4 desc="chflags returns EPERM when one of SF_IMMUTABLE, SF_APPEND, or SF_NOUNLINK is set and securelevel is greater than 0"
17 old=`sysctl -n security.jail.chflags_allowed`
18 sysctl security.jail.chflags_allowed=1 >/dev/null
20 expect 0 mkdir ${n0} 0755
24 for type in regular dir fifo block char socket symlink; do
25 if [ "${type}" != "symlink" ]; then
26 create_file ${type} ${n1}
27 expect 0 chown ${n1} 65534 65534
28 for flag in SF_IMMUTABLE SF_APPEND SF_NOUNLINK; do
29 expect 0 chflags ${n1} ${flag}
30 jexpect 1 `pwd` EPERM chflags ${n1} UF_NODUMP
31 expect ${flag} stat ${n1} flags
32 jexpect 1 `pwd` EPERM -u 65533 -g 65533 chflags ${n1} UF_NODUMP
33 expect ${flag} stat ${n1} flags
34 jexpect 1 `pwd` EPERM -u 65534 -g 65534 chflags ${n1} UF_NODUMP
35 expect ${flag} stat ${n1} flags
37 expect 0 chflags ${n1} none
38 if [ "${type}" = "dir" ]; then
45 create_file ${type} ${n1}
46 expect 0 lchown ${n1} 65534 65534
47 for flag in SF_IMMUTABLE SF_APPEND SF_NOUNLINK; do
48 expect 0 lchflags ${n1} ${flag}
49 jexpect 1 `pwd` EPERM lchflags ${n1} UF_NODUMP
50 expect ${flag} lstat ${n1} flags
51 jexpect 1 `pwd` EPERM -u 65533 -g 65533 lchflags ${n1} UF_NODUMP
52 expect ${flag} lstat ${n1} flags
53 jexpect 1 `pwd` EPERM -u 65534 -g 65534 lchflags ${n1} UF_NODUMP
54 expect ${flag} lstat ${n1} flags
56 expect 0 lchflags ${n1} none
57 if [ "${type}" = "dir" ]; then
64 sysctl security.jail.chflags_allowed=${old} >/dev/null