From 70bd4cc89ffd82cf6611540cc17a113837fca5ce Mon Sep 17 00:00:00 2001 From: semarie Date: Fri, 9 Oct 2015 06:44:13 +0000 Subject: [PATCH] follow tame->pledge in regress --- regress/sys/kern/{tame => pledge}/Makefile | 2 +- .../kern/{tame => pledge}/generic/Makefile | 4 +- .../sys/kern/{tame => pledge}/generic/main.c | 26 ++--- .../kern/{tame => pledge}/generic/manager.c | 16 +-- .../kern/{tame => pledge}/generic/manager.h | 2 +- regress/sys/kern/pledge/generic/tests.out | 104 ++++++++++++++++++ .../kern/{tame => pledge}/sigabrt/Makefile | 2 +- .../kern/{tame => pledge}/sigabrt/sigabrt.c | 8 +- regress/sys/kern/pledge/sigabrt/sigabrt.out | 2 + .../kern/{tame => pledge}/sigkill/Makefile | 2 +- .../kern/{tame => pledge}/sigkill/sigkill.c | 8 +- regress/sys/kern/pledge/sigkill/sigkill.out | 2 + regress/sys/kern/tame/generic/tests.out | 104 ------------------ regress/sys/kern/tame/sigabrt/sigabrt.out | 2 - regress/sys/kern/tame/sigkill/sigkill.out | 2 - 15 files changed, 145 insertions(+), 141 deletions(-) rename regress/sys/kern/{tame => pledge}/Makefile (57%) rename regress/sys/kern/{tame => pledge}/generic/Makefile (77%) rename regress/sys/kern/{tame => pledge}/generic/main.c (91%) rename regress/sys/kern/{tame => pledge}/generic/manager.c (95%) rename regress/sys/kern/{tame => pledge}/generic/manager.h (95%) create mode 100644 regress/sys/kern/pledge/generic/tests.out rename regress/sys/kern/{tame => pledge}/sigabrt/Makefile (81%) rename regress/sys/kern/{tame => pledge}/sigabrt/sigabrt.c (87%) create mode 100644 regress/sys/kern/pledge/sigabrt/sigabrt.out rename regress/sys/kern/{tame => pledge}/sigkill/Makefile (81%) rename regress/sys/kern/{tame => pledge}/sigkill/sigkill.c (87%) create mode 100644 regress/sys/kern/pledge/sigkill/sigkill.out delete mode 100644 regress/sys/kern/tame/generic/tests.out delete mode 100644 regress/sys/kern/tame/sigabrt/sigabrt.out delete mode 100644 regress/sys/kern/tame/sigkill/sigkill.out diff --git a/regress/sys/kern/tame/Makefile b/regress/sys/kern/pledge/Makefile similarity index 57% rename from regress/sys/kern/tame/Makefile rename to regress/sys/kern/pledge/Makefile index 77679562375..cd2ac4d4a8c 100644 --- a/regress/sys/kern/tame/Makefile +++ b/regress/sys/kern/pledge/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2015/09/10 11:18:34 semarie Exp $ +# $OpenBSD: Makefile,v 1.1 2015/10/09 06:44:13 semarie Exp $ SUBDIR += sigabrt SUBDIR += sigkill diff --git a/regress/sys/kern/tame/generic/Makefile b/regress/sys/kern/pledge/generic/Makefile similarity index 77% rename from regress/sys/kern/tame/generic/Makefile rename to regress/sys/kern/pledge/generic/Makefile index 65815a42431..28f2da0f1c7 100644 --- a/regress/sys/kern/tame/generic/Makefile +++ b/regress/sys/kern/pledge/generic/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.3 2015/09/24 06:25:54 semarie Exp $ +# $OpenBSD: Makefile,v 1.1 2015/10/09 06:44:13 semarie Exp $ PROG= generic SRCS+= main.c manager.c NOMAN= yes @@ -15,7 +15,7 @@ test_systrace: ${PROG} systrace -A ./${PROG} | diff -I OpenBSD -u ${.CURDIR}/tests.out - regenerate: ${PROG} - echo '# $$OpenBSD: Makefile,v 1.3 2015/09/24 06:25:54 semarie Exp $$' > ${.CURDIR}/tests.out + echo '# $$OpenBSD: Makefile,v 1.1 2015/10/09 06:44:13 semarie Exp $$' > ${.CURDIR}/tests.out ./${PROG} | tee -a ${.CURDIR}/tests.out .include diff --git a/regress/sys/kern/tame/generic/main.c b/regress/sys/kern/pledge/generic/main.c similarity index 91% rename from regress/sys/kern/tame/generic/main.c rename to regress/sys/kern/pledge/generic/main.c index a916177957c..23fbbcb9edd 100644 --- a/regress/sys/kern/tame/generic/main.c +++ b/regress/sys/kern/pledge/generic/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.10 2015/10/06 15:45:31 semarie Exp $ */ +/* $OpenBSD: main.c,v 1.1 2015/10/09 06:44:13 semarie Exp $ */ /* * Copyright (c) 2015 Sebastien Marie * @@ -128,11 +128,11 @@ test_wpaths() } static void -test_tame() +test_pledge() { const char *wpaths[] = { "/sbin", NULL }; - if (tame("stdio rpath", wpaths) != 0) + if (pledge("stdio rpath", wpaths) != 0) _exit(errno); } @@ -270,7 +270,7 @@ main(int argc, char *argv[]) /* kill under proc is allowed */ start_test(&ret, "proc", NULL, test_kill); - /* tests TAME_SELF for permitted syscalls */ + /* tests PLEDGE_SELF for permitted syscalls */ start_test(&ret, "malloc", NULL, test_allowed_syscalls); start_test(&ret, "rw", NULL, test_allowed_syscalls); start_test(&ret, "stdio", NULL, test_allowed_syscalls); @@ -282,7 +282,7 @@ main(int argc, char *argv[]) start_test(&ret, "dns", NULL, test_allowed_syscalls); start_test(&ret, "getpw", NULL, test_allowed_syscalls); - /* tests req without TAME_SELF for "permitted syscalls" */ + /* tests req without PLEDGE_SELF for "permitted syscalls" */ // XXX it is a documentation bug start_test(&ret, "cmsg", NULL, test_allowed_syscalls); start_test(&ret, "ioctl", NULL, test_allowed_syscalls); @@ -311,21 +311,21 @@ main(int argc, char *argv[]) start_test1(&ret, "stdio rpath", ".", test_wpaths); /* - * test tame(2) arguments + * test pledge(2) arguments */ /* same request */ - start_test(&ret, "stdio rpath", NULL, test_tame); + start_test(&ret, "stdio rpath", NULL, test_pledge); /* same request (stdio = malloc rw) */ - start_test(&ret, "malloc rw rpath", NULL, test_tame); + start_test(&ret, "malloc rw rpath", NULL, test_pledge); /* reduce request */ - start_test(&ret, "stdio rpath wpath", NULL, test_tame); + start_test(&ret, "stdio rpath wpath", NULL, test_pledge); /* reduce request (with same/other wpaths) */ - start_test1(&ret, "stdio rpath wpath", "/sbin", test_tame); - start_test1(&ret, "stdio rpath wpath", "/", test_tame); + start_test1(&ret, "stdio rpath wpath", "/sbin", test_pledge); + start_test1(&ret, "stdio rpath wpath", "/", test_pledge); /* add request */ - start_test(&ret, "stdio", NULL, test_tame); + start_test(&ret, "stdio", NULL, test_pledge); /* change request */ - start_test(&ret, "unix", NULL, test_tame); + start_test(&ret, "unix", NULL, test_pledge); /* test stat(2) */ start_test1(&ret, "stdio rpath", "/usr/share/man", test_stat); diff --git a/regress/sys/kern/tame/generic/manager.c b/regress/sys/kern/pledge/generic/manager.c similarity index 95% rename from regress/sys/kern/tame/generic/manager.c rename to regress/sys/kern/pledge/generic/manager.c index c3d0abbc042..800316aed68 100644 --- a/regress/sys/kern/tame/generic/manager.c +++ b/regress/sys/kern/pledge/generic/manager.c @@ -1,4 +1,4 @@ -/* $OpenBSD: manager.c,v 1.5 2015/10/08 10:09:09 semarie Exp $ */ +/* $OpenBSD: manager.c,v 1.1 2015/10/09 06:44:13 semarie Exp $ */ /* * Copyright (c) 2015 Sebastien Marie * @@ -175,7 +175,7 @@ _start_test(int *ret, const char *test_name, const char *request, int i; /* early print testname */ - printf("test(%s): tame=", test_name); + printf("test(%s): pledge=", test_name); if (request) { printf("(\"%s\",", request); if (paths) { @@ -226,9 +226,9 @@ _start_test(int *ret, const char *test_name, const char *request, /* create a new session (for kill) */ setsid(); - /* set tame policy */ - if (request && tame(request, paths) != 0) - err(errno, "tame"); + /* set pledge policy */ + if (request && pledge(request, paths) != 0) + err(errno, "pledge"); /* reset errno and launch test */ errno = 0; @@ -307,7 +307,7 @@ _start_test(int *ret, const char *test_name, const char *request, } - /* grab tamed syscall from dmesg */ + /* grab pledged syscall from dmesg */ if ((signal == SIGKILL) || (signal = SIGABRT)) { int syscall = grab_syscall(pid); switch (syscall) { @@ -318,11 +318,11 @@ _start_test(int *ret, const char *test_name, const char *request, return; case 0: /* not found */ - printf(" tamed_syscall=not_found"); + printf(" pledged_syscall=not_found"); break; default: - printf(" tamed_syscall=%d", syscall); + printf(" pledged_syscall=%d", syscall); } } } diff --git a/regress/sys/kern/tame/generic/manager.h b/regress/sys/kern/pledge/generic/manager.h similarity index 95% rename from regress/sys/kern/tame/generic/manager.h rename to regress/sys/kern/pledge/generic/manager.h index 0960e366d5a..13c52eea75a 100644 --- a/regress/sys/kern/tame/generic/manager.h +++ b/regress/sys/kern/pledge/generic/manager.h @@ -1,4 +1,4 @@ -/* $OpenBSD: manager.h,v 1.1 2015/09/24 06:25:54 semarie Exp $ */ +/* $OpenBSD: manager.h,v 1.1 2015/10/09 06:44:13 semarie Exp $ */ /* * Copyright (c) 2015 Sebastien Marie * diff --git a/regress/sys/kern/pledge/generic/tests.out b/regress/sys/kern/pledge/generic/tests.out new file mode 100644 index 00000000000..5fc8fd7e192 --- /dev/null +++ b/regress/sys/kern/pledge/generic/tests.out @@ -0,0 +1,104 @@ +# $OpenBSD: tests.out,v 1.1 2015/10/09 06:44:13 semarie Exp $ +test(test_nop): pledge=("",NULL) status=0 exit=0 +test(test_inet): pledge=("",NULL) status=9 signal=9 pledged_syscall=97 +test(test_inet): pledge=("abort",NULL) status=134 signal=6 coredump=present pledged_syscall=97 +test(test_inet): pledge=("inet",NULL) status=0 exit=0 +test(test_kill): pledge=("inet",NULL) status=9 signal=9 pledged_syscall=37 +test(test_kill): pledge=("proc",NULL) status=2 signal=2 pledged_syscall=not_found +test(test_allowed_syscalls): pledge=("malloc",NULL) status=0 exit=0 +test(test_allowed_syscalls): pledge=("rw",NULL) status=0 exit=0 +test(test_allowed_syscalls): pledge=("stdio",NULL) status=0 exit=0 +test(test_allowed_syscalls): pledge=("rpath",NULL) status=0 exit=0 +test(test_allowed_syscalls): pledge=("wpath",NULL) status=0 exit=0 +test(test_allowed_syscalls): pledge=("tmppath",NULL) status=0 exit=0 +test(test_allowed_syscalls): pledge=("inet",NULL) status=0 exit=0 +test(test_allowed_syscalls): pledge=("unix",NULL) status=0 exit=0 +test(test_allowed_syscalls): pledge=("dns",NULL) status=0 exit=0 +test(test_allowed_syscalls): pledge=("getpw",NULL) status=0 exit=0 +test(test_allowed_syscalls): pledge=("cmsg",NULL) status=9 signal=9 pledged_syscall=89 +test(test_allowed_syscalls): pledge=("ioctl",NULL) status=9 signal=9 pledged_syscall=89 +test(test_allowed_syscalls): pledge=("proc",NULL) status=9 signal=9 pledged_syscall=89 +test(test_allowed_syscalls): pledge=("cpath",NULL) status=9 signal=9 pledged_syscall=89 +test(test_allowed_syscalls): pledge=("abort",NULL) status=134 signal=6 coredump=present pledged_syscall=89 +test(test_allowed_syscalls): pledge=("fattr",NULL) status=9 signal=9 pledged_syscall=89 +test(test_rpath): pledge=("rpath",NULL) status=0 exit=0 +test(test_wpath): pledge=("wpath",NULL) status=0 exit=0 +test(test_cpath): pledge=("cpath",NULL) status=0 exit=0 +test(test_wpaths): pledge=("stdio rpath",NULL) + open_close("/etc/passwd") fd=3 errno=0 + open_close("generic") fd=3 errno=0 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): pledge=("stdio rpath",{NULL}) + open_close("/etc/passwd") fd=-1 errno=2 + open_close("generic") fd=-1 errno=2 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): pledge=("stdio rpath",{"/",NULL}) + open_close("/etc/passwd") fd=3 errno=0 + open_close("generic") fd=3 errno=0 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): pledge=("stdio rpath",{"/etc",NULL}) + open_close("/etc/passwd") fd=3 errno=0 + open_close("generic") fd=-1 errno=2 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): pledge=("stdio rpath",{"/etc/",NULL}) + open_close("/etc/passwd") fd=3 errno=0 + open_close("generic") fd=-1 errno=2 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): pledge=("stdio rpath",{"/etc/passwd",NULL}) + open_close("/etc/passwd") fd=3 errno=0 + open_close("generic") fd=-1 errno=2 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): pledge=("stdio rpath",{"/bin",NULL}) + open_close("/etc/passwd") fd=-1 errno=2 + open_close("generic") fd=-1 errno=2 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): pledge=("stdio rpath",{"generic",NULL}) + open_close("/etc/passwd") fd=-1 errno=2 + open_close("generic") fd=3 errno=0 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): pledge=("stdio rpath",{"",NULL}) + open_close("/etc/passwd") fd=-1 errno=2 + open_close("generic") fd=3 errno=0 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_wpaths): pledge=("stdio rpath",{".",NULL}) + open_close("/etc/passwd") fd=-1 errno=2 + open_close("generic") fd=3 errno=0 + open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 + open_close("/nonexistent") fd=-1 errno=2 + status=0 exit=0 +test(test_pledge): pledge=("stdio rpath",NULL) status=0 exit=0 +test(test_pledge): pledge=("malloc rw rpath",NULL) status=0 exit=0 +test(test_pledge): pledge=("stdio rpath wpath",NULL) status=0 exit=0 +test(test_pledge): pledge=("stdio rpath wpath",{"/sbin",NULL}) status=256 exit=1 (errno: "Operation not permitted") +test(test_pledge): pledge=("stdio rpath wpath",{"/",NULL}) status=256 exit=1 (errno: "Operation not permitted") +test(test_pledge): pledge=("stdio",NULL) status=256 exit=1 (errno: "Operation not permitted") +test(test_pledge): pledge=("unix",NULL) status=256 exit=1 (errno: "Operation not permitted") +test(test_stat): pledge=("stdio rpath",{"/usr/share/man",NULL}) + stat("/usr/share/man/man8/afterboot.8"): realpath=failed(2) uid=0 gid=7 mode=100444 + stat("/usr/share/man/man8/"): realpath=failed(2) uid=0 gid=0 mode=40755 + stat("/usr/share/man"): realpath=failed(2) uid=0 gid=0 mode=40755 + stat("/usr/share"): realpath=failed(2) errno=2 + stat("/usr"): realpath="/usr" errno=2 + stat("/"): realpath="/" errno=2 + stat("/usr/bin/gzip"): realpath=failed(2) errno=2 + status=0 exit=0 +test(test_mmap): pledge=("rpath malloc prot_exec",{"/dev/zero",NULL}) status=0 exit=0 +test(test_mmap): pledge=("rpath malloc",{"/dev/zero",NULL}) status=9 signal=9 pledged_syscall=197 diff --git a/regress/sys/kern/tame/sigabrt/Makefile b/regress/sys/kern/pledge/sigabrt/Makefile similarity index 81% rename from regress/sys/kern/tame/sigabrt/Makefile rename to regress/sys/kern/pledge/sigabrt/Makefile index cba94fef7f3..43fde4ca8a4 100644 --- a/regress/sys/kern/tame/sigabrt/Makefile +++ b/regress/sys/kern/pledge/sigabrt/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2015/07/27 18:03:36 semarie Exp $ +# $OpenBSD: Makefile,v 1.1 2015/10/09 06:44:13 semarie Exp $ PROG= sigabrt NOMAN= yes diff --git a/regress/sys/kern/tame/sigabrt/sigabrt.c b/regress/sys/kern/pledge/sigabrt/sigabrt.c similarity index 87% rename from regress/sys/kern/tame/sigabrt/sigabrt.c rename to regress/sys/kern/pledge/sigabrt/sigabrt.c index 890f862acd2..ef7dc1db9a7 100644 --- a/regress/sys/kern/tame/sigabrt/sigabrt.c +++ b/regress/sys/kern/pledge/sigabrt/sigabrt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sigabrt.c,v 1.3 2015/09/10 11:16:08 semarie Exp $ */ +/* $OpenBSD: sigabrt.c,v 1.1 2015/10/09 06:44:13 semarie Exp $ */ /* * Copyright (c) 2015 Sebastien Marie * @@ -15,6 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include #include #include #include @@ -36,9 +37,10 @@ main(int argc, char *argv[]) printf("permitted STDIO\n"); fflush(stdout); - tame("abort", NULL); + if (pledge("abort", NULL) == -1) + err(EXIT_FAILURE, "pledge"); - /* this will triggered tame_fail() */ + /* this will triggered pledge_fail() */ printf("forbidden STDIO 1\n"); /* shouldn't continue */ diff --git a/regress/sys/kern/pledge/sigabrt/sigabrt.out b/regress/sys/kern/pledge/sigabrt/sigabrt.out new file mode 100644 index 00000000000..b0261dd76ae --- /dev/null +++ b/regress/sys/kern/pledge/sigabrt/sigabrt.out @@ -0,0 +1,2 @@ +$OpenBSD: sigabrt.out,v 1.1 2015/10/09 06:44:13 semarie Exp $ +permitted STDIO diff --git a/regress/sys/kern/tame/sigkill/Makefile b/regress/sys/kern/pledge/sigkill/Makefile similarity index 81% rename from regress/sys/kern/tame/sigkill/Makefile rename to regress/sys/kern/pledge/sigkill/Makefile index 86910e48f01..3aeca2487cf 100644 --- a/regress/sys/kern/tame/sigkill/Makefile +++ b/regress/sys/kern/pledge/sigkill/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2015/07/27 18:03:36 semarie Exp $ +# $OpenBSD: Makefile,v 1.1 2015/10/09 06:44:13 semarie Exp $ PROG= sigkill NOMAN= yes diff --git a/regress/sys/kern/tame/sigkill/sigkill.c b/regress/sys/kern/pledge/sigkill/sigkill.c similarity index 87% rename from regress/sys/kern/tame/sigkill/sigkill.c rename to regress/sys/kern/pledge/sigkill/sigkill.c index cdc6e3be159..fcabcd0b1cb 100644 --- a/regress/sys/kern/tame/sigkill/sigkill.c +++ b/regress/sys/kern/pledge/sigkill/sigkill.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sigkill.c,v 1.3 2015/09/10 11:16:08 semarie Exp $ */ +/* $OpenBSD: sigkill.c,v 1.1 2015/10/09 06:44:13 semarie Exp $ */ /* * Copyright (c) 2015 Sebastien Marie * @@ -15,6 +15,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include #include #include #include @@ -37,9 +38,10 @@ main(int argc, char *argv[]) printf("permitted STDIO\n"); fflush(stdout); - tame("", NULL); + if (pledge("", NULL) == -1) + err(EXIT_FAILURE, "pledge"); - /* this will triggered tame_fail() */ + /* this will triggered pledge_fail() */ printf("forbidden STDIO 1\n"); /* shouldn't continue */ diff --git a/regress/sys/kern/pledge/sigkill/sigkill.out b/regress/sys/kern/pledge/sigkill/sigkill.out new file mode 100644 index 00000000000..936362eab98 --- /dev/null +++ b/regress/sys/kern/pledge/sigkill/sigkill.out @@ -0,0 +1,2 @@ +$OpenBSD: sigkill.out,v 1.1 2015/10/09 06:44:13 semarie Exp $ +permitted STDIO diff --git a/regress/sys/kern/tame/generic/tests.out b/regress/sys/kern/tame/generic/tests.out deleted file mode 100644 index 69e1118ad20..00000000000 --- a/regress/sys/kern/tame/generic/tests.out +++ /dev/null @@ -1,104 +0,0 @@ -# $OpenBSD: tests.out,v 1.9 2015/10/06 15:45:31 semarie Exp $ -test(test_nop): tame=("",NULL) status=0 exit=0 -test(test_inet): tame=("",NULL) status=9 signal=9 tamed_syscall=97 -test(test_inet): tame=("abort",NULL) status=134 signal=6 coredump=present tamed_syscall=97 -test(test_inet): tame=("inet",NULL) status=0 exit=0 -test(test_kill): tame=("inet",NULL) status=9 signal=9 tamed_syscall=37 -test(test_kill): tame=("proc",NULL) status=2 signal=2 tamed_syscall=not_found -test(test_allowed_syscalls): tame=("malloc",NULL) status=0 exit=0 -test(test_allowed_syscalls): tame=("rw",NULL) status=0 exit=0 -test(test_allowed_syscalls): tame=("stdio",NULL) status=0 exit=0 -test(test_allowed_syscalls): tame=("rpath",NULL) status=0 exit=0 -test(test_allowed_syscalls): tame=("wpath",NULL) status=0 exit=0 -test(test_allowed_syscalls): tame=("tmppath",NULL) status=0 exit=0 -test(test_allowed_syscalls): tame=("inet",NULL) status=0 exit=0 -test(test_allowed_syscalls): tame=("unix",NULL) status=0 exit=0 -test(test_allowed_syscalls): tame=("dns",NULL) status=0 exit=0 -test(test_allowed_syscalls): tame=("getpw",NULL) status=0 exit=0 -test(test_allowed_syscalls): tame=("cmsg",NULL) status=9 signal=9 tamed_syscall=89 -test(test_allowed_syscalls): tame=("ioctl",NULL) status=9 signal=9 tamed_syscall=89 -test(test_allowed_syscalls): tame=("proc",NULL) status=9 signal=9 tamed_syscall=89 -test(test_allowed_syscalls): tame=("cpath",NULL) status=9 signal=9 tamed_syscall=89 -test(test_allowed_syscalls): tame=("abort",NULL) status=134 signal=6 coredump=present tamed_syscall=89 -test(test_allowed_syscalls): tame=("fattr",NULL) status=9 signal=9 tamed_syscall=89 -test(test_rpath): tame=("rpath",NULL) status=0 exit=0 -test(test_wpath): tame=("wpath",NULL) status=0 exit=0 -test(test_cpath): tame=("cpath",NULL) status=0 exit=0 -test(test_wpaths): tame=("stdio rpath",NULL) - open_close("/etc/passwd") fd=3 errno=0 - open_close("generic") fd=3 errno=0 - open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 - open_close("/nonexistent") fd=-1 errno=2 - status=0 exit=0 -test(test_wpaths): tame=("stdio rpath",{NULL}) - open_close("/etc/passwd") fd=-1 errno=2 - open_close("generic") fd=-1 errno=2 - open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 - open_close("/nonexistent") fd=-1 errno=2 - status=0 exit=0 -test(test_wpaths): tame=("stdio rpath",{"/",NULL}) - open_close("/etc/passwd") fd=3 errno=0 - open_close("generic") fd=3 errno=0 - open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 - open_close("/nonexistent") fd=-1 errno=2 - status=0 exit=0 -test(test_wpaths): tame=("stdio rpath",{"/etc",NULL}) - open_close("/etc/passwd") fd=3 errno=0 - open_close("generic") fd=-1 errno=2 - open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 - open_close("/nonexistent") fd=-1 errno=2 - status=0 exit=0 -test(test_wpaths): tame=("stdio rpath",{"/etc/",NULL}) - open_close("/etc/passwd") fd=3 errno=0 - open_close("generic") fd=-1 errno=2 - open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 - open_close("/nonexistent") fd=-1 errno=2 - status=0 exit=0 -test(test_wpaths): tame=("stdio rpath",{"/etc/passwd",NULL}) - open_close("/etc/passwd") fd=3 errno=0 - open_close("generic") fd=-1 errno=2 - open_close("../../../../../../../../../../../../../../../etc/passwd") fd=3 errno=0 - open_close("/nonexistent") fd=-1 errno=2 - status=0 exit=0 -test(test_wpaths): tame=("stdio rpath",{"/bin",NULL}) - open_close("/etc/passwd") fd=-1 errno=2 - open_close("generic") fd=-1 errno=2 - open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 - open_close("/nonexistent") fd=-1 errno=2 - status=0 exit=0 -test(test_wpaths): tame=("stdio rpath",{"generic",NULL}) - open_close("/etc/passwd") fd=-1 errno=2 - open_close("generic") fd=3 errno=0 - open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 - open_close("/nonexistent") fd=-1 errno=2 - status=0 exit=0 -test(test_wpaths): tame=("stdio rpath",{"",NULL}) - open_close("/etc/passwd") fd=-1 errno=2 - open_close("generic") fd=3 errno=0 - open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 - open_close("/nonexistent") fd=-1 errno=2 - status=0 exit=0 -test(test_wpaths): tame=("stdio rpath",{".",NULL}) - open_close("/etc/passwd") fd=-1 errno=2 - open_close("generic") fd=3 errno=0 - open_close("../../../../../../../../../../../../../../../etc/passwd") fd=-1 errno=2 - open_close("/nonexistent") fd=-1 errno=2 - status=0 exit=0 -test(test_tame): tame=("stdio rpath",NULL) status=0 exit=0 -test(test_tame): tame=("malloc rw rpath",NULL) status=0 exit=0 -test(test_tame): tame=("stdio rpath wpath",NULL) status=0 exit=0 -test(test_tame): tame=("stdio rpath wpath",{"/sbin",NULL}) status=256 exit=1 (errno: "Operation not permitted") -test(test_tame): tame=("stdio rpath wpath",{"/",NULL}) status=256 exit=1 (errno: "Operation not permitted") -test(test_tame): tame=("stdio",NULL) status=256 exit=1 (errno: "Operation not permitted") -test(test_tame): tame=("unix",NULL) status=256 exit=1 (errno: "Operation not permitted") -test(test_stat): tame=("stdio rpath",{"/usr/share/man",NULL}) - stat("/usr/share/man/man8/afterboot.8"): realpath=failed(2) uid=0 gid=7 mode=100444 - stat("/usr/share/man/man8/"): realpath=failed(2) uid=0 gid=0 mode=40755 - stat("/usr/share/man"): realpath=failed(2) uid=0 gid=0 mode=40755 - stat("/usr/share"): realpath=failed(2) errno=2 - stat("/usr"): realpath="/usr" errno=2 - stat("/"): realpath="/" errno=2 - stat("/usr/bin/gzip"): realpath=failed(2) errno=2 - status=0 exit=0 -test(test_mmap): tame=("rpath malloc prot_exec",{"/dev/zero",NULL}) status=0 exit=0 -test(test_mmap): tame=("rpath malloc",{"/dev/zero",NULL}) status=9 signal=9 tamed_syscall=197 diff --git a/regress/sys/kern/tame/sigabrt/sigabrt.out b/regress/sys/kern/tame/sigabrt/sigabrt.out deleted file mode 100644 index 7c93c1299f3..00000000000 --- a/regress/sys/kern/tame/sigabrt/sigabrt.out +++ /dev/null @@ -1,2 +0,0 @@ -$OpenBSD: sigabrt.out,v 1.1 2015/07/27 18:03:36 semarie Exp $ -permitted STDIO diff --git a/regress/sys/kern/tame/sigkill/sigkill.out b/regress/sys/kern/tame/sigkill/sigkill.out deleted file mode 100644 index d593f6ee318..00000000000 --- a/regress/sys/kern/tame/sigkill/sigkill.out +++ /dev/null @@ -1,2 +0,0 @@ -$OpenBSD: sigkill.out,v 1.1 2015/07/27 18:03:36 semarie Exp $ -permitted STDIO -- 2.20.1