def ipfw_enabled(self) -> bool: """Return True if ipfw is enabled on the host system.""" try: firewall_enabled = freebsd_sysctl.Sysctl("net.inet.ip.fw.enable") return (firewall_enabled.value == 1) is True except Exception: return False
def test_security_jail_param_list(benchmark): test_node_name = "security.jail.param" stdout = subprocess.check_output([ "/sbin/sysctl", "-N", test_node_name ]).strip().decode() child_names = stdout.split("\n") assert len(child_names) > 0, "test pre-condition" def get_children(test_node_sysctl): return list(test_node_sysctl.children) test_node_children = benchmark( get_children, freebsd_sysctl.Sysctl(test_node_name) ) assert len(test_node_children) == len(child_names), ( "different number of children reported" ) test_node_child_names = [c.name for c in test_node_children] assert all([a == b for a, b in zip(test_node_child_names, child_names)]), ( "the order of children or their names differed" )
def ensure_firewall_enabled(self) -> None: """Raise an FirewallDisabled exception if the firewall is disabled.""" requirements = self._required_sysctl_properties if len(requirements) == 0: return try: current = "not found" for key in requirements: expected = requirements[key] current = freebsd_sysctl.Sysctl(key).value if int(current) != int(expected): raise ValueError( f"Invalid Sysctl {key}: " f"{current} found, but expected: {expected}" ) return except Exception: # an IocageException is raised in the next step at the right level pass hint = f"sysctl {key} is expected to be {expected}, but was {current}" raise libioc.errors.FirewallDisabled( hint=hint, logger=self.logger )
def test_sysctl_descriptions(sysctl_types): for sysctl_name, sysctl_type in sysctl_types.items(): current_sysctl = freebsd_sysctl.Sysctl(sysctl_name) stdout = subprocess.check_output( ["/sbin/sysctl", "-d", "-n", sysctl_name]).strip().decode() current_description = str(current_sysctl.description).strip() assert stdout == current_description, sysctl_name
def test_explicit_list_of_sysctl_value(item): sysctl_name = item[1] sysctl = freebsd_sysctl.Sysctl(sysctl_name) stdout = subprocess.check_output([ "/sbin/sysctl", "-n", sysctl_name ]).strip().decode() assert str(sysctl.value) == stdout
def test_sysctl_values(sysctl_types): for sysctl_name, sysctl_type in sysctl_types.items(): current_sysctl = freebsd_sysctl.Sysctl(sysctl_name) stdout = subprocess.check_output(["/sbin/sysctl", "-n", sysctl_name]).strip().decode() if isinstance(current_sysctl.raw_value, freebsd_sysctl.OPAQUE): continue elif isinstance(current_sysctl.raw_value, freebsd_sysctl.NODE): continue else: current_value = str(current_sysctl.value).strip() assert current_value == stdout, sysctl_name
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING # IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. """Unit tests for Jail Resource Limits.""" import typing import pytest import subprocess import freebsd_sysctl try: rctl_supported = (freebsd_sysctl.Sysctl("kern.features.rctl").value == 1) rctl_enabled = (freebsd_sysctl.Sysctl("kern.racct.enable").value == 1) rctl_supported = (rctl_supported and rctl_enabled) is True except Exception: rctl_supported = False @pytest.mark.skipif((rctl_supported is False), reason="Resource Limits disabled (kern.features.rctl=0).") class TestResourceLimits(object): """Run Resource Limit tests.""" @staticmethod def __mib_to_bytes(value: int) -> int: return value * 1024 * 1024 def test_limits_are_applied_to_jails_on_start(
def uuid(self) -> UUID: """Return the hostuuid and memoize on first lookup.""" return uuid.UUID(freebsd_sysctl.Sysctl("kern.hostuuid").value)
def lookup_values(sysctl_types): for sysctl_name, sysctl_type in sysctl_types.items(): yield sysctl_name, freebsd_sysctl.Sysctl(sysctl_name).raw_value
def test_sysctl_types(sysctl_types): for sysctl_name, sysctl_type in sysctl_types.items(): current_sysctl = freebsd_sysctl.Sysctl(sysctl_name) current_mapped_type = map_sysctl_type(current_sysctl.ctl_type) assert sysctl_type == current_mapped_type, sysctl_name
def test_sysctl_names(sysctl_types): for sysctl_name, sysctl_type in sysctl_types.items(): current_sysctl = freebsd_sysctl.Sysctl(sysctl_name) resolved_sysctl = freebsd_sysctl.Sysctl(oid=current_sysctl.oid) assert sysctl_name == resolved_sysctl.name
def lookup_descriptions(sysctl_types): for sysctl_name, sysctl_type in sysctl_types.items(): yield sysctl_name, freebsd_sysctl.Sysctl(sysctl_name).description
def test_sysctl_opaque_fmt(sysctl_name, expected): sysctl = freebsd_sysctl.Sysctl(sysctl_name) assert sysctl.fmt == expected
def test_sysctl_names(sysctl_types): for sysctl_name, sysctl_type in sysctl_types.items(): current_sysctl = freebsd_sysctl.Sysctl(sysctl_name) assert sysctl_name == current_sysctl.name
def __get_sysctl(self, key: str) -> freebsd_sysctl.Sysctl: _key = self.__getkey(key).decode("UTF-8") if _key not in self.cached_sysctls.keys(): self.cached_sysctls[_key] = freebsd_sysctl.Sysctl(_key) return self.cached_sysctls[_key]
# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. """FreeBSD jail sysctl bindings.""" import typing import ctypes import itertools import ipaddress import freebsd_sysctl import freebsd_sysctl.types from jail.libc import dll import jail.types NULL_BYTES = b"\x00" JAIL_MAX_AF_IPS = freebsd_sysctl.Sysctl("security.jail.jail_max_af_ips").value class Iovec(ctypes.Structure): _fields_ = [ ("iov_base", ctypes.c_void_p), ("iov_size", ctypes.c_size_t) ] class IovecKey: def __init__(self, value: typing.Union[str, bytes]) -> None: if isinstance(value, bytes) is True: self.value = value elif isinstance(value, str) is True: