diff --git a/CHANGELOG.md b/CHANGELOG.md
index a3bab479..6aa7cd04 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -127,6 +127,7 @@
   * Syntactically Correct handling of '<?' (processing instructions) and '<?xml' (XML declaration)
   * XML prolog syntax for 'well-formed' XML
   * `<!DOCTYPE` (ie DTD) is not supported.
+* Added Clixon example full system docker container, see [docker/system].
 * Added `make test` from top-level Makefile
 * Added `xml_rootchild_node()` lib function as variant of `xml_rootchild()`
 * Added -o "<option>=<value>" command-line option to all programs: backend, cli, netconf, restconf.
diff --git a/configure b/configure
index 08476986..33f99392 100755
--- a/configure
+++ b/configure
@@ -4433,7 +4433,7 @@ _ACEOF
 
 
 
-ac_config_files="$ac_config_files Makefile lib/Makefile lib/src/Makefile lib/clixon/Makefile apps/Makefile apps/cli/Makefile apps/backend/Makefile apps/netconf/Makefile apps/restconf/Makefile include/Makefile etc/Makefile etc/clixonrc example/Makefile extras/rpm/Makefile docker/Makefile datastore/Makefile datastore/text/Makefile util/Makefile yang/Makefile yang/clixon/Makefile yang/standard/Makefile doc/Makefile test/Makefile"
+ac_config_files="$ac_config_files Makefile lib/Makefile lib/src/Makefile lib/clixon/Makefile apps/Makefile apps/cli/Makefile apps/backend/Makefile apps/netconf/Makefile apps/restconf/Makefile include/Makefile etc/Makefile etc/clixonrc example/Makefile extras/rpm/Makefile docker/Makefile docker/system/Makefile docker/cluster/Makefile datastore/Makefile datastore/text/Makefile util/Makefile yang/Makefile yang/clixon/Makefile yang/standard/Makefile doc/Makefile test/Makefile"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -5142,6 +5142,8 @@ do
     "example/Makefile") CONFIG_FILES="$CONFIG_FILES example/Makefile" ;;
     "extras/rpm/Makefile") CONFIG_FILES="$CONFIG_FILES extras/rpm/Makefile" ;;
     "docker/Makefile") CONFIG_FILES="$CONFIG_FILES docker/Makefile" ;;
+    "docker/system/Makefile") CONFIG_FILES="$CONFIG_FILES docker/system/Makefile" ;;
+    "docker/cluster/Makefile") CONFIG_FILES="$CONFIG_FILES docker/cluster/Makefile" ;;
     "datastore/Makefile") CONFIG_FILES="$CONFIG_FILES datastore/Makefile" ;;
     "datastore/text/Makefile") CONFIG_FILES="$CONFIG_FILES datastore/text/Makefile" ;;
     "util/Makefile") CONFIG_FILES="$CONFIG_FILES util/Makefile" ;;
diff --git a/configure.ac b/configure.ac
index 13cd7712..0cda1b5a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -241,7 +241,8 @@ AC_OUTPUT(Makefile
 	  etc/clixonrc
 	  example/Makefile
 	  extras/rpm/Makefile
-	  docker/Makefile 
+	  docker/Makefile
+  	  docker/system/Makefile
 	  datastore/Makefile
 	  datastore/text/Makefile
   	  util/Makefile 
diff --git a/docker/Makefile.in b/docker/Makefile.in
index 375fa22d..62d290dd 100644
--- a/docker/Makefile.in
+++ b/docker/Makefile.in
@@ -38,15 +38,17 @@ CFLAGS  	= @CFLAGS@
 LDFLAGS 	= @LDFLAGS@
 LIBS    	= @LIBS@
 
-# Change this
-IMAGE           = olofhagsand/clixon
+# Example docker image. PLEASE CHANGE THIS IF YOU PUSH
+IMG_BASE      = olofhagsand/clixon # base image
 
 SHELL	= /bin/sh
 
+SUBDIRS  = system
+#SUBDIRS += cluster
 
 .PHONY: all clean depend install docker push
 
-all:	
+all:	$(SUBDIRS)
 	echo "Run make docker to build docker image"
 
 clean:
@@ -54,12 +56,11 @@ clean:
 distclean: clean
 	rm -f Makefile *~ .depend
 
-docker:
-	sudo docker build -t $(IMAGE) .  # --no-cache
-	echo "cd ../example; make docker to build example application"
+docker: Dockerfile
+	sudo docker build -t $(IMG_BASE) .  # --no-cache
 
 push:
-	sudo docker push $(IMAGE)
+	sudo docker push $(IMG_BASE)
 
 depend:
 
diff --git a/docker/README.md b/docker/README.md
index 039eb07a..a1b8ec53 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -1,19 +1,24 @@
 # Clixon base docker image
 
-This directory contains code for building and pushing a Clixon docker
+This directory contains code for building and pushing the clixon base docker
 container. By default it is pushed to olofhagsand/clixon, but you can change
 the IMAGE in Makefile.in and push it to another name.
 
+There are also sub-directories with examples og other clixon example systems.
+
 The clixon docker image is a base image that can be used to build
 clixon applications. It has all the whole code for a clixon release
 which it downloads from git - it does not use local code (note it may even use develop branch).
 
-See example/docker for how to build a docker application using the base image.
+See [system/README.md] for how to build the clixon example application using the base image.
+
+## Build and push
 
-Build and push
-==============
 Perform the build by 'make docker'. 
 You may also do 'make push' if you want to push the image, but you may then consider changing the image name (in the makefile:s).
 
 You may run the container directly by going directly to example and
 the docker runtime scripts there
+
+(You may have to login for push with sudo docker login -u <username>)
+
diff --git a/example/Dockerfile b/docker/system/Dockerfile
similarity index 84%
rename from example/Dockerfile
rename to docker/system/Dockerfile
index 27cfb737..26e86857 100644
--- a/example/Dockerfile
+++ b/docker/system/Dockerfile
@@ -34,10 +34,12 @@
 FROM olofhagsand/clixon
 MAINTAINER Olof Hagsand <olof@hagsand.se>
 
-#RUN apt-get update && apt-get install -y procps # ps for debugging
+RUN apt-get update && apt-get install -y nginx
+RUN apt-get update && apt-get install -y procps curl # ps for debugging
 
 # The example uses "clicon" group
 RUN groupadd clicon
+RUN usermod -a -G clicon www-data
 
 # Create a directory to hold source-code, dependencies etc
 RUN mkdir /example
@@ -49,15 +51,22 @@ RUN git clone https://github.com/clicon/clixon.git
 
 # Build clixon
 WORKDIR /example/clixon
-RUN git checkout -b develop origin/develop
 RUN ./configure
 WORKDIR /example/clixon/example
 RUN make
 RUN make install
 RUN install example.xml /usr/local/etc/clixon.xml
 
-# Log to stderr. Add -D 1 for debug
-CMD /usr/local/sbin/clixon_backend -F -a IPv4 -u 0.0.0.0 -s init -l e 
+# Copy startscript
+WORKDIR /
+COPY startsystem.sh startsystem.sh 
+RUN install startsystem.sh /usr/local/bin/
+
+# Expose nginx port for restconf
+EXPOSE 80
+
+# Log to stderr.
+CMD /usr/local/bin/startsystem.sh
 
 
 
diff --git a/docker/system/Makefile.in b/docker/system/Makefile.in
new file mode 100644
index 00000000..56bae9a9
--- /dev/null
+++ b/docker/system/Makefile.in
@@ -0,0 +1,68 @@
+#
+# ***** BEGIN LICENSE BLOCK *****
+# 
+# Copyright (C) 2009-2019 Olof Hagsand and Benny Holmgren
+#
+# This file is part of CLIXON
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Alternatively, the contents of this file may be used under the terms of
+# the GNU General Public License Version 3 or later (the "GPL"),
+# in which case the provisions of the GPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of the GPL, and not to allow others to
+# use your version of this file under the terms of Apache License version 2, 
+# indicate your decision by deleting the provisions above and replace them with
+# the notice and other provisions required by the GPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the Apache License version 2 or the GPL.
+#
+# ***** END LICENSE BLOCK *****
+#
+VPATH       	= @srcdir@
+srcdir  	= @srcdir@
+top_srcdir  	= @top_srcdir@
+CC		= @CC@
+CFLAGS  	= @CFLAGS@ 
+LDFLAGS 	= @LDFLAGS@
+LIBS    	= @LIBS@
+
+# Example docker image. PLEASE CHANGE THIS IF YOU PUSH
+IMG_SYSTEM   = clixon/clixon-system
+
+SHELL	= /bin/sh
+
+.PHONY: all clean depend install docker push clixon-system
+
+all:	
+	echo "Run make docker to build docker image"
+
+clean:
+
+distclean: clean
+	rm -f Makefile *~ .depend
+
+docker: Dockerfile
+	sudo docker build -t $(IMG_SYSTEM) .  # --no-cache
+
+push:
+
+depend:
+
+install-include:
+
+install:
+
+uninstall:
+
diff --git a/docker/system/README.md b/docker/system/README.md
new file mode 100644
index 00000000..d6ae8d8c
--- /dev/null
+++ b/docker/system/README.md
@@ -0,0 +1,31 @@
+# Clixon example container
+
+This directory show how to build a "monolithic" clixon docker
+container containing the example application with both restconf,
+netconf, cli and backend.
+The directory contains the following files:
+	 cleanup.sh     kill containers
+	 Dockerfile     Docker build instructions
+	 lib.sh         script library functions
+	 Makefile.in    "make docker" builds the container
+	 README.md	This file
+	 start.sh       Start containers
+	 startsystem.sh Internal start script copied to inside the container
+	 stat.sh        Shows container status
+
+How to build and start the container:
+```
+  $ make docker
+  $ ./start.sh 
+```
+
+Once running you can access it as follows:
+* CLI: `sudo docker exec -it ef62ccfe1782 clixon_cli`
+* Netconf: `sudo docker exec -it ef62ccfe1782 clixon_netconf`
+* Restconf: `curl -G http://localhost/restconf`
+
+To check status and then kill it:
+```
+  $ ./stat.sh
+  $ ./cleanup.sh 
+```
\ No newline at end of file
diff --git a/docker/system/cleanup.sh b/docker/system/cleanup.sh
new file mode 100755
index 00000000..973bc0f7
--- /dev/null
+++ b/docker/system/cleanup.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# include err(), stat() and other functions
+. ./lib.sh
+
+# Kill all controller containers (optionally do `make clean`)
+echo "You may want run make clean as well"
+
+kill1 clixon/clixon-system
+
+
+
+
diff --git a/docker/system/lib.sh b/docker/system/lib.sh
new file mode 100755
index 00000000..820935ab
--- /dev/null
+++ b/docker/system/lib.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+# Lib functions like err(), stat() and others
+
+# Error function
+# usage: err $msg
+err(){
+    echo  "\e[31m\n[Error $1]"
+    echo  "\e[0m"
+    exit 1
+}
+
+#json field XXX notused?
+jf(){
+  sed -e 's/[{}]/''/g' | awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}' | grep key | awk -F : '{gsub(/"/,"",$3); print $3}'
+}
+
+# Status function
+# usage: stat $name
+stat(){
+    name=$1
+    ps=$(sudo docker ps -f ancestor=$name|tail -n +2|grep $name|awk '{print $1}')
+    if [ -n "$ps" ]; then
+	ip=$(sudo docker inspect -f '{{.NetworkSettings.IPAddress }}' $ps)
+	echo "$name \t$ps $ip"
+    else
+	err "$name failed"
+    fi
+}
+
+# Kill function
+kill1(){
+    name=$1
+    ps=$(sudo docker ps -f ancestor=$name|tail -n +2|grep $name|awk '{print $1}')
+    if [ -n "$ps" ]; then
+	echo -n "$name\t" && sudo docker kill $ps
+    fi
+}
+
diff --git a/docker/system/start.sh b/docker/system/start.sh
new file mode 100755
index 00000000..c3625818
--- /dev/null
+++ b/docker/system/start.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+# Build grideye containers, start all containers, setup networking
+# Usage: ./startup.sh
+# Debug: DBG=1 ./startup.sh
+# See also cleanup.sh
+
+>&2 echo "Running script: $0"
+
+# include err(), stat() and other functions
+. ./lib.sh
+
+# Turn on debug in containers (restconf, backend)
+DBG=${DBG:-1}
+
+CONFIG0=$(cat <<EOF
+<config>
+  <CLICON_CONFIGFILE>/usr/local/etc/example.xml</CLICON_CONFIGFILE>
+  <CLICON_FEATURE>*:*</CLICON_FEATURE>
+  <CLICON_YANG_DIR>/usr/local/share/clixon</CLICON_YANG_DIR>
+  <CLICON_YANG_MODULE_MAIN>clixon-example</CLICON_YANG_MODULE_MAIN>
+  <CLICON_CLI_MODE>example</CLICON_CLI_MODE>
+  <CLICON_BACKEND_DIR>/usr/local/lib/example/backend</CLICON_BACKEND_DIR>
+  <CLICON_NETCONF_DIR>/usr/local/lib/example/netconf</CLICON_NETCONF_DIR>
+  <CLICON_RESTCONF_DIR>/usr/local/lib/example/restconf</CLICON_RESTCONF_DIR>
+  <CLICON_CLI_DIR>/usr/local/lib/example/cli</CLICON_CLI_DIR>
+  <CLICON_CLISPEC_DIR>/usr/local/lib/example/clispec</CLICON_CLISPEC_DIR>
+  <CLICON_SOCK>/usr/local/var/example/example.sock</CLICON_SOCK>
+  <CLICON_BACKEND_PIDFILE>/usr/local/var/example/example.pidfile</CLICON_BACKEND_PIDFILE>
+  <CLICON_CLI_GENMODEL_COMPLETION>1</CLICON_CLI_GENMODEL_COMPLETION>
+  <CLICON_CLI_GENMODEL_TYPE>VARS</CLICON_CLI_GENMODEL_TYPE>
+  <CLICON_XMLDB_DIR>/usr/local/var/example</CLICON_XMLDB_DIR>
+  <CLICON_XMLDB_PLUGIN>/usr/local/lib/xmldb/text.so</CLICON_XMLDB_PLUGIN>
+  <CLICON_CLI_LINESCROLLING>0</CLICON_CLI_LINESCROLLING>
+  <CLICON_STARTUP_MODE>init</CLICON_STARTUP_MODE>
+  <CLICON_NACM_MODE>disabled</CLICON_NACM_MODE>
+</config>
+EOF
+)
+
+CONFIG=${CONFIG:-$CONFIG0}
+STORE=${STORE:-}
+
+# Start clixon-example backend
+# -p 4535 to access via cli from host
+>&2 echo -n "Starting Backend..."
+sudo docker run -p 80:80 --rm -e DBG=$DBG -e CONFIG="$CONFIG" -e STORE="$STORE" -td clixon/clixon-system || err "Error starting clixon-system"
+
+>&2 echo "clixon-system started"
+
+name=clixon/clixon-system
+ps=$(sudo docker ps -f ancestor=$name|tail -n +2|grep $name|awk '{print $1}')
+echo "sudo docker exec -it $ps clixon_cli # example command"
+
+
+
diff --git a/docker/system/startsystem.sh b/docker/system/startsystem.sh
new file mode 100755
index 00000000..5d63b209
--- /dev/null
+++ b/docker/system/startsystem.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+# This script is copied into the container on build time and runs
+# _inside_ the container at start in runtime. It gets environment variables
+# from the start.sh script.
+# It starts a backend, a restconf daemon and a nginx daemon and exposes ports
+# for restconf.
+# See also Dockerfile of the example
+# Log msg, see with docker logs
+
+>&2 echo "$0"
+
+DBG=${DBG:-0}
+
+# Initiate clixon configuration (env variable)
+echo "$CONFIG" > /usr/local/etc/clixon.xml
+
+# Initiate running db (env variable)
+echo "$STORE" > /usr/local/var/example/running_db
+
+>&2 echo "Write nginx config files"
+# nginx site config file
+cat <<EOF > /etc/nginx/sites-enabled/default
+#
+server {
+        listen 80 default_server;
+        listen localhost:80 default_server;
+        listen [::]:80 default_server;
+	server_name localhost;
+	server_name _;
+	location / {
+	    root /usr/share/nginx/html/restconf;
+	    fastcgi_pass unix:/www-data/fastcgi_restconf.sock;
+	    include fastcgi_params;
+        }
+	location /restconf {
+	    fastcgi_pass unix:/www-data/fastcgi_restconf.sock;
+	    include fastcgi_params;
+        }
+	location /streams {
+	    fastcgi_pass unix:/www-data/fastcgi_restconf.sock;
+	    include fastcgi_params;
+ 	    proxy_http_version 1.1;
+	    proxy_set_header Connection "";
+        }
+}
+EOF
+
+# Start nginx
+#/usr/sbin/nginx -g 'daemon off;' -c /etc/nginx/nginx.conf
+/usr/sbin/nginx -c /etc/nginx/nginx.conf
+>&2 echo "nginx started"
+
+# Start clixon_restconf
+su -c "/www-data/clixon_restconf -l f/www-data/restconf.log -D $DBG" -s /bin/sh www-data &
+>&2 echo "clixon_restconf started"
+
+# Start clixon backend
+>&2 echo "start clixon_backend:"
+/usr/local/sbin/clixon_backend -FD $DBG -s running -l e # logs on docker logs
+
+
+# Start clixon cli in foreground
+#/usr/local/bin/clixon_cli -D $DBG
+
+#/bin/sleep 100000000
diff --git a/docker/system/stat.sh b/docker/system/stat.sh
new file mode 100755
index 00000000..16c271da
--- /dev/null
+++ b/docker/system/stat.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+# Show stats (IP address etc) about the clixon containers
+# include err(), stat() and other functions
+. ./lib.sh
+
+stat clixon/clixon-system
+
+name=clixon/clixon-system
+ps=$(sudo docker ps -f ancestor=$name|tail -n +2|grep $name|awk '{print $1}')
+echo "sudo docker exec -it $ps clixon_cli # example command"
diff --git a/example/README.md b/example/README.md
index 8e9c61f0..919fd363 100644
--- a/example/README.md
+++ b/example/README.md
@@ -262,23 +262,8 @@ Example systemd files for backend and restconf daemons are found under the syste
 
 ## Docker
 
-Run the example as a docker container and access it from a host CLI as follows:
-```
-ID=$(sudo docker run -td olofhagsand/clixon_example)
-IP=$(sudo docker inspect -f '{{.NetworkSettings.IPAddress }}' $ID)
-clixon_cli -a IPv4 -u $IP -f ./example.xml
-```
-
-Build the container and push yourself: First change the IMAGE variable in Makefile (eg to "you/clixon_example). Then build and push:
-```
-make docker
-make push
-sudo docker run -ti --rm you/clixon_example
-```
-
-Note that the configuration database is internal in the container, so
-it is deleted if the container is restarted. To make the configuration
-database persistent, you need to mount running_db using `-v`
+See [../docker/system] for instructions on how to build this example
+as a docker container.
 
 ## Plugins
 
diff --git a/lib/src/clixon_xml_sort.c b/lib/src/clixon_xml_sort.c
index ce9c9916..f33901d1 100644
--- a/lib/src/clixon_xml_sort.c
+++ b/lib/src/clixon_xml_sort.c
@@ -424,7 +424,8 @@ xml_search1(cxobj        *x0,
     if (mid >= xml_child_nr(x0))  /* beyond range */
 	return NULL;
     xc = xml_child_i(x0, mid);
-    assert(y = xml_spec(xc));
+    if ((y = xml_spec(xc)) == NULL)
+	return NULL;
     cmp = yangi-yang_order(y);
     if (cmp == 0){
 	cmp = xml_cmp1(xc, y, name, keyword, keynr, keyvec, keyval, &userorder);
diff --git a/lib/src/clixon_yang_parse.y b/lib/src/clixon_yang_parse.y
index 6a9cce92..bc80e474 100644
--- a/lib/src/clixon_yang_parse.y
+++ b/lib/src/clixon_yang_parse.y
@@ -175,7 +175,6 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include <errno.h>
-#include <assert.h>
 #include <ctype.h>
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -236,7 +235,10 @@ ystack_pop(struct clicon_yang_yacc_arg *yy)
 {
     struct ys_stack *ystack; 
 
-    assert(ystack =  yy->yy_stack);
+    if ((ystack =  yy->yy_stack) == NULL){
+	clicon_err(OE_YANG, 0, "ystack is NULL");
+	return -1;
+    }
     yy->yy_stack = ystack->ys_next;
     free(ystack);
     return 0;
@@ -283,7 +285,10 @@ ysp_add(struct clicon_yang_yacc_arg *yy,
 	clicon_err(OE_YANG, errno, "No stack");
 	goto err;
     }
-    assert(yn = ystack->ys_node);
+    if ((yn = ystack->ys_node) == NULL){
+	clicon_err(OE_YANG, errno, "No ys_node");
+	goto err;
+    }
     if ((ys = ys_new(keyword)) == NULL)
 	goto err;
     /* NOTE: does not make a copy of string, ie argument is 'consumed' here */
diff --git a/test/README.md b/test/README.md
index 31a55880..fc012036 100644
--- a/test/README.md
+++ b/test/README.md
@@ -2,11 +2,12 @@
 
 This directory contains testing code for clixon and the example
 application. Assumes setup of http daemon as describe under apps/restonf
-- Jenkinsfile       Makefile for Jenkins tests. Build clixon and run tests.
+- jenkins           Directory w Jenkins specific stuff
+- travis            Directory w Travis specific stuff
 - all.sh            Run through all tests with detailed output, and stop on first error.
 - sum.sh            Run though all tests and print summary
 - mem.sh            Make valgrind 
-- site.sh           Add your site-specific modifications here
+- site.sh           Add your site-specific modifications here (see example below)
 - test_nacm.sh      Auth tests using internal NACM
 - test_nacm_ext.sh  Auth tests using external NACM (separate file)
 - test_nacm_protocol.sh  Auth tests for incoming RPC:s
@@ -36,4 +37,14 @@ Run all tests but continue after errors and only print a summary test output ide
   all.sh summary
 ```
 
+You need to start nginx. There are instructions in [the example](../example/README.md)
 
+Example site.sh file:
+
+#!/bin/bash
+# Add your local site specific env variables (or tests) here.
+# get from: https://github.com/openconfig/public
+OPENCONFIG=/home/olof/src/clixon/test/public
+# get from:  https://github.com/YangModels/yang 
+YANGMODELS=/usr/local/share/yangmodels
+IETFRFC=$YANGMODELS/standard/ietf/RFC
diff --git a/test/lib.sh b/test/lib.sh
index 1f0a8107..65fd29a4 100755
--- a/test/lib.sh
+++ b/test/lib.sh
@@ -12,6 +12,7 @@
 
 #set -e
 
+# Site file, an example of this file in README.md
 if [ -x ./site.sh ]; then
     . ./site.sh
 fi
@@ -143,12 +144,25 @@ expectfn(){
   fi
 }
 
-# 
+# Evaluate and return
+# Example: expecteq $(fn arg) 0 "my return"
+# - evaluated expression
+# - expected command return value (0 if OK)
+# - expected stdout outcome
 expecteq(){
+  r=$?
   ret=$1
-  expect=$2
-#  echo "ret:$ret"
+  retval=$2
+  expect=$3
+#  echo "r:$r"
+#  echo "ret:\"$ret\""
+#  echo "retval:$retval"
 #  echo "expect:$expect"
+  if [ $r != $retval ]; then
+      echo -e "\e[31m\nError ($r != $retval) in Test$testnr [$testname]:"
+      echo -e "\e[0m:"
+      exit -1
+  fi
   if [ -z "$ret" -a -z "$expect" ]; then
       return
   fi
diff --git a/test/test_choice.sh b/test/test_choice.sh
index e1ca5ff9..7108e6ee 100755
--- a/test/test_choice.sh
+++ b/test/test_choice.sh
@@ -137,10 +137,10 @@ new "netconf commit protocol udp"
 expecteof "$clixon_netconf -qf $cfg -y $fyang" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
 
 new "restconf set protocol tcp"
-expecteq "$(curl -s -X PUT http://localhost/restconf/data/system:system/protocol -d {\"system:protocol\":{\"tcp\":null}})" ""
+expecteq "$(curl -s -X PUT http://localhost/restconf/data/system:system/protocol -d {\"system:protocol\":{\"tcp\":null}})" 0 ""
 
 new "restconf get protocol tcp"
-expecteq "$(curl -s -X GET http://localhost/restconf/data/system:system)" '{"system:system": {"protocol": {"tcp": null}}}
+expecteq "$(curl -s -X GET http://localhost/restconf/data/system:system)" 0 '{"system:system": {"protocol": {"tcp": null}}}
 
'
 
 new "cli set protocol udp"
diff --git a/test/test_nacm.sh b/test/test_nacm.sh
index cc968e82..62101a0a 100755
--- a/test/test_nacm.sh
+++ b/test/test_nacm.sh
@@ -132,7 +132,7 @@ sudo su -c "$clixon_restconf -f $cfg -D $DBG -- -a" -s /bin/sh www-data &
 sleep $RCWAIT
 
 new "auth get"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 'null
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 'null
 
'
 
 new "auth set authentication config"
@@ -142,39 +142,39 @@ new "commit it"
 expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
 
 new "auth get (no user: access denied)"
-expecteq "$(curl -sS -X GET -H \"Accept:\ application/yang-data+json\" http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
+expecteq "$(curl -sS -X GET -H \"Accept:\ application/yang-data+json\" http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
 
 new "auth get (wrong passwd: access denied)"
-expecteq "$(curl -u andy:foo -sS -X GET http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
+expecteq "$(curl -u andy:foo -sS -X GET http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
 
 new "auth get (access)"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
 
'
 
 #----------------Enable NACM
 
 new "enable nacm"
-expecteq "$(curl -u andy:bar -sS -X PUT -d '{"ietf-netconf-acm:enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" ""
+expecteq "$(curl -u andy:bar -sS -X PUT -d '{"ietf-netconf-acm:enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 ""
 
 new "admin get nacm"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
 
'
 
 new "limited get nacm"
-expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
+expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
 
'
 
 new "guest get nacm"
-expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
+expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
 
 new "admin edit nacm"
-expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 1}' http://localhost/restconf/data/nacm-example:x)" ""
+expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 1}' http://localhost/restconf/data/nacm-example:x)" 0 ""
 
 new "limited edit nacm"
-expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 new "guest edit nacm"
-expecteq "$(curl -u guest:bar -sS -X PUT -d '{"nacm-example:x": 3}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
+expecteq "$(curl -u guest:bar -sS -X PUT -d '{"nacm-example:x": 3}' http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
 
 new "Kill restconf daemon"
 sudo pkill -u www-data -f "/www-data/clixon_restconf"
diff --git a/test/test_nacm_ext.sh b/test/test_nacm_ext.sh
index f9ed5fe1..ff78484c 100755
--- a/test/test_nacm_ext.sh
+++ b/test/test_nacm_ext.sh
@@ -152,41 +152,41 @@ sudo su -c "$clixon_restconf -f $cfg -D $DBG -- -a" -s /bin/sh www-data &
 sleep $RCWAIT
 
 new "auth get"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" '{"clixon-example:state": {"op": ["42","41","43"]}}
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" 0 '{"clixon-example:state": {"op": ["42","41","43"]}}
 
'
 
 new "Set x to 0"
-expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 0}' http://localhost/restconf/data/nacm-example:x)" ""
+expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 0}' http://localhost/restconf/data/nacm-example:x)" 0 ""
 
 new "auth get (no user: access denied)"
-expecteq "$(curl -sS -X GET -H \"Accept:\ application/yang-data+json\" http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
+expecteq "$(curl -sS -X GET -H \"Accept:\ application/yang-data+json\" http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
 
 new "auth get (wrong passwd: access denied)"
-expecteq "$(curl -u andy:foo -sS -X GET http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
+expecteq "$(curl -u andy:foo -sS -X GET http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "protocol","error-tag": "access-denied","error-severity": "error","error-message": "The requested URL was unauthorized"}}}
'
 
 new "auth get (access)"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
 
'
 
 new "admin get nacm"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
 
'
 
 new "limited get nacm"
-expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
+expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
 
'
 
 new "guest get nacm"
-expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
+expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
 
 new "admin edit nacm"
-expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 1}' http://localhost/restconf/data/nacm-example:x)" ""
+expecteq "$(curl -u andy:bar -sS -X PUT -d '{"nacm-example:x": 1}' http://localhost/restconf/data/nacm-example:x)" 0 ""
 
 new "limited edit nacm"
-expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"x": 2}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"x": 2}' http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 new "guest edit nacm"
-expecteq "$(curl -u guest:bar -sS -X PUT -d '{"x": 3}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
+expecteq "$(curl -u guest:bar -sS -X PUT -d '{"x": 3}' http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
 
 new "cli show conf as admin"
 expectfn "$clixon_cli -1 -U andy -l o -f $cfg show conf" 0 "^x 1;$"
diff --git a/test/test_nacm_module_read.sh b/test/test_nacm_module_read.sh
index 47d70163..9883f66e 100755
--- a/test/test_nacm_module_read.sh
+++ b/test/test_nacm_module_read.sh
@@ -153,29 +153,29 @@ new "commit it"
 expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
 
 new "enable nacm"
-expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" ""
+expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 ""
 
 #--------------- nacm enabled
 
 #----READ access
 #user:admin
 new "admin read ok"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" 0 '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
 
'
 
 new "admin read netconf ok"
 expecteof "$clixon_netconf -U andy -qf $cfg" 0 '<rpc><get-config><source><candidate/></source><filter type="xpath" select="/translate"/></get-config></rpc>]]>]]>' '^<rpc-reply><data><translate xmlns="urn:example:clixon"><k>key42</k><value>val42</value></translate><translate xmlns="urn:example:clixon"><k>key43</k><value>val43</value></translate></data></rpc-reply>]]>]]>$'
 
 new "admin read element ok"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" '{"clixon-example:value": "val42"}
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" 0 '{"clixon-example:value": "val42"}
 
'
 
 new "admin read other module OK"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 42}
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 42}
 
'
 
 new "admin read state OK"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" '{"clixon-example:state": {"op": ["42","41","43"]}}
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" 0 '{"clixon-example:state": {"op": ["42","41","43"]}}
 
'
 
 new "admin read top ok (all)"
@@ -189,85 +189,85 @@ fi
 #user:limit
 
 new "limit read ok"
-expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
+expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" 0 '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
 
'
 
 new "limit read netconf ok"
 expecteof "$clixon_netconf -U wilma -qf $cfg" 0 '<rpc><get-config><source><candidate/></source><filter type="xpath" select="/translate"/></get-config></rpc>]]>]]>' '^<rpc-reply><data><translate xmlns="urn:example:clixon"><k>key42</k><value>val42</value></translate><translate xmlns="urn:example:clixon"><k>key43</k><value>val43</value></translate></data></rpc-reply>]]>]]>$'
 
 new "limit read element ok"
-expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" '{"clixon-example:value": "val42"}
+expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" 0 '{"clixon-example:value": "val42"}
 
'
 
 new "limit read other module fail"
-expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 'null
+expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 'null
 
'
 
 new "limit read state OK"
-expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" '{"clixon-example:state": {"op": ["42","41","43"]}}
+expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" 0 '{"clixon-example:state": {"op": ["42","41","43"]}}
 
'
 
 new "limit read top ok (part)"
-expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data)" '{"data": {"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}],"clixon-example:state": {"op": ["42","41","43"]}}}
+expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data)" 0 '{"data": {"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}],"clixon-example:state": {"op": ["42","41","43"]}}}
 
'
 
 #user:guest
 
 new "guest read fail"
-expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 new "guest read netconf fail"
 expecteof "$clixon_netconf -U guest -qf $cfg" 0 '<rpc><get-config><source><candidate/></source><filter type="xpath" select="/translate"/></get-config></rpc>]]>]]>' '^<rpc-reply><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>default deny</error-message></rpc-error></rpc-reply>]]>]]>$'
 
 new "guest read element fail"
-expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate=key42/value)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 new "guest read other module fail"
-expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 new "guest read state fail"
-expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 new "guest read top ok (part)"
-expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 #------- RPC operation
 
 new "admin rpc ok"
-expecteq "$(curl -u andy:bar -s -X POST  -d '{"clixon-example:input":{"x":42}}' http://localhost/restconf/operations/clixon-example:example)" '{"clixon-example:output": {"x": "42","y": "42"}}
+expecteq "$(curl -u andy:bar -s -X POST  -d '{"clixon-example:input":{"x":42}}' http://localhost/restconf/operations/clixon-example:example)" 0 '{"clixon-example:output": {"x": "42","y": "42"}}
 
'
 
 new "admin rpc netconf ok"
-expecteof "$clixon_netconf -U andy -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><x xmlns="urn:example:clixon">0</x><y xmlns="urn:example:clixon">42</y></rpc-reply>]]>]]>$'
+expecteof "$clixon_netconf -U andy -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' 0 '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><x xmlns="urn:example:clixon">0</x><y xmlns="urn:example:clixon">42</y></rpc-reply>]]>]]>$'
 
 new "limit rpc ok"
-expecteq "$(curl -u wilma:bar -s -X POST http://localhost/restconf/operations/clixon-example:example -d '{"clixon-example:input":{"x":42}}' )" '{"clixon-example:output": {"x": "42","y": "42"}}
+expecteq "$(curl -u wilma:bar -s -X POST http://localhost/restconf/operations/clixon-example:example -d '{"clixon-example:input":{"x":42}}' )" 0 '{"clixon-example:output": {"x": "42","y": "42"}}
 
'
 
 new "limit rpc netconf ok"
-expecteof "$clixon_netconf -U wilma -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><x xmlns="urn:example:clixon">0</x><y xmlns="urn:example:clixon">42</y></rpc-reply>]]>]]>$'
+expecteof "$clixon_netconf -U wilma -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' 0 '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><x xmlns="urn:example:clixon">0</x><y xmlns="urn:example:clixon">42</y></rpc-reply>]]>]]>$'
 
 new "guest rpc fail"
-expecteq "$(curl -u guest:bar -s -X POST http://localhost/restconf/operations/clixon-example:example -d '{"clixon-example:input":{"x":42}}' )" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
+expecteq "$(curl -u guest:bar -s -X POST http://localhost/restconf/operations/clixon-example:example -d '{"clixon-example:input":{"x":42}}' )" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
 
 new "guest rpc netconf fail"
-expecteof "$clixon_netconf -U guest -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>access denied</error-message></rpc-error></rpc-reply>]]>]]>$'
+expecteof "$clixon_netconf -U guest -qf $cfg" 0 '<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><example xmlns="urn:example:clixon"><x>0</x></example></rpc>]]>]]>' 0 '^<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>access denied</error-message></rpc-error></rpc-reply>]]>]]>$'
 
 #------------------ Set read-default permit
 
 new "admin set read-default permit"
-expecteq "$(curl -u andy:bar -sS -X PUT -d '{"read-default": "permit"}' http://localhost/restconf/data/ietf-netconf-acm:nacm/read-default)" ""
+expecteq "$(curl -u andy:bar -sS -X PUT -d '{"read-default": "permit"}' http://localhost/restconf/data/ietf-netconf-acm:nacm/read-default)" 0 ""
 
 new "limit read ok"
-expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
+expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/clixon-example:translate)" 0 '{"clixon-example:translate": [{"k": "key42","value": "val42"},{ "k": "key43","value": "val43"}]}
 
'
 
 new "limit read other module ok"
-expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 42}
+expecteq "$(curl -u wilma:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 42}
 
'
 
 new "guest read state fail"
-expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/clixon-example:state)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 
 new "Kill restconf daemon"
diff --git a/test/test_nacm_module_write.sh b/test/test_nacm_module_write.sh
index 76c5f971..e427c7b5 100755
--- a/test/test_nacm_module_write.sh
+++ b/test/test_nacm_module_write.sh
@@ -163,7 +163,7 @@ nacm(){
     expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
 
     new "enable nacm"
-    expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" ""
+    expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 ""
 }
 
 #--------------- enable nacm
@@ -177,80 +177,80 @@ nacm
 
 #----------root
 new "update root list default deny"
-expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data -d '<data><x xmlns="urn:example:nacm">42</x>$RULES</data>')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data -d '<data><x xmlns="urn:example:nacm">42</x>$RULES</data>')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 # replace all, then must include NACM rules as well
 MSG="<data>$RULES</data>"
 new "update root list permit"
-expecteq "$(curl -u andy:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data -d "$MSG")" ''
+expecteq "$(curl -u andy:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data -d "$MSG")" 0 ''
 
 new "delete root list deny"
-expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 new "delete root permit"
-expecteq "$(curl -u andy:bar -sS -X DELETE http://localhost/restconf/data)" ''
+expecteq "$(curl -u andy:bar -sS -X DELETE http://localhost/restconf/data)" 0 ''
 
 #--------------- re-enable nacm
 nacm
 
 #----------leaf
 new "create leaf deny"
-expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">42</x>')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
+expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">42</x>')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
 
 new "create leaf permit"
-expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">42</x>')" ''
+expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">42</x>')" 0 ''
 
 new "update leaf deny"
-expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">99</x>')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
+expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">99</x>')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
 
 new "update leaf permit"
-expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">99</x>')" ''
+expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:x -d '<x xmlns="urn:example:nacm">99</x>')" 0 ''
 
 new "read leaf check"
-expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 99}
+expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 99}
 
'
 
 new "delete leaf deny"
-expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
+expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
 
 new "delete leaf permit"
-expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:x)" ''
+expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:x)" 0 ''
 
 #-----  list/container
 new "create list deny"
-expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>str</c></b></a>')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
+expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>str</c></b></a>')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
 
 new "create list permit"
-expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>str</c></b></a>')" ''
+expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>str</c></b></a>')" 0 ''
 
 new "update list deny"
-expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>update</c></b></a>')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
+expecteq "$(curl -u wilma:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>update</c></b></a>')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
 
 new "update list permit"
-expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>update</c></b></a>')" ''
+expecteq "$(curl -u guest:bar -sS -H 'Content-Type: application/yang-data+xml' -X PUT http://localhost/restconf/data/nacm-example:a=key42 -d '<a xmlns="urn:example:nacm"><k>key42</k><b><c>update</c></b></a>')" 0 ''
 
 new "read list check"
-expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:a)" '{"nacm-example:a": [{"k": "key42","b": {"c": "update"}}]}
+expecteq "$(curl -u guest:bar -sS -X GET http://localhost/restconf/data/nacm-example:a)" 0 '{"nacm-example:a": [{"k": "key42","b": {"c": "update"}}]}
 
'
 
 new "delete list deny"
-expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:a=key42)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
+expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:a=key42)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "access denied"}}}
'
 
 new "delete list permit"
-expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:a=key42)" ''
+expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/nacm-example:a=key42)" 0 ''
 
 #----- default deny (clixon-example limit and guest have default access)
 new "default create list deny"
-expecteq "$(curl -u wilma:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val42"}]}')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u wilma:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val42"}]}')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 new "create list permit"
-expecteq "$(curl -u andy:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val42"}]}')" ''
+expecteq "$(curl -u andy:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val42"}]}')" 0 ''
 
 new "default update list deny"
-expecteq "$(curl -u wilma:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val99"}]}')" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u wilma:bar -sS -X PUT http://localhost/restconf/data/clixon-example:translate=key42 -d '{"clixon-example:translate": [{"k": "key42","value": "val99"}]}')" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 new "default delete list deny"
-expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/clixon-example:translate=key42)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data/clixon-example:translate=key42)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 new "Kill restconf daemon"
 sudo pkill -u www-data -f "/www-data/clixon_restconf"
diff --git a/test/test_nacm_protocol.sh b/test/test_nacm_protocol.sh
index 515eb8f7..5d45f33f 100755
--- a/test/test_nacm_protocol.sh
+++ b/test/test_nacm_protocol.sh
@@ -161,12 +161,12 @@ new "commit it"
 expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
 
 new "enable nacm"
-expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" ""
+expecteq "$(curl -u andy:bar -sS -X PUT -d '{"enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 ""
 
 #--------------- nacm enabled
 
 new "admin get nacm"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" '{"nacm-example:x": 0}
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 '{"nacm-example:x": 0}
 
'
 
 # Rule 1: deny-kill-session
@@ -184,18 +184,18 @@ new "deny-delete-config: limited fail (netconf)"
 expecteof "$clixon_netconf -qf $cfg -U wilma" 0 "<rpc><delete-config><target><startup/></target></delete-config></rpc>]]>]]>" "^<rpc-reply><rpc-error><error-type>application</error-type><error-tag>access-denied</error-tag><error-severity>error</error-severity><error-message>access denied</error-message></rpc-error></rpc-reply>]]>]]>$"
 
 new "deny-delete-config: guest fail (restconf)"
-expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u guest:bar -sS -X DELETE http://localhost/restconf/data)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 # In restconf delete-config is translated to edit-config which is permitted
 new "deny-delete-config: limited fail (restconf) ok"
-expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data)" ''
+expecteq "$(curl -u wilma:bar -sS -X DELETE http://localhost/restconf/data)" 0 ''
 
 new "admin get nacm (should be null)"
-expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 'null
+expecteq "$(curl -u andy:bar -sS -X GET http://localhost/restconf/data/nacm-example:x)" 0 'null
 
'
 
 new "deny-delete-config: admin ok (restconf)"
-expecteq "$(curl -u andy:bar -sS -X DELETE http://localhost/restconf/data)" ''
+expecteq "$(curl -u andy:bar -sS -X DELETE http://localhost/restconf/data)" 0 ''
 
 # Here the whole config is gone so we need to start again
 new "auth set authentication config (restart)"
@@ -205,14 +205,14 @@ new "commit it"
 expecteof "$clixon_netconf -qf $cfg" 0 "<rpc><commit/></rpc>]]>]]>" "^<rpc-reply><ok/></rpc-reply>]]>]]>$"
 
 new "enable nacm"
-expecteq "$(curl -u andy:bar -sS -X PUT -d '{"ietf-netconf-acm:enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" ""
+expecteq "$(curl -u andy:bar -sS -X PUT -d '{"ietf-netconf-acm:enable-nacm": true}' http://localhost/restconf/data/ietf-netconf-acm:nacm/enable-nacm)" 0 ""
 
 # Rule 3: permit-edit-config
 new "permit-edit-config: limited ok restconf"
-expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" ''
+expecteq "$(curl -u wilma:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" 0 ''
 
 new "permit-edit-config: guest fail restconf"
-expecteq "$(curl -u guest:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
+expecteq "$(curl -u guest:bar -sS -X PUT -d '{"nacm-example:x": 2}' http://localhost/restconf/data/nacm-example:x)" 0 '{"ietf-restconf:errors" : {"error": {"error-type": "application","error-tag": "access-denied","error-severity": "error","error-message": "default deny"}}}
'
 
 new "Kill restconf daemon"
 sudo pkill -u www-data -f "/www-data/clixon_restconf"