4 desc="chflags returns EPERM when one of SF_IMMUTABLE, SF_APPEND, or SF_NOUNLINK is set and securelevel is greater than 0"
17 old=`sysctl -n security.jail.chflags_allowed`
18 sysctl security.jail.chflags_allowed=1 >/dev/null
20 expect 0 mkdir ${n0} 0755
24 expect 0 create ${n1} 0644
25 expect 0 chown ${n1} 65534 65534
26 for flag in SF_IMMUTABLE SF_APPEND SF_NOUNLINK; do
27 expect 0 chflags ${n1} ${flag}
28 jexpect 1 `pwd` EPERM chflags ${n1} UF_NODUMP
29 expect ${flag} stat ${n1} flags
30 jexpect 1 `pwd` EPERM -u 65533 -g 65533 chflags ${n1} UF_NODUMP
31 expect ${flag} stat ${n1} flags
32 jexpect 1 `pwd` EPERM -u 65534 -g 65534 chflags ${n1} UF_NODUMP
33 expect ${flag} stat ${n1} flags
35 expect 0 chflags ${n1} none
38 expect 0 mkdir ${n1} 0755
39 expect 0 chown ${n1} 65534 65534
40 for flag in SF_IMMUTABLE SF_APPEND SF_NOUNLINK; do
41 expect 0 chflags ${n1} ${flag}
42 jexpect 1 `pwd` EPERM chflags ${n1} UF_NODUMP
43 expect ${flag} stat ${n1} flags
44 jexpect 1 `pwd` EPERM -u 65533 -g 65533 chflags ${n1} UF_NODUMP
45 expect ${flag} stat ${n1} flags
46 jexpect 1 `pwd` EPERM -u 65534 -g 65534 chflags ${n1} UF_NODUMP
47 expect ${flag} stat ${n1} flags
49 expect 0 chflags ${n1} none
52 expect 0 mkfifo ${n1} 0644
53 expect 0 chown ${n1} 65534 65534
54 for flag in SF_IMMUTABLE SF_APPEND SF_NOUNLINK; do
55 expect 0 chflags ${n1} ${flag}
56 jexpect 1 `pwd` EPERM chflags ${n1} UF_NODUMP
57 expect ${flag} stat ${n1} flags
58 jexpect 1 `pwd` EPERM -u 65533 -g 65533 chflags ${n1} UF_NODUMP
59 expect ${flag} stat ${n1} flags
60 jexpect 1 `pwd` EPERM -u 65534 -g 65534 chflags ${n1} UF_NODUMP
61 expect ${flag} stat ${n1} flags
63 expect 0 chflags ${n1} none
66 expect 0 symlink ${n2} ${n1}
67 expect 0 lchown ${n1} 65534 65534
68 for flag in SF_IMMUTABLE SF_APPEND SF_NOUNLINK; do
69 expect 0 lchflags ${n1} ${flag}
70 jexpect 1 `pwd` EPERM lchflags ${n1} UF_NODUMP
71 expect ${flag} lstat ${n1} flags
72 jexpect 1 `pwd` EPERM -u 65533 -g 65533 lchflags ${n1} UF_NODUMP
73 expect ${flag} lstat ${n1} flags
74 jexpect 1 `pwd` EPERM -u 65534 -g 65534 lchflags ${n1} UF_NODUMP
75 expect ${flag} lstat ${n1} flags
77 expect 0 lchflags ${n1} none
80 sysctl security.jail.chflags_allowed=${old} >/dev/null