tools/regression/fstest/tests/chflags/09.t

   1 #!/bin/sh
   2 # $FreeBSD$
   3
   4 desc="chflags returns EPERM when one of SF_IMMUTABLE, SF_APPEND, or SF_NOUNLINK is set and securelevel is greater than 0"
   5
   6 dir=`dirname $0`
   7 . ${dir}/../misc.sh
   8
   9 require chflags
  10
  11 echo "1..102"
  12
  13 n0=`namegen`
  14 n1=`namegen`
  15 n2=`namegen`
  16
  17 old=`sysctl -n security.jail.chflags_allowed`
  18 sysctl security.jail.chflags_allowed=1 >/dev/null
  19
  20 expect 0 mkdir ${n0} 0755
  21 cdir=`pwd`
  22 cd ${n0}
  23
  24 expect 0 create ${n1} 0644
  25 expect 0 chown ${n1} 65534 65534
  26 for flag in SF_IMMUTABLE SF_APPEND SF_NOUNLINK; do
  27         expect 0 chflags ${n1} ${flag}
  28         jexpect 1 `pwd` EPERM chflags ${n1} UF_IMMUTABLE
  29         expect ${flag} stat ${n1} flags
  30         jexpect 1 `pwd` EPERM -u 65533 -g 65533 chflags ${n1} UF_IMMUTABLE
  31         expect ${flag} stat ${n1} flags
  32         jexpect 1 `pwd` EPERM -u 65534 -g 65534 chflags ${n1} UF_IMMUTABLE
  33         expect ${flag} stat ${n1} flags
  34 done
  35 expect 0 chflags ${n1} none
  36 expect 0 unlink ${n1}
  37
  38 expect 0 mkdir ${n1} 0755
  39 expect 0 chown ${n1} 65534 65534
  40 for flag in SF_IMMUTABLE SF_APPEND SF_NOUNLINK; do
  41         expect 0 chflags ${n1} ${flag}
  42         jexpect 1 `pwd` EPERM chflags ${n1} UF_IMMUTABLE
  43         expect ${flag} stat ${n1} flags
  44         jexpect 1 `pwd` EPERM -u 65533 -g 65533 chflags ${n1} UF_IMMUTABLE
  45         expect ${flag} stat ${n1} flags
  46         jexpect 1 `pwd` EPERM -u 65534 -g 65534 chflags ${n1} UF_IMMUTABLE
  47         expect ${flag} stat ${n1} flags
  48 done
  49 expect 0 chflags ${n1} none
  50 expect 0 rmdir ${n1}
  51
  52 expect 0 mkfifo ${n1} 0644
  53 expect 0 chown ${n1} 65534 65534
  54 for flag in SF_IMMUTABLE SF_APPEND SF_NOUNLINK; do
  55         expect 0 chflags ${n1} ${flag}
  56         jexpect 1 `pwd` EPERM chflags ${n1} UF_IMMUTABLE
  57         expect ${flag} stat ${n1} flags
  58         jexpect 1 `pwd` EPERM -u 65533 -g 65533 chflags ${n1} UF_IMMUTABLE
  59         expect ${flag} stat ${n1} flags
  60         jexpect 1 `pwd` EPERM -u 65534 -g 65534 chflags ${n1} UF_IMMUTABLE
  61         expect ${flag} stat ${n1} flags
  62 done
  63 expect 0 chflags ${n1} none
  64 expect 0 unlink ${n1}
  65
  66 expect 0 symlink ${n2} ${n1}
  67 expect 0 lchown ${n1} 65534 65534
  68 for flag in SF_IMMUTABLE SF_APPEND SF_NOUNLINK; do
  69         expect 0 lchflags ${n1} ${flag}
  70         jexpect 1 `pwd` EPERM lchflags ${n1} UF_IMMUTABLE
  71         expect ${flag} lstat ${n1} flags
  72         jexpect 1 `pwd` EPERM -u 65533 -g 65533 lchflags ${n1} UF_IMMUTABLE
  73         expect ${flag} lstat ${n1} flags
  74         jexpect 1 `pwd` EPERM -u 65534 -g 65534 lchflags ${n1} UF_IMMUTABLE
  75         expect ${flag} lstat ${n1} flags
  76 done
  77 expect 0 lchflags ${n1} none
  78 expect 0 unlink ${n1}
  79
  80 sysctl security.jail.chflags_allowed=${old} >/dev/null
  81 cd ${cdir}
  82 expect 0 rmdir ${n0}