Date: Fri, 20 Jul 2007 08:27:24 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 123768 for review Message-ID: <200707200827.l6K8RO5p030985@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=123768 Change 123768 by zhouzhouyi@zhouzhouyi_mactest on 2007/07/20 08:27:03 requirement for doing a rename is quite strict :-) Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/rename/00.t#2 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/regression/mactest/tests/rename/00.t#2 (text+ko) ==== @@ -7,7 +7,7 @@ dir=`dirname $0` . ${dir}/../misc.sh -echo "1..5" +echo "1..8" n0=`namegen` n1=`namegen` @@ -50,7 +50,7 @@ echo "biba/high(low-high),mls/7(low-high) biba/high,mls/6 biba/high,mls/7" >> ${mactest_conf} mactestexpect "" EACCES -m "mls/7(low-high)" -f ${mactest_conf} rename ${n2} ${n1} - +############################################################# #case the mls label of the process is equal the parent dir but dominated by the file echo -n "pid = -1 mac_test_check_vnode_rename_from:" > ${mactest_conf} echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/7" >> ${mactest_conf} @@ -62,10 +62,28 @@ echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 NULL" >> ${mactest_conf} mactestexpect "" 0 -m "mls/6(low-high)" -f ${mactest_conf} rename ${n2} ${n1} +############################################################# +#setfmac, the hooks already got checked + rm ${mactest_conf} + touch ${mactest_conf} + mactestexpect "" "" -m "mls/7(low-high)" -f ${mactest_conf} system setfmac "mls/5" ${n1} + +############################################################# +#the mls requirement for rename is very strict :-) +#the process mls label must dominate parent dir's label for lookup + echo -n "pid = -1 mac_test_check_vnode_lookup:" > ${mactest_conf} + echo "biba/high(low-high),mls/5(low-high) biba/high,mls/6" >> ${mactest_conf} + mactestexpect "" EACCES -m "mls/5(low-high)" -f ${mactest_conf} rename ${n1} ${n0} + + +#both parent dir's label and object's label must dominate +#process's label + echo -n "pid = -1 mac_test_check_vnode_rename_from:" > ${mactest_conf} + echo "biba/high(low-high),mls/6(low-high) biba/high,mls/6 biba/high,mls/5" >> ${mactest_conf} + mactestexpect "" EACCES -m "mls/6(low-high)" -f ${mactest_conf} rename ${n1} ${n0} +#cleanup: t=`sysctl security.mac.mls.enabled=0` echo "disabling mac/mls!" - -#cleanup: cd .. rm -fr ${n3} rm ${mactest_conf}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707200827.l6K8RO5p030985>