9 # security.mac.portacl.suser_exempt value doesn't affect unprivileged users
11 # mac_portacl has no impact on ports <= net.inet.ip.portrange.reservedhigh.
13 sysctl security.mac.portacl.suser_exempt=1 >/dev/null
14 sysctl net.inet.ip.portrange.reservedhigh=78 >/dev/null
16 bind_test fl fl uid nobody tcp 77
17 bind_test ok ok uid nobody tcp 7777
18 bind_test fl fl uid nobody udp 77
19 bind_test ok ok uid nobody udp 7777
21 bind_test fl fl gid nobody tcp 77
22 bind_test ok ok gid nobody tcp 7777
23 bind_test fl fl gid nobody udp 77
24 bind_test ok ok gid nobody udp 7777
26 sysctl security.mac.portacl.suser_exempt=0 >/dev/null
28 bind_test fl fl uid nobody tcp 77
29 bind_test ok ok uid nobody tcp 7777
30 bind_test fl fl uid nobody udp 77
31 bind_test ok ok uid nobody udp 7777
33 bind_test fl fl gid nobody tcp 77
34 bind_test ok ok gid nobody tcp 7777
35 bind_test fl fl gid nobody udp 77
36 bind_test ok ok gid nobody udp 7777
38 # Verify if security.mac.portacl.port_high works.
40 sysctl security.mac.portacl.port_high=7778 >/dev/null
42 bind_test fl fl uid nobody tcp 77
43 bind_test fl ok uid nobody tcp 7777
44 bind_test fl fl uid nobody udp 77
45 bind_test fl ok uid nobody udp 7777
47 bind_test fl fl gid nobody tcp 77
48 bind_test fl ok gid nobody tcp 7777
49 bind_test fl fl gid nobody udp 77
50 bind_test fl ok gid nobody udp 7777
52 # Verify if mac_portacl rules work.
54 sysctl net.inet.ip.portrange.reservedhigh=76 >/dev/null
55 sysctl security.mac.portacl.port_high=7776 >/dev/null
57 bind_test fl ok uid nobody tcp 77
58 bind_test ok ok uid nobody tcp 7777
59 bind_test fl ok uid nobody udp 77
60 bind_test ok ok uid nobody udp 7777
62 bind_test fl ok gid nobody tcp 77
63 bind_test ok ok gid nobody tcp 7777
64 bind_test fl ok gid nobody udp 77
65 bind_test ok ok gid nobody udp 7777