way.

- Tests now provide setup and cleanup hooks that occur before and
  after the test runs.

- New privilege tests are now present for several audit
  privileges, several credential management privileges, dmesg
  buffer reading privilege, and netinet raw socket creation.

- Other existing tests are restructured and generally improved as
  a result of better framework structure and jail as a variable.
  For exampe, we now test that certain sysctls are writable only
  outside jail, while others are writable within jail.  On a
  similar note, privileges relating to setting UFS file flags are
  now better exercised, as with the right to chmod and utimes
  files.

Approved by:	re (bmah)
Obtained from:	TrustedBSD Project
2007-09-09 23:08:39 +00:00
rwatson
bd76450bdb dd a series of regression tests to validate that privilege requirements are
implemented properly for a number of kernel subsystems.  In general, they
try to exercise the privilege first as the root user, then as a test user,
in order to determine when privilege is being checked.

Currently, these tests do not compare inside/outside jail, and probably
should be enhanced to do that.

Sponsored by:	nCircle Network Security, Inc.
Obtained from:	TrustedBSD Project
2006-09-13 09:05:39 +00:00