Code review comments from jeffpc

          --- old/usr/src/test/os-tests/tests/secflags/secflags_zonecfg.sh
          +++ new/usr/src/test/os-tests/tests/secflags/secflags_zonecfg.sh

   1    1  #! /usr/bin/ksh
   2    2  #
   3    3  #

   4    4  # This file and its contents are supplied under the terms of the
   5    5  # Common Development and Distribution License ("CDDL"), version 1.0.
   6    6  # You may only use this file in accordance with the terms of version
   7    7  # 1.0 of the CDDL.
   8    8  #
   9    9  # A full copy of the text of the CDDL should have accompanied this
  10   10  # source.  A copy of the CDDL is also available via the Internet at
  11   11  # http://www.illumos.org/license/CDDL.
  12   12  #
  13   13  
  14      -# Copyright 2015, Richald Lowe.
       14 +# Copyright 2015, Richard Lowe.
  15   15  
  16   16  # Verify that zones can be configured with security-flags
  17   17  LC_ALL=C                        # Collation is important
  18   18  
  19   19  expect_success() {
  20   20      name=$1
  21   21  
  22   22      (echo "create -b";
  23   23       echo "set zonepath=/$name.$$";
  24   24       cat /dev/stdin;

  25   25       echo "verify";
  26   26       echo "commit";
  27   27       echo "exit") | zonecfg -z $name.$$ > out.$$ 2>&1
  28   28  
  29   29      r=$?
  30   30  
  31   31      zonecfg -z $name.$$ delete -F
  32   32  
  33   33      if (($r != 0)); then
  34   34          printf "%s: FAIL\n" $name
  35   35          cat out.$$
  36   36          rm out.$$
  37   37          return 1 
  38   38      else
  39   39          rm out.$$
  40   40          printf  "%s: PASS\n" $name
  41   41          return 0
  42   42      fi
  43   43  }
  44   44  
  45   45  expect_fail() {
  46   46      name=$1
  47   47      expect=$2
  48   48  
  49   49      (echo "create -b";
  50   50       echo "set zonepath=/$name.$$";
  51   51       cat /dev/stdin;
  52   52       echo "verify";
  53   53       echo "commit";
  54   54       echo "exit") | zonecfg -z $name.$$ > out.$$ 2>&1
  55   55  
  56   56      r=$?
  57   57  
  58   58      # Ideally will fail, since we don't want the create to have succeeded.
  59   59      zonecfg -z $name.$$ delete -F >/dev/null 2>&1
  60   60  
  61   61  
  62   62      if (($r == 0)); then
  63   63          printf "%s: FAIL (succeeded)\n" $name
  64   64          rm out.$$
  65   65          return 1
  66   66      else
  67   67          grep -q "$expect" out.$$
  68   68          if (( $? != 0 )); then
  69   69              printf "%s: FAIL (error didn't match)\n" $name
  70   70              echo "Wanted:"
  71   71              echo "  $expect"
  72   72              echo "Got:"
  73   73              sed -e 's/^/  /' out.$$
  74   74              rm out.$$
  75   75              return 1;
  76   76          else
  77   77              rm out.$$
  78   78              printf  "%s: PASS\n" $name
  79   79              return 0
  80   80          fi
  81   81      fi
  82   82  }
  83   83  
  84   84  ret=0
  85   85  
  86   86  expect_success valid-full-config <<EOF
  87   87  add security-flags
  88   88  set lower=none
  89   89  set default=aslr
  90   90  set upper=all
  91   91  end
  92   92  EOF
  93   93  (( $? != 0 )) && ret=1
  94   94  
  95   95  expect_success valid-partial-config <<EOF
  96   96  add security-flags
  97   97  set default=aslr
  98   98  end
  99   99  EOF
 100  100  (( $? != 0 )) && ret=1
 101  101  
 102  102  expect_fail invalid-full-lower-gt-def "default secflags must be above the lower limit" <<EOF
 103  103  add security-flags
 104  104  set lower=aslr
 105  105  set default=none
 106  106  set upper=all
 107  107  end
 108  108  EOF
 109  109  (( $? != 0 )) && ret=1
 110  110  
 111  111  expect_fail invalid-partial-lower-gt-def "default secflags must be above the lower limit" <<EOF
 112  112  add security-flags
 113  113  set lower=aslr
 114  114  set default=none
 115  115  end
 116  116  EOF
 117  117  (( $? != 0 )) && ret=1
 118  118  
 119  119  expect_fail invalid-full-def-gt-upper "default secflags must be within the upper limit" <<EOF
 120  120  add security-flags
 121  121  set lower=none
 122  122  set default=all
 123  123  set upper=none
 124  124  end
 125  125  EOF
 126  126  (( $? != 0 )) && ret=1
 127  127  
 128  128  expect_fail invalid-partial-def-gt-upper "default secflags must be within the upper limit" <<EOF
 129  129  add security-flags
 130  130  set default=all
 131  131  set upper=none
 132  132  end
 133  133  EOF
 134  134  (( $? != 0 )) && ret=1
 135  135  
 136  136  expect_fail invalid-full-def-gt-upper "default secflags must be within the upper limit" <<EOF
 137  137  add security-flags
 138  138  set lower=none
 139  139  set default=all
 140  140  set upper=none
 141  141  end
 142  142  EOF
 143  143  (( $? != 0 )) && ret=1
 144  144  
 145  145  expect_fail invalid-partial-lower-gt-upper "lower secflags must be within the upper limit" <<EOF
 146  146  add security-flags
 147  147  set lower=all
 148  148  set upper=none
 149  149  end
 150  150  EOF
 151  151  (( $? != 0 )) && ret=1
 152  152  
 153  153  expect_fail invalid-parse-fail-def "default security flags 'fail' are invalid" <<EOF
 154  154  add security-flags
 155  155  set default=fail
 156  156  end
 157  157  EOF
 158  158  (( $? != 0 )) && ret=1
 159  159  
 160  160  expect_fail invalid-parse-fail-lower "lower security flags 'fail' are invalid" <<EOF
 161  161  add security-flags
 162  162  set lower=fail
 163  163  end
 164  164  EOF
 165  165  (( $? != 0 )) && ret=1
 166  166  
 167  167  expect_fail invalid-parse-fail-def "upper security flags 'fail' are invalid" <<EOF
 168  168  add security-flags
 169  169  set upper=fail
 170  170  end
 171  171  EOF
 172  172  (( $? != 0 )) && ret=1
 173  173  
 174  174  exit $ret

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX