4 sysctl security.mac.portacl >/dev/null 2>&1
6 echo "1..0 # SKIP MAC_PORTACL is unavailable."
18 [ "${proto}" = "udp" ] && udpflag="-u"
23 ( echo -n | su -m ${name} -c "nc ${udpflag} -o -l 127.0.0.1 $port" 2>&1 ) &
32 echo | nc ${udpflag} -o 127.0.0.1 $port >/dev/null 2>&1
36 "nc: Permission denied"*|"nc: Operation not permitted"*)
49 expect_without_rule=${1}
56 sysctl security.mac.portacl.rules= >/dev/null
57 out=`check_bind ${idtype} ${name} ${proto} ${port}`
58 if [ "${out}" = "${expect_without_rule}" ]; then
60 elif [ "${out}" = "ok" -o "${out}" = "fl" ]; then
61 echo "not ok ${ntest}"
63 echo "not ok ${ntest} # ${out}"
67 if [ "${idtype}" = "uid" ]; then
69 elif [ "${idtype}" = "gid" ]; then
74 sysctl security.mac.portacl.rules=${idtype}:${idstr}:${proto}:${port} >/dev/null
75 out=`check_bind ${idtype} ${name} ${proto} ${port}`
76 if [ "${out}" = "${expect_with_rule}" ]; then
78 elif [ "${out}" = "ok" -o "${out}" = "fl" ]; then
79 echo "not ok ${ntest}"
81 echo "not ok ${ntest} # ${out}"
85 sysctl security.mac.portacl.rules= >/dev/null
88 reserved_high=`sysctl -n net.inet.ip.portrange.reservedhigh`
89 suser_exempt=`sysctl -n security.mac.portacl.suser_exempt`
90 port_high=`sysctl -n security.mac.portacl.port_high`
93 sysctl -n net.inet.ip.portrange.reservedhigh=${reserved_high} >/dev/null
94 sysctl -n security.mac.portacl.suser_exempt=${suser_exempt} >/dev/null
95 sysctl -n security.mac.portacl.port_high=${port_high} >/dev/null