2
# $Id: unix_fd_server.sh 430 2007-03-08 21:23:17Z steve-beattie $
4
# Copyright (C) 2002-2005 Novell/SUSE
6
# This program is free software; you can redistribute it and/or
7
# modify it under the terms of the GNU General Public License as
8
# published by the Free Software Foundation, version 2 of the
13
# This tests passing a file descriptor over a unix domain socket. The server
14
# opens a socket, forks a client with it's own profile, passes the file
15
# descriptor to it over the socket, and sees what happens.
19
pwd=`cd $pwd ; /bin/pwd`
26
socket=${tmpdir}/unix_fd_test
27
fd_client=$PWD/unix_fd_client
31
# Content generated with:
32
# dd if=/dev/urandom bs=32 count=4 2> /dev/null | od -x | head -8 | sed -e 's/^[[:xdigit:]]\{7\}//g' -e 's/ //g'
34
aabcc2739c621194a00b6cb7875dcdeb
35
72f485a783219817c81c65f3e1b2bc80
36
4366ba09e881286c834e67b34ae6f186
37
ccc2c402fcc6e66d5cfaa0c68b94211c
38
163f7beeb9a320ab859189a82d695713
39
175797a8cf2e2435dd98551385e96d8f
40
05f82e8e0e146be0d4655d4681cb08b6
41
ed15ad1d4fb9959008589e589206ee13
44
# lets just be on the safe side
47
# PASS - unconfined client
49
genprofile $file:$okperm $socket:rw $fd_client:ux
51
runchecktest "fd passing; unconfined client" pass $file $socket $fd_client
56
# PASS - confined client, rw access to the file
58
genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$okperm $socket:rw
59
runchecktest "fd passing; confined client w/ rw" pass $file $socket $fd_client
63
# FAIL - confined client, w access to the file
65
genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$badperm $socket:rw
66
runchecktest "fd passing; confined client w/ w only" fail $file $socket $fd_client