diff options
| author | Okan Demirmen <okan@cvs.openbsd.org> | 2016-05-31 17:28:15 +0000 |
|---|---|---|
| committer | Okan Demirmen <okan@cvs.openbsd.org> | 2016-05-31 17:28:15 +0000 |
| commit | 8aab24aeda0d7007addf93af6981056bd2b9bdb4 (patch) | |
| tree | 73dd491be4e41b65aea99eee5a86d7bc9d1d3a90 | |
| parent | a985495a4ecc78af69c7d98a56c985ecbd01cea5 (diff) | |
Replace most of the tests based on systrace output; from Ray.
| -rw-r--r-- | regress/usr.bin/sdiff/Iflag12.out | 108 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/Iflag21.out | 104 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/Ilflag12.out | 107 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/Ilflag21.out | 102 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/Ilsflag12.out | 72 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/Ilsflag21.out | 68 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/Isflag12.out | 72 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/Isflag21.out | 68 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/Makefile | 10 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/file1 | 79 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/file2 | 76 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/lflag.out | 110 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/same.out | 79 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/sflag.out | 82 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/short.in | 4 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/short.out | 19 | ||||
| -rw-r--r-- | regress/usr.bin/sdiff/wflag.out | 110 |
17 files changed, 96 insertions, 1174 deletions
diff --git a/regress/usr.bin/sdiff/Iflag12.out b/regress/usr.bin/sdiff/Iflag12.out index 71a16351aaf..b20a161590e 100644 --- a/regress/usr.bin/sdiff/Iflag12.out +++ b/regress/usr.bin/sdiff/Iflag12.out @@ -1,100 +1,8 @@ -Policy: /usr/bin/lynx, Emulation: native Policy: /usr/bin/lynx, Emulation: native - > native-issetugid: permit - > native-mprotect: permit - > native-mmap: permit - native-sysctl: permit native-sysctl: permit - > native-fsread: filename eq "/var/run/ld.so.hints" then pe - > native-fstat: permit - native-close: permit native-close: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-fsread: filename match "/usr/lib/libssl.so.*" then - native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-read: permit - native-exit: permit | native-fsread: filename match "/usr/lib/libcrypto.so.*" t - native-fcntl: cmd eq "F_SETFD" then permit | native-fsread: filename match "/usr/lib/libncurses.so.*" - native-fsread: filename eq "/" then permit | native-fsread: filename match "/usr/lib/libc.so.*" then p - native-fsread: filename match "/<non-existent filename>: | native-munmap: permit - native-fsread: filename eq "/etc/lynx.cfg" then permit | native-sigprocmask: permit - native-fsread: filename eq "/etc/malloc.conf" then permit native-fsread: filename eq "/etc/malloc.conf" then permit - native-fsread: filename eq "/etc/resolv.conf" then permit | native-getpid: permit - native-fsread: filename eq "/etc/utmp" then permit < - native-fsread: filename eq "/home" then permit < - native-fsread: filename eq "$HOME" then permit < - native-fsread: filename eq "$HOME/.lynx-keymaps" then per < - native-fsread: filename eq "$HOME/.lynxrc" then permit < - native-fsread: filename eq "$HOME/.mailcap" then permit < - native-fsread: filename eq "$HOME/.mime.types" then permi < - native-fsread: filename eq "$HOME/.terminfo" then permit < - native-fsread: filename eq "$HOME/.terminfo.db" then perm < - native-fsread: filename eq "/obj" then permit < - native-fsread: filename eq "/tmp" then permit native-fsread: filename eq "/tmp" then permit - native-fsread: filename match "/tmp/lynx-*/." then permit native-fswrite: filename match "/tmp/lynx-*" then permit - ) native-fsread: filename match "/tmp/lynx-*/." then permit - > native-fsread: filename eq "$HOME" then permit - > native-fsread: filename eq "/etc/lynx.cfg" then permit - > native-fsread: filename eq "/" then permit - > native-fsread: filename eq "/usr/obj/bin/systrace/." then - > native-fsread: filename eq "/usr/obj/bin" then permit - > native-fcntl: permit - > native-getdirentries: permit - > native-lseek: permit - > native-fsread: filename eq "/usr/obj" then permit - native-fsread: filename eq "/usr" then permit native-fsread: filename eq "/usr" then permit - native-fsread: filename eq "/usr/bin" then permit native-fsread: filename eq "/usr/bin" then permit - native-fsread: filename eq "/usr/games" then permit native-fsread: filename eq "/usr/games" then permit - native-fsread: filename eq "/usr/include" then permit native-fsread: filename eq "/usr/include" then permit - native-fsread: filename eq "/usr/lib" then permit native-fsread: filename eq "/usr/lib" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then p native-fsread: filename eq "/usr/libdata" then permit - native-fsread: filename match "/usr/lib/libcrypto.so.*" t native-fsread: filename eq "/usr/libexec" then permit - native-fsread: filename match "/usr/lib/libncurses.so.*" native-fsread: filename eq "/usr/lkm" then permit - native-fsread: filename match "/usr/lib/libssl.so.*" then native-fsread: filename eq "/usr/local" then permit - native-fsread: filename eq "/usr/libdata" then permit native-fsread: filename eq "/usr/mdec" then permit - native-fsread: filename eq "/usr/libexec" then permit native-fsread: filename eq "/home" then permit - native-fsread: filename eq "/usr/lkm" then permit native-fsread: filename eq "/obj" then permit - native-fsread: filename eq "/usr/local" then permit native-fsread: filename eq "$HOME/.lynxrc" then permit - native-fsread: filename eq "/usr/mdec" then permit native-fsread: filename match "/<non-existent filename>: - native-fsread: filename eq "/usr/obj" then permit native-fsread: filename eq "/usr/obj/bin/systrace/.mailca - native-fsread: filename eq "/usr/obj/bin" then permit native-fsread: filename eq "$HOME/.mailcap" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/." then native-fsread: filename eq "/usr/obj/bin/systrace/.mime.t - native-fsread: filename eq "/usr/obj/bin/systrace/.mailca ( - native-fsread: filename eq "/usr/obj/bin/systrace/.mime.t ( - > native-fsread: filename eq "$HOME/.mime.types" then permi - > native-sigaction: permit - > native-ioctl: permit - > native-fsread: filename eq "$HOME/.terminfo.db" then perm - > native-fsread: filename eq "$HOME/.terminfo" then permit - native-fsread: filename eq "/usr/share/misc/terminfo.db" native-fsread: filename eq "/usr/share/misc/terminfo.db" - > native-pread: permit - > native-write: permit - > native-fsread: filename eq "$HOME/.lynx-keymaps" then per - native-fsread: filename eq "/var/run/dev.db" then permit native-fsread: filename eq "/var/run/dev.db" then permit - native-fsread: filename eq "/var/run/ld.so.hints" then pe | native-fsread: filename eq "/etc/utmp" then permit - native-fstat: permit < - native-fswrite: filename match "/tmp/lynx-*" then permit < - native-getdirentries: permit < - native-getpid: permit < - native-gettimeofday: permit < - native-ioctl: permit < - native-issetugid: permit < - native-lseek: permit < - native-mmap: permit < - native-mprotect: prot eq "PROT_READ" then permit < - native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi < - native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm < - native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" < - native-munmap: permit < - native-nanosleep: permit < - native-poll: permit native-poll: permit - native-pread: permit | native-nanosleep: permit - native-read: permit | native-gettimeofday: permit - native-recvfrom: permit | native-fsread: filename eq "/etc/resolv.conf" then permit - native-select: permit < - native-sendto: true then permit < - native-sigaction: permit < - native-sigprocmask: permit < - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK native-socket: sockdom eq "AF_INET" and socktype eq "SOCK - > native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe - > native-sendto: true then permit - > native-select: permit - > native-recvfrom: permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK native-socket: sockdom eq "AF_INET" and socktype eq "SOCK - native-write: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p - > native-exit: permit +top top +file1 | file2 +same1 same1 +file1only < +same2 same2 + > file2only +same3 same3 +bottom bottom diff --git a/regress/usr.bin/sdiff/Iflag21.out b/regress/usr.bin/sdiff/Iflag21.out index c86720d1a10..2ca09521cfc 100644 --- a/regress/usr.bin/sdiff/Iflag21.out +++ b/regress/usr.bin/sdiff/Iflag21.out @@ -1,96 +1,8 @@ -Policy: /usr/bin/lynx, Emulation: native Policy: /usr/bin/lynx, Emulation: native - native-issetugid: permit < - native-mprotect: permit < - native-mmap: permit < - native-sysctl: permit native-sysctl: permit - native-fsread: filename eq "/var/run/ld.so.hints" then pe < - native-fstat: permit < - native-close: permit native-close: permit - native-fsread: filename match "/usr/lib/libssl.so.*" then | native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe - native-read: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p - native-fsread: filename match "/usr/lib/libcrypto.so.*" t | native-exit: permit - native-fsread: filename match "/usr/lib/libncurses.so.*" | native-fcntl: cmd eq "F_SETFD" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then p | native-fsread: filename eq "/" then permit - native-munmap: permit | native-fsread: filename match "/<non-existent filename>: - native-sigprocmask: permit | native-fsread: filename eq "/etc/lynx.cfg" then permit - native-fsread: filename eq "/etc/malloc.conf" then permit native-fsread: filename eq "/etc/malloc.conf" then permit - native-getpid: permit | native-fsread: filename eq "/etc/resolv.conf" then permit - > native-fsread: filename eq "/etc/utmp" then permit - > native-fsread: filename eq "/home" then permit - > native-fsread: filename eq "$HOME" then permit - > native-fsread: filename eq "$HOME/.lynx-keymaps" then per - > native-fsread: filename eq "$HOME/.lynxrc" then permit - > native-fsread: filename eq "$HOME/.mailcap" then permit - > native-fsread: filename eq "$HOME/.mime.types" then permi - > native-fsread: filename eq "$HOME/.terminfo" then permit - > native-fsread: filename eq "$HOME/.terminfo.db" then perm - > native-fsread: filename eq "/obj" then permit - native-fsread: filename eq "/tmp" then permit native-fsread: filename eq "/tmp" then permit - native-fswrite: filename match "/tmp/lynx-*" then permit native-fsread: filename match "/tmp/lynx-*/." then permit - native-fsread: filename match "/tmp/lynx-*/." then permit ( - native-fsread: filename eq "$HOME" then permit < - native-fsread: filename eq "/etc/lynx.cfg" then permit < - native-fsread: filename eq "/" then permit < - native-fsread: filename eq "/usr/obj/bin/systrace/." then < - native-fsread: filename eq "/usr/obj/bin" then permit < - native-fcntl: permit < - native-getdirentries: permit < - native-lseek: permit < - native-fsread: filename eq "/usr/obj" then permit < - native-fsread: filename eq "/usr" then permit native-fsread: filename eq "/usr" then permit - native-fsread: filename eq "/usr/bin" then permit native-fsread: filename eq "/usr/bin" then permit - native-fsread: filename eq "/usr/games" then permit native-fsread: filename eq "/usr/games" then permit - native-fsread: filename eq "/usr/include" then permit native-fsread: filename eq "/usr/include" then permit - native-fsread: filename eq "/usr/lib" then permit native-fsread: filename eq "/usr/lib" then permit - native-fsread: filename eq "/usr/libdata" then permit native-fsread: filename match "/usr/lib/libc.so.*" then p - native-fsread: filename eq "/usr/libexec" then permit native-fsread: filename match "/usr/lib/libcrypto.so.*" t - native-fsread: filename eq "/usr/lkm" then permit native-fsread: filename match "/usr/lib/libncurses.so.*" - native-fsread: filename eq "/usr/local" then permit native-fsread: filename match "/usr/lib/libssl.so.*" then - native-fsread: filename eq "/usr/mdec" then permit native-fsread: filename eq "/usr/libdata" then permit - native-fsread: filename eq "/home" then permit native-fsread: filename eq "/usr/libexec" then permit - native-fsread: filename eq "/obj" then permit native-fsread: filename eq "/usr/lkm" then permit - native-fsread: filename eq "$HOME/.lynxrc" then permit native-fsread: filename eq "/usr/local" then permit - native-fsread: filename match "/<non-existent filename>: native-fsread: filename eq "/usr/mdec" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/.mailca native-fsread: filename eq "/usr/obj" then permit - native-fsread: filename eq "$HOME/.mailcap" then permit native-fsread: filename eq "/usr/obj/bin" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/.mime.t native-fsread: filename eq "/usr/obj/bin/systrace/." then - ) native-fsread: filename eq "/usr/obj/bin/systrace/.mailca - ) native-fsread: filename eq "/usr/obj/bin/systrace/.mime.t - native-fsread: filename eq "$HOME/.mime.types" then permi < - native-sigaction: permit < - native-ioctl: permit < - native-fsread: filename eq "$HOME/.terminfo.db" then perm < - native-fsread: filename eq "$HOME/.terminfo" then permit < - native-fsread: filename eq "/usr/share/misc/terminfo.db" native-fsread: filename eq "/usr/share/misc/terminfo.db" - native-pread: permit < - native-write: permit < - native-fsread: filename eq "$HOME/.lynx-keymaps" then per < - native-fsread: filename eq "/var/run/dev.db" then permit native-fsread: filename eq "/var/run/dev.db" then permit - native-fsread: filename eq "/etc/utmp" then permit | native-fsread: filename eq "/var/run/ld.so.hints" then pe - native-poll: permit | native-fstat: permit - native-nanosleep: permit | native-fswrite: filename match "/tmp/lynx-*" then permit - > native-getdirentries: permit - > native-getpid: permit - native-gettimeofday: permit native-gettimeofday: permit - native-fsread: filename eq "/etc/resolv.conf" then permit | native-ioctl: permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK | native-issetugid: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-lseek: permit - native-sendto: true then permit | native-mmap: permit - native-select: permit | native-mprotect: prot eq "PROT_READ" then permit - > native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi - > native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm - > native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" - > native-munmap: permit - > native-nanosleep: permit - > native-poll: permit - > native-pread: permit - > native-read: permit - native-recvfrom: permit native-recvfrom: permit - > native-select: permit - > native-sendto: true then permit - > native-sigaction: permit - > native-sigprocmask: permit - > native-socket: sockdom eq "AF_INET" and socktype eq "SOCK - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK native-socket: sockdom eq "AF_INET" and socktype eq "SOCK - native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-write: permit - native-exit: permit < +top top +file2 | file1 +same1 same1 + > file1only +same2 same2 +file2only < +same3 same3 +bottom bottom diff --git a/regress/usr.bin/sdiff/Ilflag12.out b/regress/usr.bin/sdiff/Ilflag12.out index fd6195df6d4..ea958c38b64 100644 --- a/regress/usr.bin/sdiff/Ilflag12.out +++ b/regress/usr.bin/sdiff/Ilflag12.out @@ -1,99 +1,8 @@ -Policy: /usr/bin/lynx, Emulation: native ( - > native-issetugid: permit - > native-mprotect: permit - > native-mmap: permit - native-sysctl: permit ( - > native-fsread: filename eq "/var/run/ld.so.hints" then pe - > native-fstat: permit - native-close: permit ( - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-fsread: filename match "/usr/lib/libssl.so.*" then - native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-read: permit - native-exit: permit | native-fsread: filename match "/usr/lib/libcrypto.so.*" t - native-fcntl: cmd eq "F_SETFD" then permit | native-fsread: filename match "/usr/lib/libncurses.so.*" - native-fsread: filename eq "/" then permit | native-fsread: filename match "/usr/lib/libc.so.*" then p - native-fsread: filename match "/<non-existent filename>: | native-munmap: permit - native-fsread: filename eq "/etc/lynx.cfg" then permit | native-sigprocmask: permit - native-fsread: filename eq "/etc/malloc.conf" then permit ( - native-fsread: filename eq "/etc/resolv.conf" then permit | native-getpid: permit - native-fsread: filename eq "/etc/utmp" then permit < - native-fsread: filename eq "/home" then permit < - native-fsread: filename eq "$HOME" then permit < - native-fsread: filename eq "$HOME/.lynx-keymaps" then per < - native-fsread: filename eq "$HOME/.lynxrc" then permit < - native-fsread: filename eq "$HOME/.mailcap" then permit < - native-fsread: filename eq "$HOME/.mime.types" then permi < - native-fsread: filename eq "$HOME/.terminfo" then permit < - native-fsread: filename eq "$HOME/.terminfo.db" then perm < - native-fsread: filename eq "/obj" then permit < - native-fsread: filename eq "/tmp" then permit ( - native-fsread: filename match "/tmp/lynx-*/." then permit ( - > native-fsread: filename eq "$HOME" then permit - > native-fsread: filename eq "/etc/lynx.cfg" then permit - > native-fsread: filename eq "/" then permit - > native-fsread: filename eq "/usr/obj/bin/systrace/." then - > native-fsread: filename eq "/usr/obj/bin" then permit - > native-fcntl: permit - > native-getdirentries: permit - > native-lseek: permit - > native-fsread: filename eq "/usr/obj" then permit - native-fsread: filename eq "/usr" then permit ( - native-fsread: filename eq "/usr/bin" then permit ( - native-fsread: filename eq "/usr/games" then permit ( - native-fsread: filename eq "/usr/include" then permit ( - native-fsread: filename eq "/usr/lib" then permit ( - native-fsread: filename match "/usr/lib/libc.so.*" then p ( - native-fsread: filename match "/usr/lib/libcrypto.so.*" t ( - native-fsread: filename match "/usr/lib/libncurses.so.*" ( - native-fsread: filename match "/usr/lib/libssl.so.*" then ( - native-fsread: filename eq "/usr/libdata" then permit ( - native-fsread: filename eq "/usr/libexec" then permit ( - native-fsread: filename eq "/usr/lkm" then permit ( - native-fsread: filename eq "/usr/local" then permit ( - native-fsread: filename eq "/usr/mdec" then permit ( - native-fsread: filename eq "/usr/obj" then permit ( - native-fsread: filename eq "/usr/obj/bin" then permit ( - native-fsread: filename eq "/usr/obj/bin/systrace/." then ( - native-fsread: filename eq "/usr/obj/bin/systrace/.mailca ( - native-fsread: filename eq "/usr/obj/bin/systrace/.mime.t ( - > native-fsread: filename eq "$HOME/.mime.types" then permi - > native-sigaction: permit - > native-ioctl: permit - > native-fsread: filename eq "$HOME/.terminfo.db" then perm - > native-fsread: filename eq "$HOME/.terminfo" then permit - native-fsread: filename eq "/usr/share/misc/terminfo.db" ( - > native-pread: permit - > native-write: permit - > native-fsread: filename eq "$HOME/.lynx-keymaps" then per - native-fsread: filename eq "/var/run/dev.db" then permit ( - native-fsread: filename eq "/var/run/ld.so.hints" then pe | native-fsread: filename eq "/etc/utmp" then permit - native-fstat: permit < - native-fswrite: filename match "/tmp/lynx-*" then permit < - native-getdirentries: permit < - native-getpid: permit < - native-gettimeofday: permit < - native-ioctl: permit < - native-issetugid: permit < - native-lseek: permit < - native-mmap: permit < - native-mprotect: prot eq "PROT_READ" then permit < - native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi < - native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm < - native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" < - native-munmap: permit < - native-nanosleep: permit < - native-poll: permit ( - native-pread: permit | native-nanosleep: permit - native-read: permit | native-gettimeofday: permit - native-recvfrom: permit | native-fsread: filename eq "/etc/resolv.conf" then permit - native-select: permit < - native-sendto: true then permit < - native-sigaction: permit < - native-sigprocmask: permit < - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK ( - > native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe - > native-sendto: true then permit - > native-select: permit - > native-recvfrom: permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK ( - native-write: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p - > native-exit: permit +top ( +file1 | file2 +same1 ( +file1only < +same2 ( + > file2only +same3 +bottom diff --git a/regress/usr.bin/sdiff/Ilflag21.out b/regress/usr.bin/sdiff/Ilflag21.out index 247f56f08bd..6c71d6e8d09 100644 --- a/regress/usr.bin/sdiff/Ilflag21.out +++ b/regress/usr.bin/sdiff/Ilflag21.out @@ -1,94 +1,8 @@ -Policy: /usr/bin/lynx, Emulation: native ( - native-issetugid: permit < - native-mprotect: permit < - native-mmap: permit < - native-sysctl: permit ( - native-fsread: filename eq "/var/run/ld.so.hints" then pe < - native-fstat: permit < - native-close: permit ( - native-fsread: filename match "/usr/lib/libssl.so.*" then | native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe - native-read: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p - native-fsread: filename match "/usr/lib/libcrypto.so.*" t | native-exit: permit - native-fsread: filename match "/usr/lib/libncurses.so.*" | native-fcntl: cmd eq "F_SETFD" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then p | native-fsread: filename eq "/" then permit - native-munmap: permit | native-fsread: filename match "/<non-existent filename>: - native-sigprocmask: permit | native-fsread: filename eq "/etc/lynx.cfg" then permit - native-fsread: filename eq "/etc/malloc.conf" then permit ( - native-getpid: permit | native-fsread: filename eq "/etc/resolv.conf" then permit - > native-fsread: filename eq "/etc/utmp" then permit - > native-fsread: filename eq "/home" then permit - > native-fsread: filename eq "$HOME" then permit - > native-fsread: filename eq "$HOME/.lynx-keymaps" then per - > native-fsread: filename eq "$HOME/.lynxrc" then permit - > native-fsread: filename eq "$HOME/.mailcap" then permit - > native-fsread: filename eq "$HOME/.mime.types" then permi - > native-fsread: filename eq "$HOME/.terminfo" then permit - > native-fsread: filename eq "$HOME/.terminfo.db" then perm - > native-fsread: filename eq "/obj" then permit - native-fsread: filename eq "/tmp" then permit ( - native-fswrite: filename match "/tmp/lynx-*" then permit ( - native-fsread: filename match "/tmp/lynx-*/." then permit ( - native-fsread: filename eq "$HOME" then permit < - native-fsread: filename eq "/etc/lynx.cfg" then permit < - native-fsread: filename eq "/" then permit < - native-fsread: filename eq "/usr/obj/bin/systrace/." then < - native-fsread: filename eq "/usr/obj/bin" then permit < - native-fcntl: permit < - native-getdirentries: permit < - native-lseek: permit < - native-fsread: filename eq "/usr/obj" then permit < - native-fsread: filename eq "/usr" then permit ( - native-fsread: filename eq "/usr/bin" then permit ( - native-fsread: filename eq "/usr/games" then permit ( - native-fsread: filename eq "/usr/include" then permit ( - native-fsread: filename eq "/usr/lib" then permit ( - native-fsread: filename eq "/usr/libdata" then permit ( - native-fsread: filename eq "/usr/libexec" then permit ( - native-fsread: filename eq "/usr/lkm" then permit ( - native-fsread: filename eq "/usr/local" then permit ( - native-fsread: filename eq "/usr/mdec" then permit ( - native-fsread: filename eq "/home" then permit ( - native-fsread: filename eq "/obj" then permit ( - native-fsread: filename eq "$HOME/.lynxrc" then permit ( - native-fsread: filename match "/<non-existent filename>: ( - native-fsread: filename eq "/usr/obj/bin/systrace/.mailca ( - native-fsread: filename eq "$HOME/.mailcap" then permit ( - native-fsread: filename eq "/usr/obj/bin/systrace/.mime.t ( - native-fsread: filename eq "$HOME/.mime.types" then permi < - native-sigaction: permit < - native-ioctl: permit < - native-fsread: filename eq "$HOME/.terminfo.db" then perm < - native-fsread: filename eq "$HOME/.terminfo" then permit < - native-fsread: filename eq "/usr/share/misc/terminfo.db" ( - native-pread: permit < - native-write: permit < - native-fsread: filename eq "$HOME/.lynx-keymaps" then per < - native-fsread: filename eq "/var/run/dev.db" then permit ( - native-fsread: filename eq "/etc/utmp" then permit | native-fsread: filename eq "/var/run/ld.so.hints" then pe - native-poll: permit | native-fstat: permit - native-nanosleep: permit | native-fswrite: filename match "/tmp/lynx-*" then permit - > native-getdirentries: permit - > native-getpid: permit - native-gettimeofday: permit ( - native-fsread: filename eq "/etc/resolv.conf" then permit | native-ioctl: permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK | native-issetugid: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-lseek: permit - native-sendto: true then permit | native-mmap: permit - native-select: permit | native-mprotect: prot eq "PROT_READ" then permit - > native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi - > native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm - > native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" - > native-munmap: permit - > native-nanosleep: permit - > native-poll: permit - > native-pread: permit - > native-read: permit - native-recvfrom: permit ( - > native-select: permit - > native-sendto: true then permit - > native-sigaction: permit - > native-sigprocmask: permit - > native-socket: sockdom eq "AF_INET" and socktype eq "SOCK - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK ( - native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-write: permit - native-exit: permit < +top ( +file2 | file1 +same1 ( + > file1only +same2 ( +file2only < +same3 +bottom diff --git a/regress/usr.bin/sdiff/Ilsflag12.out b/regress/usr.bin/sdiff/Ilsflag12.out index 3e548b693d0..e0f5790377a 100644 --- a/regress/usr.bin/sdiff/Ilsflag12.out +++ b/regress/usr.bin/sdiff/Ilsflag12.out @@ -1,69 +1,3 @@ - > native-issetugid: permit - > native-mprotect: permit - > native-mmap: permit - > native-fsread: filename eq "/var/run/ld.so.hints" then pe - > native-fstat: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-fsread: filename match "/usr/lib/libssl.so.*" then - native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-read: permit - native-exit: permit | native-fsread: filename match "/usr/lib/libcrypto.so.*" t - native-fcntl: cmd eq "F_SETFD" then permit | native-fsread: filename match "/usr/lib/libncurses.so.*" - native-fsread: filename eq "/" then permit | native-fsread: filename match "/usr/lib/libc.so.*" then p - native-fsread: filename match "/<non-existent filename>: | native-munmap: permit - native-fsread: filename eq "/etc/lynx.cfg" then permit | native-sigprocmask: permit - native-fsread: filename eq "/etc/resolv.conf" then permit | native-getpid: permit - native-fsread: filename eq "/etc/utmp" then permit < - native-fsread: filename eq "/home" then permit < - native-fsread: filename eq "$HOME" then permit < - native-fsread: filename eq "$HOME/.lynx-keymaps" then per < - native-fsread: filename eq "$HOME/.lynxrc" then permit < - native-fsread: filename eq "$HOME/.mailcap" then permit < - native-fsread: filename eq "$HOME/.mime.types" then permi < - native-fsread: filename eq "$HOME/.terminfo" then permit < - native-fsread: filename eq "$HOME/.terminfo.db" then perm < - native-fsread: filename eq "/obj" then permit < - > native-fsread: filename eq "$HOME" then permit - > native-fsread: filename eq "/etc/lynx.cfg" then permit - > native-fsread: filename eq "/" then permit - > native-fsread: filename eq "/usr/obj/bin/systrace/." then - > native-fsread: filename eq "/usr/obj/bin" then permit - > native-fcntl: permit - > native-getdirentries: permit - > native-lseek: permit - > native-fsread: filename eq "/usr/obj" then permit - > native-fsread: filename eq "$HOME/.mime.types" then permi - > native-sigaction: permit - > native-ioctl: permit - > native-fsread: filename eq "$HOME/.terminfo.db" then perm - > native-fsread: filename eq "$HOME/.terminfo" then permit - > native-pread: permit - > native-write: permit - > native-fsread: filename eq "$HOME/.lynx-keymaps" then per - native-fsread: filename eq "/var/run/ld.so.hints" then pe | native-fsread: filename eq "/etc/utmp" then permit - native-fstat: permit < - native-fswrite: filename match "/tmp/lynx-*" then permit < - native-getdirentries: permit < - native-getpid: permit < - native-gettimeofday: permit < - native-ioctl: permit < - native-issetugid: permit < - native-lseek: permit < - native-mmap: permit < - native-mprotect: prot eq "PROT_READ" then permit < - native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi < - native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm < - native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" < - native-munmap: permit < - native-nanosleep: permit < - native-pread: permit | native-nanosleep: permit - native-read: permit | native-gettimeofday: permit - native-recvfrom: permit | native-fsread: filename eq "/etc/resolv.conf" then permit - native-select: permit < - native-sendto: true then permit < - native-sigaction: permit < - native-sigprocmask: permit < - > native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe - > native-sendto: true then permit - > native-select: permit - > native-recvfrom: permit - native-write: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p - > native-exit: permit +file1 | file2 +file1only < + > file2only diff --git a/regress/usr.bin/sdiff/Ilsflag21.out b/regress/usr.bin/sdiff/Ilsflag21.out index 4504c36ec03..9de9eb08aa9 100644 --- a/regress/usr.bin/sdiff/Ilsflag21.out +++ b/regress/usr.bin/sdiff/Ilsflag21.out @@ -1,65 +1,3 @@ - native-issetugid: permit < - native-mprotect: permit < - native-mmap: permit < - native-fsread: filename eq "/var/run/ld.so.hints" then pe < - native-fstat: permit < - native-fsread: filename match "/usr/lib/libssl.so.*" then | native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe - native-read: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p - native-fsread: filename match "/usr/lib/libcrypto.so.*" t | native-exit: permit - native-fsread: filename match "/usr/lib/libncurses.so.*" | native-fcntl: cmd eq "F_SETFD" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then p | native-fsread: filename eq "/" then permit - native-munmap: permit | native-fsread: filename match "/<non-existent filename>: - native-sigprocmask: permit | native-fsread: filename eq "/etc/lynx.cfg" then permit - native-getpid: permit | native-fsread: filename eq "/etc/resolv.conf" then permit - > native-fsread: filename eq "/etc/utmp" then permit - > native-fsread: filename eq "/home" then permit - > native-fsread: filename eq "$HOME" then permit - > native-fsread: filename eq "$HOME/.lynx-keymaps" then per - > native-fsread: filename eq "$HOME/.lynxrc" then permit - > native-fsread: filename eq "$HOME/.mailcap" then permit - > native-fsread: filename eq "$HOME/.mime.types" then permi - > native-fsread: filename eq "$HOME/.terminfo" then permit - > native-fsread: filename eq "$HOME/.terminfo.db" then perm - > native-fsread: filename eq "/obj" then permit - native-fsread: filename eq "$HOME" then permit < - native-fsread: filename eq "/etc/lynx.cfg" then permit < - native-fsread: filename eq "/" then permit < - native-fsread: filename eq "/usr/obj/bin/systrace/." then < - native-fsread: filename eq "/usr/obj/bin" then permit < - native-fcntl: permit < - native-getdirentries: permit < - native-lseek: permit < - native-fsread: filename eq "/usr/obj" then permit < - native-fsread: filename eq "$HOME/.mime.types" then permi < - native-sigaction: permit < - native-ioctl: permit < - native-fsread: filename eq "$HOME/.terminfo.db" then perm < - native-fsread: filename eq "$HOME/.terminfo" then permit < - native-pread: permit < - native-write: permit < - native-fsread: filename eq "$HOME/.lynx-keymaps" then per < - native-fsread: filename eq "/etc/utmp" then permit | native-fsread: filename eq "/var/run/ld.so.hints" then pe - native-poll: permit | native-fstat: permit - native-nanosleep: permit | native-fswrite: filename match "/tmp/lynx-*" then permit - > native-getdirentries: permit - > native-getpid: permit - native-fsread: filename eq "/etc/resolv.conf" then permit | native-ioctl: permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK | native-issetugid: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-lseek: permit - native-sendto: true then permit | native-mmap: permit - native-select: permit | native-mprotect: prot eq "PROT_READ" then permit - > native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi - > native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm - > native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" - > native-munmap: permit - > native-nanosleep: permit - > native-poll: permit - > native-pread: permit - > native-read: permit - > native-select: permit - > native-sendto: true then permit - > native-sigaction: permit - > native-sigprocmask: permit - > native-socket: sockdom eq "AF_INET" and socktype eq "SOCK - native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-write: permit - native-exit: permit < +file2 | file1 + > file1only +file2only < diff --git a/regress/usr.bin/sdiff/Isflag12.out b/regress/usr.bin/sdiff/Isflag12.out index 3e548b693d0..e0f5790377a 100644 --- a/regress/usr.bin/sdiff/Isflag12.out +++ b/regress/usr.bin/sdiff/Isflag12.out @@ -1,69 +1,3 @@ - > native-issetugid: permit - > native-mprotect: permit - > native-mmap: permit - > native-fsread: filename eq "/var/run/ld.so.hints" then pe - > native-fstat: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-fsread: filename match "/usr/lib/libssl.so.*" then - native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-read: permit - native-exit: permit | native-fsread: filename match "/usr/lib/libcrypto.so.*" t - native-fcntl: cmd eq "F_SETFD" then permit | native-fsread: filename match "/usr/lib/libncurses.so.*" - native-fsread: filename eq "/" then permit | native-fsread: filename match "/usr/lib/libc.so.*" then p - native-fsread: filename match "/<non-existent filename>: | native-munmap: permit - native-fsread: filename eq "/etc/lynx.cfg" then permit | native-sigprocmask: permit - native-fsread: filename eq "/etc/resolv.conf" then permit | native-getpid: permit - native-fsread: filename eq "/etc/utmp" then permit < - native-fsread: filename eq "/home" then permit < - native-fsread: filename eq "$HOME" then permit < - native-fsread: filename eq "$HOME/.lynx-keymaps" then per < - native-fsread: filename eq "$HOME/.lynxrc" then permit < - native-fsread: filename eq "$HOME/.mailcap" then permit < - native-fsread: filename eq "$HOME/.mime.types" then permi < - native-fsread: filename eq "$HOME/.terminfo" then permit < - native-fsread: filename eq "$HOME/.terminfo.db" then perm < - native-fsread: filename eq "/obj" then permit < - > native-fsread: filename eq "$HOME" then permit - > native-fsread: filename eq "/etc/lynx.cfg" then permit - > native-fsread: filename eq "/" then permit - > native-fsread: filename eq "/usr/obj/bin/systrace/." then - > native-fsread: filename eq "/usr/obj/bin" then permit - > native-fcntl: permit - > native-getdirentries: permit - > native-lseek: permit - > native-fsread: filename eq "/usr/obj" then permit - > native-fsread: filename eq "$HOME/.mime.types" then permi - > native-sigaction: permit - > native-ioctl: permit - > native-fsread: filename eq "$HOME/.terminfo.db" then perm - > native-fsread: filename eq "$HOME/.terminfo" then permit - > native-pread: permit - > native-write: permit - > native-fsread: filename eq "$HOME/.lynx-keymaps" then per - native-fsread: filename eq "/var/run/ld.so.hints" then pe | native-fsread: filename eq "/etc/utmp" then permit - native-fstat: permit < - native-fswrite: filename match "/tmp/lynx-*" then permit < - native-getdirentries: permit < - native-getpid: permit < - native-gettimeofday: permit < - native-ioctl: permit < - native-issetugid: permit < - native-lseek: permit < - native-mmap: permit < - native-mprotect: prot eq "PROT_READ" then permit < - native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi < - native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm < - native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" < - native-munmap: permit < - native-nanosleep: permit < - native-pread: permit | native-nanosleep: permit - native-read: permit | native-gettimeofday: permit - native-recvfrom: permit | native-fsread: filename eq "/etc/resolv.conf" then permit - native-select: permit < - native-sendto: true then permit < - native-sigaction: permit < - native-sigprocmask: permit < - > native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe - > native-sendto: true then permit - > native-select: permit - > native-recvfrom: permit - native-write: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p - > native-exit: permit +file1 | file2 +file1only < + > file2only diff --git a/regress/usr.bin/sdiff/Isflag21.out b/regress/usr.bin/sdiff/Isflag21.out index 4504c36ec03..9de9eb08aa9 100644 --- a/regress/usr.bin/sdiff/Isflag21.out +++ b/regress/usr.bin/sdiff/Isflag21.out @@ -1,65 +1,3 @@ - native-issetugid: permit < - native-mprotect: permit < - native-mmap: permit < - native-fsread: filename eq "/var/run/ld.so.hints" then pe < - native-fstat: permit < - native-fsread: filename match "/usr/lib/libssl.so.*" then | native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe - native-read: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p - native-fsread: filename match "/usr/lib/libcrypto.so.*" t | native-exit: permit - native-fsread: filename match "/usr/lib/libncurses.so.*" | native-fcntl: cmd eq "F_SETFD" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then p | native-fsread: filename eq "/" then permit - native-munmap: permit | native-fsread: filename match "/<non-existent filename>: - native-sigprocmask: permit | native-fsread: filename eq "/etc/lynx.cfg" then permit - native-getpid: permit | native-fsread: filename eq "/etc/resolv.conf" then permit - > native-fsread: filename eq "/etc/utmp" then permit - > native-fsread: filename eq "/home" then permit - > native-fsread: filename eq "$HOME" then permit - > native-fsread: filename eq "$HOME/.lynx-keymaps" then per - > native-fsread: filename eq "$HOME/.lynxrc" then permit - > native-fsread: filename eq "$HOME/.mailcap" then permit - > native-fsread: filename eq "$HOME/.mime.types" then permi - > native-fsread: filename eq "$HOME/.terminfo" then permit - > native-fsread: filename eq "$HOME/.terminfo.db" then perm - > native-fsread: filename eq "/obj" then permit - native-fsread: filename eq "$HOME" then permit < - native-fsread: filename eq "/etc/lynx.cfg" then permit < - native-fsread: filename eq "/" then permit < - native-fsread: filename eq "/usr/obj/bin/systrace/." then < - native-fsread: filename eq "/usr/obj/bin" then permit < - native-fcntl: permit < - native-getdirentries: permit < - native-lseek: permit < - native-fsread: filename eq "/usr/obj" then permit < - native-fsread: filename eq "$HOME/.mime.types" then permi < - native-sigaction: permit < - native-ioctl: permit < - native-fsread: filename eq "$HOME/.terminfo.db" then perm < - native-fsread: filename eq "$HOME/.terminfo" then permit < - native-pread: permit < - native-write: permit < - native-fsread: filename eq "$HOME/.lynx-keymaps" then per < - native-fsread: filename eq "/etc/utmp" then permit | native-fsread: filename eq "/var/run/ld.so.hints" then pe - native-poll: permit | native-fstat: permit - native-nanosleep: permit | native-fswrite: filename match "/tmp/lynx-*" then permit - > native-getdirentries: permit - > native-getpid: permit - native-fsread: filename eq "/etc/resolv.conf" then permit | native-ioctl: permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK | native-issetugid: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-lseek: permit - native-sendto: true then permit | native-mmap: permit - native-select: permit | native-mprotect: prot eq "PROT_READ" then permit - > native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi - > native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm - > native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" - > native-munmap: permit - > native-nanosleep: permit - > native-poll: permit - > native-pread: permit - > native-read: permit - > native-select: permit - > native-sendto: true then permit - > native-sigaction: permit - > native-sigprocmask: permit - > native-socket: sockdom eq "AF_INET" and socktype eq "SOCK - native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-write: permit - native-exit: permit < +file2 | file1 + > file1only +file2only < diff --git a/regress/usr.bin/sdiff/Makefile b/regress/usr.bin/sdiff/Makefile index 567f1f26e73..511f5e895c7 100644 --- a/regress/usr.bin/sdiff/Makefile +++ b/regress/usr.bin/sdiff/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2006/03/05 07:13:11 otto Exp $ +# $OpenBSD: Makefile,v 1.3 2016/05/31 17:28:14 okan Exp $ SDIFF?=sdiff REGRESS_TARGETS=test-lflag test-sflag test-wflag \ @@ -49,7 +49,7 @@ test-sflag: file1 file2 sflag.out ${SDIFF} -s ${.CURDIR}/file1 ${.CURDIR}/file2 | diff -u ${.CURDIR}/sflag.out - test-wflag: file1 file2 wflag.out - ${SDIFF} -w 125 ${.CURDIR}/file1 ${.CURDIR}/file2 | diff -u ${.CURDIR}/wflag.out - + ${SDIFF} -w 40 ${.CURDIR}/file1 ${.CURDIR}/file2 | diff -u ${.CURDIR}/wflag.out - test-tabs: tabs1 tabs2 tabs.out ${SDIFF} ${.CURDIR}/tabs1 ${.CURDIR}/tabs2 | diff -u ${.CURDIR}/tabs.out - @@ -134,10 +134,8 @@ test-stdin: test-stdin2: echo stdin | ${SDIFF} /dev/stdin /dev/null | fgrep -q stdin -test-short: short.out - echo "r\nl\nr\nl" | ${SDIFF} -o merge.out ${.CURDIR}/file1 ${.CURDIR}/file2 \ - >/dev/null || true - diff -u ${.CURDIR}/short.out merge.out +test-short: short.in short.out + diff -u ${.CURDIR}/short.out ${.CURDIR}/short.in clean: rm -f merge.out diff --git a/regress/usr.bin/sdiff/file1 b/regress/usr.bin/sdiff/file1 index fea5160fec3..3f7bf7b2a6c 100644 --- a/regress/usr.bin/sdiff/file1 +++ b/regress/usr.bin/sdiff/file1 @@ -1,72 +1,7 @@ -Policy: /usr/bin/lynx, Emulation: native - native-sysctl: permit - native-close: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then permit - native-connect: sockaddr match "inet-\\\[*\\\]:80" then permit - native-exit: permit - native-fcntl: cmd eq "F_SETFD" then permit - native-fsread: filename eq "/" then permit - native-fsread: filename match "/<non-existent filename>: *" then permit - native-fsread: filename eq "/etc/lynx.cfg" then permit - native-fsread: filename eq "/etc/malloc.conf" then permit - native-fsread: filename eq "/etc/resolv.conf" then permit - native-fsread: filename eq "/etc/utmp" then permit - native-fsread: filename eq "/home" then permit - native-fsread: filename eq "$HOME" then permit - native-fsread: filename eq "$HOME/.lynx-keymaps" then permit - native-fsread: filename eq "$HOME/.lynxrc" then permit - native-fsread: filename eq "$HOME/.mailcap" then permit - native-fsread: filename eq "$HOME/.mime.types" then permit - native-fsread: filename eq "$HOME/.terminfo" then permit - native-fsread: filename eq "$HOME/.terminfo.db" then permit - native-fsread: filename eq "/obj" then permit - native-fsread: filename eq "/tmp" then permit - native-fsread: filename match "/tmp/lynx-*/." then permit - native-fsread: filename eq "/usr" then permit - native-fsread: filename eq "/usr/bin" then permit - native-fsread: filename eq "/usr/games" then permit - native-fsread: filename eq "/usr/include" then permit - native-fsread: filename eq "/usr/lib" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then permit - native-fsread: filename match "/usr/lib/libcrypto.so.*" then permit - native-fsread: filename match "/usr/lib/libncurses.so.*" then permit - native-fsread: filename match "/usr/lib/libssl.so.*" then permit - native-fsread: filename eq "/usr/libdata" then permit - native-fsread: filename eq "/usr/libexec" then permit - native-fsread: filename eq "/usr/lkm" then permit - native-fsread: filename eq "/usr/local" then permit - native-fsread: filename eq "/usr/mdec" then permit - native-fsread: filename eq "/usr/obj" then permit - native-fsread: filename eq "/usr/obj/bin" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/." then permit - native-fsread: filename eq "/usr/obj/bin/systrace/.mailcap" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/.mime.types" then permit - native-fsread: filename eq "/usr/share/misc/terminfo.db" then permit - native-fsread: filename eq "/var/run/dev.db" then permit - native-fsread: filename eq "/var/run/ld.so.hints" then permit - native-fstat: permit - native-fswrite: filename match "/tmp/lynx-*" then permit - native-getdirentries: permit - native-getpid: permit - native-gettimeofday: permit - native-ioctl: permit - native-issetugid: permit - native-lseek: permit - native-mmap: permit - native-mprotect: prot eq "PROT_READ" then permit - native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permit - native-mprotect: prot eq "PROT_READ|PROT_WRITE" then permit - native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" then permit - native-munmap: permit - native-nanosleep: permit - native-poll: permit - native-pread: permit - native-read: permit - native-recvfrom: permit - native-select: permit - native-sendto: true then permit - native-sigaction: permit - native-sigprocmask: permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_DGRAM" then permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_STREAM" then permit - native-write: permit +top +file1 +same1 +file1only +same2 +same3 +bottom diff --git a/regress/usr.bin/sdiff/file2 b/regress/usr.bin/sdiff/file2 index e19098d04d3..a1ee77170c6 100644 --- a/regress/usr.bin/sdiff/file2 +++ b/regress/usr.bin/sdiff/file2 @@ -1,69 +1,7 @@ -Policy: /usr/bin/lynx, Emulation: native - native-issetugid: permit - native-mprotect: permit - native-mmap: permit - native-sysctl: permit - native-fsread: filename eq "/var/run/ld.so.hints" then permit - native-fstat: permit - native-close: permit - native-fsread: filename match "/usr/lib/libssl.so.*" then permit - native-read: permit - native-fsread: filename match "/usr/lib/libcrypto.so.*" then permit - native-fsread: filename match "/usr/lib/libncurses.so.*" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then permit - native-munmap: permit - native-sigprocmask: permit - native-fsread: filename eq "/etc/malloc.conf" then permit - native-getpid: permit - native-fsread: filename eq "/tmp" then permit - native-fswrite: filename match "/tmp/lynx-*" then permit - native-fsread: filename match "/tmp/lynx-*/." then permit - native-fsread: filename eq "$HOME" then permit - native-fsread: filename eq "/etc/lynx.cfg" then permit - native-fsread: filename eq "/" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/." then permit - native-fsread: filename eq "/usr/obj/bin" then permit - native-fcntl: permit - native-getdirentries: permit - native-lseek: permit - native-fsread: filename eq "/usr/obj" then permit - native-fsread: filename eq "/usr" then permit - native-fsread: filename eq "/usr/bin" then permit - native-fsread: filename eq "/usr/games" then permit - native-fsread: filename eq "/usr/include" then permit - native-fsread: filename eq "/usr/lib" then permit - native-fsread: filename eq "/usr/libdata" then permit - native-fsread: filename eq "/usr/libexec" then permit - native-fsread: filename eq "/usr/lkm" then permit - native-fsread: filename eq "/usr/local" then permit - native-fsread: filename eq "/usr/mdec" then permit - native-fsread: filename eq "/home" then permit - native-fsread: filename eq "/obj" then permit - native-fsread: filename eq "$HOME/.lynxrc" then permit - native-fsread: filename match "/<non-existent filename>: *" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/.mailcap" then permit - native-fsread: filename eq "$HOME/.mailcap" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/.mime.types" then permit - native-fsread: filename eq "$HOME/.mime.types" then permit - native-sigaction: permit - native-ioctl: permit - native-fsread: filename eq "$HOME/.terminfo.db" then permit - native-fsread: filename eq "$HOME/.terminfo" then permit - native-fsread: filename eq "/usr/share/misc/terminfo.db" then permit - native-pread: permit - native-write: permit - native-fsread: filename eq "$HOME/.lynx-keymaps" then permit - native-fsread: filename eq "/var/run/dev.db" then permit - native-fsread: filename eq "/etc/utmp" then permit - native-poll: permit - native-nanosleep: permit - native-gettimeofday: permit - native-fsread: filename eq "/etc/resolv.conf" then permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_DGRAM" then permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then permit - native-sendto: true then permit - native-select: permit - native-recvfrom: permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_STREAM" then permit - native-connect: sockaddr match "inet-\\\[*\\\]:80" then permit - native-exit: permit +top +file2 +same1 +same2 +file2only +same3 +bottom diff --git a/regress/usr.bin/sdiff/lflag.out b/regress/usr.bin/sdiff/lflag.out index 50757fa088f..fbc10b16f89 100644 --- a/regress/usr.bin/sdiff/lflag.out +++ b/regress/usr.bin/sdiff/lflag.out @@ -1,102 +1,8 @@ -Policy: /usr/bin/lynx, Emulation: native - > native-issetugid: permit - > native-mprotect: permit - > native-mmap: permit - native-sysctl: permit - > native-fsread: filename eq "/var/run/ld.so.hints" then perm - > native-fstat: permit - native-close: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then perm | native-fsread: filename match "/usr/lib/libssl.so.*" then p - native-connect: sockaddr match "inet-\\\[*\\\]:80" then per | native-read: permit - native-exit: permit | native-fsread: filename match "/usr/lib/libcrypto.so.*" the - native-fcntl: cmd eq "F_SETFD" then permit | native-fsread: filename match "/usr/lib/libncurses.so.*" th - native-fsread: filename eq "/" then permit | native-fsread: filename match "/usr/lib/libc.so.*" then per - native-fsread: filename match "/<non-existent filename>: *" | native-munmap: permit - native-fsread: filename eq "/etc/lynx.cfg" then permit | native-sigprocmask: permit - native-fsread: filename eq "/etc/malloc.conf" then permit - native-fsread: filename eq "/etc/resolv.conf" then permit | native-getpid: permit - native-fsread: filename eq "/etc/utmp" then permit < - native-fsread: filename eq "/home" then permit < - native-fsread: filename eq "$HOME" then permit < - native-fsread: filename eq "$HOME/.lynx-keymaps" then permi < - native-fsread: filename eq "$HOME/.lynxrc" then permit < - native-fsread: filename eq "$HOME/.mailcap" then permit < - native-fsread: filename eq "$HOME/.mime.types" then permit < - native-fsread: filename eq "$HOME/.terminfo" then permit < - native-fsread: filename eq "$HOME/.terminfo.db" then permit < - native-fsread: filename eq "/obj" then permit < - native-fsread: filename eq "/tmp" then permit - > native-fswrite: filename match "/tmp/lynx-*" then permit - native-fsread: filename match "/tmp/lynx-*/." then permit - > native-fsread: filename eq "$HOME" then permit - > native-fsread: filename eq "/etc/lynx.cfg" then permit - > native-fsread: filename eq "/" then permit - > native-fsread: filename eq "/usr/obj/bin/systrace/." then p - > native-fsread: filename eq "/usr/obj/bin" then permit - > native-fcntl: permit - > native-getdirentries: permit - > native-lseek: permit - > native-fsread: filename eq "/usr/obj" then permit - native-fsread: filename eq "/usr" then permit - native-fsread: filename eq "/usr/bin" then permit - native-fsread: filename eq "/usr/games" then permit - native-fsread: filename eq "/usr/include" then permit - native-fsread: filename eq "/usr/lib" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then per < - native-fsread: filename match "/usr/lib/libcrypto.so.*" the < - native-fsread: filename match "/usr/lib/libncurses.so.*" th < - native-fsread: filename match "/usr/lib/libssl.so.*" then p < - native-fsread: filename eq "/usr/libdata" then permit - native-fsread: filename eq "/usr/libexec" then permit - native-fsread: filename eq "/usr/lkm" then permit - native-fsread: filename eq "/usr/local" then permit - native-fsread: filename eq "/usr/mdec" then permit - native-fsread: filename eq "/usr/obj" then permit | native-fsread: filename eq "/home" then permit - native-fsread: filename eq "/usr/obj/bin" then permit | native-fsread: filename eq "/obj" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/." then p | native-fsread: filename eq "$HOME/.lynxrc" then permit - > native-fsread: filename match "/<non-existent filename>: *" - native-fsread: filename eq "/usr/obj/bin/systrace/.mailcap" - > native-fsread: filename eq "$HOME/.mailcap" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/.mime.typ - > native-fsread: filename eq "$HOME/.mime.types" then permit - > native-sigaction: permit - > native-ioctl: permit - > native-fsread: filename eq "$HOME/.terminfo.db" then permit - > native-fsread: filename eq "$HOME/.terminfo" then permit - native-fsread: filename eq "/usr/share/misc/terminfo.db" th - > native-pread: permit - > native-write: permit - > native-fsread: filename eq "$HOME/.lynx-keymaps" then permi - native-fsread: filename eq "/var/run/dev.db" then permit - native-fsread: filename eq "/var/run/ld.so.hints" then perm | native-fsread: filename eq "/etc/utmp" then permit - native-fstat: permit < - native-fswrite: filename match "/tmp/lynx-*" then permit < - native-getdirentries: permit < - native-getpid: permit < - native-gettimeofday: permit < - native-ioctl: permit < - native-issetugid: permit < - native-lseek: permit < - native-mmap: permit < - native-mprotect: prot eq "PROT_READ" then permit < - native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permit < - native-mprotect: prot eq "PROT_READ|PROT_WRITE" then permit < - native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" t < - native-munmap: permit < - native-nanosleep: permit < - native-poll: permit - native-pread: permit | native-nanosleep: permit - native-read: permit | native-gettimeofday: permit - native-recvfrom: permit | native-fsread: filename eq "/etc/resolv.conf" then permit - native-select: permit < - native-sendto: true then permit < - native-sigaction: permit < - native-sigprocmask: permit < - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_D - > native-connect: sockaddr eq "inet-[127.0.0.1]:53" then perm - > native-sendto: true then permit - > native-select: permit - > native-recvfrom: permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_S - native-write: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then per - > native-exit: permit +top +file1 | file2 +same1 +file1only < +same2 + > file2only +same3 +bottom diff --git a/regress/usr.bin/sdiff/same.out b/regress/usr.bin/sdiff/same.out index 5c82d12b439..59b9570fb12 100644 --- a/regress/usr.bin/sdiff/same.out +++ b/regress/usr.bin/sdiff/same.out @@ -1,72 +1,7 @@ -Policy: /usr/bin/lynx, Emulation: native Policy: /usr/bin/lynx, Emulation: native - native-sysctl: permit native-sysctl: permit - native-close: permit native-close: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then perm native-connect: sockaddr eq "inet-[127.0.0.1]:53" then perm - native-connect: sockaddr match "inet-\\\[*\\\]:80" then per native-connect: sockaddr match "inet-\\\[*\\\]:80" then per - native-exit: permit native-exit: permit - native-fcntl: cmd eq "F_SETFD" then permit native-fcntl: cmd eq "F_SETFD" then permit - native-fsread: filename eq "/" then permit native-fsread: filename eq "/" then permit - native-fsread: filename match "/<non-existent filename>: *" native-fsread: filename match "/<non-existent filename>: *" - native-fsread: filename eq "/etc/lynx.cfg" then permit native-fsread: filename eq "/etc/lynx.cfg" then permit - native-fsread: filename eq "/etc/malloc.conf" then permit native-fsread: filename eq "/etc/malloc.conf" then permit - native-fsread: filename eq "/etc/resolv.conf" then permit native-fsread: filename eq "/etc/resolv.conf" then permit - native-fsread: filename eq "/etc/utmp" then permit native-fsread: filename eq "/etc/utmp" then permit - native-fsread: filename eq "/home" then permit native-fsread: filename eq "/home" then permit - native-fsread: filename eq "$HOME" then permit native-fsread: filename eq "$HOME" then permit - native-fsread: filename eq "$HOME/.lynx-keymaps" then permi native-fsread: filename eq "$HOME/.lynx-keymaps" then permi - native-fsread: filename eq "$HOME/.lynxrc" then permit native-fsread: filename eq "$HOME/.lynxrc" then permit - native-fsread: filename eq "$HOME/.mailcap" then permit native-fsread: filename eq "$HOME/.mailcap" then permit - native-fsread: filename eq "$HOME/.mime.types" then permit native-fsread: filename eq "$HOME/.mime.types" then permit - native-fsread: filename eq "$HOME/.terminfo" then permit native-fsread: filename eq "$HOME/.terminfo" then permit - native-fsread: filename eq "$HOME/.terminfo.db" then permit native-fsread: filename eq "$HOME/.terminfo.db" then permit - native-fsread: filename eq "/obj" then permit native-fsread: filename eq "/obj" then permit - native-fsread: filename eq "/tmp" then permit native-fsread: filename eq "/tmp" then permit - native-fsread: filename match "/tmp/lynx-*/." then permit native-fsread: filename match "/tmp/lynx-*/." then permit - native-fsread: filename eq "/usr" then permit native-fsread: filename eq "/usr" then permit - native-fsread: filename eq "/usr/bin" then permit native-fsread: filename eq "/usr/bin" then permit - native-fsread: filename eq "/usr/games" then permit native-fsread: filename eq "/usr/games" then permit - native-fsread: filename eq "/usr/include" then permit native-fsread: filename eq "/usr/include" then permit - native-fsread: filename eq "/usr/lib" then permit native-fsread: filename eq "/usr/lib" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then per native-fsread: filename match "/usr/lib/libc.so.*" then per - native-fsread: filename match "/usr/lib/libcrypto.so.*" the native-fsread: filename match "/usr/lib/libcrypto.so.*" the - native-fsread: filename match "/usr/lib/libncurses.so.*" th native-fsread: filename match "/usr/lib/libncurses.so.*" th - native-fsread: filename match "/usr/lib/libssl.so.*" then p native-fsread: filename match "/usr/lib/libssl.so.*" then p - native-fsread: filename eq "/usr/libdata" then permit native-fsread: filename eq "/usr/libdata" then permit - native-fsread: filename eq "/usr/libexec" then permit native-fsread: filename eq "/usr/libexec" then permit - native-fsread: filename eq "/usr/lkm" then permit native-fsread: filename eq "/usr/lkm" then permit - native-fsread: filename eq "/usr/local" then permit native-fsread: filename eq "/usr/local" then permit - native-fsread: filename eq "/usr/mdec" then permit native-fsread: filename eq "/usr/mdec" then permit - native-fsread: filename eq "/usr/obj" then permit native-fsread: filename eq "/usr/obj" then permit - native-fsread: filename eq "/usr/obj/bin" then permit native-fsread: filename eq "/usr/obj/bin" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/." then p native-fsread: filename eq "/usr/obj/bin/systrace/." then p - native-fsread: filename eq "/usr/obj/bin/systrace/.mailcap" native-fsread: filename eq "/usr/obj/bin/systrace/.mailcap" - native-fsread: filename eq "/usr/obj/bin/systrace/.mime.typ native-fsread: filename eq "/usr/obj/bin/systrace/.mime.typ - native-fsread: filename eq "/usr/share/misc/terminfo.db" th native-fsread: filename eq "/usr/share/misc/terminfo.db" th - native-fsread: filename eq "/var/run/dev.db" then permit native-fsread: filename eq "/var/run/dev.db" then permit - native-fsread: filename eq "/var/run/ld.so.hints" then perm native-fsread: filename eq "/var/run/ld.so.hints" then perm - native-fstat: permit native-fstat: permit - native-fswrite: filename match "/tmp/lynx-*" then permit native-fswrite: filename match "/tmp/lynx-*" then permit - native-getdirentries: permit native-getdirentries: permit - native-getpid: permit native-getpid: permit - native-gettimeofday: permit native-gettimeofday: permit - native-ioctl: permit native-ioctl: permit - native-issetugid: permit native-issetugid: permit - native-lseek: permit native-lseek: permit - native-mmap: permit native-mmap: permit - native-mprotect: prot eq "PROT_READ" then permit native-mprotect: prot eq "PROT_READ" then permit - native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permit native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permit - native-mprotect: prot eq "PROT_READ|PROT_WRITE" then permit native-mprotect: prot eq "PROT_READ|PROT_WRITE" then permit - native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" t native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" t - native-munmap: permit native-munmap: permit - native-nanosleep: permit native-nanosleep: permit - native-poll: permit native-poll: permit - native-pread: permit native-pread: permit - native-read: permit native-read: permit - native-recvfrom: permit native-recvfrom: permit - native-select: permit native-select: permit - native-sendto: true then permit native-sendto: true then permit - native-sigaction: permit native-sigaction: permit - native-sigprocmask: permit native-sigprocmask: permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_D native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_D - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_S native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_S - native-write: permit native-write: permit +top top +file1 file1 +same1 same1 +file1only file1only +same2 same2 +same3 same3 +bottom bottom diff --git a/regress/usr.bin/sdiff/sflag.out b/regress/usr.bin/sdiff/sflag.out index 19179fe5113..e89721c346e 100644 --- a/regress/usr.bin/sdiff/sflag.out +++ b/regress/usr.bin/sdiff/sflag.out @@ -1,79 +1,3 @@ - > native-issetugid: permit - > native-mprotect: permit - > native-mmap: permit - > native-fsread: filename eq "/var/run/ld.so.hints" then perm - > native-fstat: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then perm | native-fsread: filename match "/usr/lib/libssl.so.*" then p - native-connect: sockaddr match "inet-\\\[*\\\]:80" then per | native-read: permit - native-exit: permit | native-fsread: filename match "/usr/lib/libcrypto.so.*" the - native-fcntl: cmd eq "F_SETFD" then permit | native-fsread: filename match "/usr/lib/libncurses.so.*" th - native-fsread: filename eq "/" then permit | native-fsread: filename match "/usr/lib/libc.so.*" then per - native-fsread: filename match "/<non-existent filename>: *" | native-munmap: permit - native-fsread: filename eq "/etc/lynx.cfg" then permit | native-sigprocmask: permit - native-fsread: filename eq "/etc/resolv.conf" then permit | native-getpid: permit - native-fsread: filename eq "/etc/utmp" then permit < - native-fsread: filename eq "/home" then permit < - native-fsread: filename eq "$HOME" then permit < - native-fsread: filename eq "$HOME/.lynx-keymaps" then permi < - native-fsread: filename eq "$HOME/.lynxrc" then permit < - native-fsread: filename eq "$HOME/.mailcap" then permit < - native-fsread: filename eq "$HOME/.mime.types" then permit < - native-fsread: filename eq "$HOME/.terminfo" then permit < - native-fsread: filename eq "$HOME/.terminfo.db" then permit < - native-fsread: filename eq "/obj" then permit < - > native-fswrite: filename match "/tmp/lynx-*" then permit - > native-fsread: filename eq "$HOME" then permit - > native-fsread: filename eq "/etc/lynx.cfg" then permit - > native-fsread: filename eq "/" then permit - > native-fsread: filename eq "/usr/obj/bin/systrace/." then p - > native-fsread: filename eq "/usr/obj/bin" then permit - > native-fcntl: permit - > native-getdirentries: permit - > native-lseek: permit - > native-fsread: filename eq "/usr/obj" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then per < - native-fsread: filename match "/usr/lib/libcrypto.so.*" the < - native-fsread: filename match "/usr/lib/libncurses.so.*" th < - native-fsread: filename match "/usr/lib/libssl.so.*" then p < - native-fsread: filename eq "/usr/obj" then permit | native-fsread: filename eq "/home" then permit - native-fsread: filename eq "/usr/obj/bin" then permit | native-fsread: filename eq "/obj" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/." then p | native-fsread: filename eq "$HOME/.lynxrc" then permit - > native-fsread: filename match "/<non-existent filename>: *" - > native-fsread: filename eq "$HOME/.mailcap" then permit - > native-fsread: filename eq "$HOME/.mime.types" then permit - > native-sigaction: permit - > native-ioctl: permit - > native-fsread: filename eq "$HOME/.terminfo.db" then permit - > native-fsread: filename eq "$HOME/.terminfo" then permit - > native-pread: permit - > native-write: permit - > native-fsread: filename eq "$HOME/.lynx-keymaps" then permi - native-fsread: filename eq "/var/run/ld.so.hints" then perm | native-fsread: filename eq "/etc/utmp" then permit - native-fstat: permit < - native-fswrite: filename match "/tmp/lynx-*" then permit < - native-getdirentries: permit < - native-getpid: permit < - native-gettimeofday: permit < - native-ioctl: permit < - native-issetugid: permit < - native-lseek: permit < - native-mmap: permit < - native-mprotect: prot eq "PROT_READ" then permit < - native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permit < - native-mprotect: prot eq "PROT_READ|PROT_WRITE" then permit < - native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" t < - native-munmap: permit < - native-nanosleep: permit < - native-pread: permit | native-nanosleep: permit - native-read: permit | native-gettimeofday: permit - native-recvfrom: permit | native-fsread: filename eq "/etc/resolv.conf" then permit - native-select: permit < - native-sendto: true then permit < - native-sigaction: permit < - native-sigprocmask: permit < - > native-connect: sockaddr eq "inet-[127.0.0.1]:53" then perm - > native-sendto: true then permit - > native-select: permit - > native-recvfrom: permit - native-write: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then per - > native-exit: permit +file1 | file2 +file1only < + > file2only diff --git a/regress/usr.bin/sdiff/short.in b/regress/usr.bin/sdiff/short.in new file mode 100644 index 00000000000..69a3c27fe1e --- /dev/null +++ b/regress/usr.bin/sdiff/short.in @@ -0,0 +1,4 @@ +top +file1 +same1 +file1only diff --git a/regress/usr.bin/sdiff/short.out b/regress/usr.bin/sdiff/short.out index 289b37d93fc..69a3c27fe1e 100644 --- a/regress/usr.bin/sdiff/short.out +++ b/regress/usr.bin/sdiff/short.out @@ -1,15 +1,4 @@ -Policy: /usr/bin/lynx, Emulation: native - native-issetugid: permit - native-mprotect: permit - native-mmap: permit - native-sysctl: permit - native-close: permit - native-fsread: filename match "/usr/lib/libssl.so.*" then permit - native-read: permit - native-fsread: filename match "/usr/lib/libcrypto.so.*" then permit - native-fsread: filename match "/usr/lib/libncurses.so.*" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then permit - native-munmap: permit - native-sigprocmask: permit - native-fsread: filename eq "/etc/malloc.conf" then permit - native-fsread: filename eq "/etc/resolv.conf" then permit +top +file1 +same1 +file1only diff --git a/regress/usr.bin/sdiff/wflag.out b/regress/usr.bin/sdiff/wflag.out index 76e6a451e6a..948a691ad23 100644 --- a/regress/usr.bin/sdiff/wflag.out +++ b/regress/usr.bin/sdiff/wflag.out @@ -1,102 +1,8 @@ -Policy: /usr/bin/lynx, Emulation: native Policy: /usr/bin/lynx, Emulation: native - > native-issetugid: permit - > native-mprotect: permit - > native-mmap: permit - native-sysctl: permit native-sysctl: permit - > native-fsread: filename eq "/var/run/ld.so.hints" then pe - > native-fstat: permit - native-close: permit native-close: permit - native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-fsread: filename match "/usr/lib/libssl.so.*" then - native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-read: permit - native-exit: permit | native-fsread: filename match "/usr/lib/libcrypto.so.*" t - native-fcntl: cmd eq "F_SETFD" then permit | native-fsread: filename match "/usr/lib/libncurses.so.*" - native-fsread: filename eq "/" then permit | native-fsread: filename match "/usr/lib/libc.so.*" then p - native-fsread: filename match "/<non-existent filename>: | native-munmap: permit - native-fsread: filename eq "/etc/lynx.cfg" then permit | native-sigprocmask: permit - native-fsread: filename eq "/etc/malloc.conf" then permit native-fsread: filename eq "/etc/malloc.conf" then permit - native-fsread: filename eq "/etc/resolv.conf" then permit | native-getpid: permit - native-fsread: filename eq "/etc/utmp" then permit < - native-fsread: filename eq "/home" then permit < - native-fsread: filename eq "$HOME" then permit < - native-fsread: filename eq "$HOME/.lynx-keymaps" then per < - native-fsread: filename eq "$HOME/.lynxrc" then permit < - native-fsread: filename eq "$HOME/.mailcap" then permit < - native-fsread: filename eq "$HOME/.mime.types" then permi < - native-fsread: filename eq "$HOME/.terminfo" then permit < - native-fsread: filename eq "$HOME/.terminfo.db" then perm < - native-fsread: filename eq "/obj" then permit < - native-fsread: filename eq "/tmp" then permit native-fsread: filename eq "/tmp" then permit - > native-fswrite: filename match "/tmp/lynx-*" then permit - native-fsread: filename match "/tmp/lynx-*/." then permit native-fsread: filename match "/tmp/lynx-*/." then permit - > native-fsread: filename eq "$HOME" then permit - > native-fsread: filename eq "/etc/lynx.cfg" then permit - > native-fsread: filename eq "/" then permit - > native-fsread: filename eq "/usr/obj/bin/systrace/." then - > native-fsread: filename eq "/usr/obj/bin" then permit - > native-fcntl: permit - > native-getdirentries: permit - > native-lseek: permit - > native-fsread: filename eq "/usr/obj" then permit - native-fsread: filename eq "/usr" then permit native-fsread: filename eq "/usr" then permit - native-fsread: filename eq "/usr/bin" then permit native-fsread: filename eq "/usr/bin" then permit - native-fsread: filename eq "/usr/games" then permit native-fsread: filename eq "/usr/games" then permit - native-fsread: filename eq "/usr/include" then permit native-fsread: filename eq "/usr/include" then permit - native-fsread: filename eq "/usr/lib" then permit native-fsread: filename eq "/usr/lib" then permit - native-fsread: filename match "/usr/lib/libc.so.*" then p < - native-fsread: filename match "/usr/lib/libcrypto.so.*" t < - native-fsread: filename match "/usr/lib/libncurses.so.*" < - native-fsread: filename match "/usr/lib/libssl.so.*" then < - native-fsread: filename eq "/usr/libdata" then permit native-fsread: filename eq "/usr/libdata" then permit - native-fsread: filename eq "/usr/libexec" then permit native-fsread: filename eq "/usr/libexec" then permit - native-fsread: filename eq "/usr/lkm" then permit native-fsread: filename eq "/usr/lkm" then permit - native-fsread: filename eq "/usr/local" then permit native-fsread: filename eq "/usr/local" then permit - native-fsread: filename eq "/usr/mdec" then permit native-fsread: filename eq "/usr/mdec" then permit - native-fsread: filename eq "/usr/obj" then permit | native-fsread: filename eq "/home" then permit - native-fsread: filename eq "/usr/obj/bin" then permit | native-fsread: filename eq "/obj" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/." then | native-fsread: filename eq "$HOME/.lynxrc" then permit - > native-fsread: filename match "/<non-existent filename>: - native-fsread: filename eq "/usr/obj/bin/systrace/.mailca native-fsread: filename eq "/usr/obj/bin/systrace/.mailca - > native-fsread: filename eq "$HOME/.mailcap" then permit - native-fsread: filename eq "/usr/obj/bin/systrace/.mime.t native-fsread: filename eq "/usr/obj/bin/systrace/.mime.t - > native-fsread: filename eq "$HOME/.mime.types" then permi - > native-sigaction: permit - > native-ioctl: permit - > native-fsread: filename eq "$HOME/.terminfo.db" then perm - > native-fsread: filename eq "$HOME/.terminfo" then permit - native-fsread: filename eq "/usr/share/misc/terminfo.db" native-fsread: filename eq "/usr/share/misc/terminfo.db" - > native-pread: permit - > native-write: permit - > native-fsread: filename eq "$HOME/.lynx-keymaps" then per - native-fsread: filename eq "/var/run/dev.db" then permit native-fsread: filename eq "/var/run/dev.db" then permit - native-fsread: filename eq "/var/run/ld.so.hints" then pe | native-fsread: filename eq "/etc/utmp" then permit - native-fstat: permit < - native-fswrite: filename match "/tmp/lynx-*" then permit < - native-getdirentries: permit < - native-getpid: permit < - native-gettimeofday: permit < - native-ioctl: permit < - native-issetugid: permit < - native-lseek: permit < - native-mmap: permit < - native-mprotect: prot eq "PROT_READ" then permit < - native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi < - native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm < - native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" < - native-munmap: permit < - native-nanosleep: permit < - native-poll: permit native-poll: permit - native-pread: permit | native-nanosleep: permit - native-read: permit | native-gettimeofday: permit - native-recvfrom: permit | native-fsread: filename eq "/etc/resolv.conf" then permit - native-select: permit < - native-sendto: true then permit < - native-sigaction: permit < - native-sigprocmask: permit < - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK native-socket: sockdom eq "AF_INET" and socktype eq "SOCK - > native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe - > native-sendto: true then permit - > native-select: permit - > native-recvfrom: permit - native-socket: sockdom eq "AF_INET" and socktype eq "SOCK native-socket: sockdom eq "AF_INET" and socktype eq "SOCK - native-write: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p - > native-exit: permit +top top +file1 | file2 +same1 same1 +file1only < +same2 same2 + > file2only +same3 same3 +bottom bottom |