2 * Copyright (c) 2013 The FreeBSD Foundation
5 * This software was developed by Pawel Jakub Dawidek under sponsorship from
6 * the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
33 #include <sys/types.h>
34 #include <sys/capsicum.h>
35 #include <sys/sysctl.h>
47 #include <libcasper.h>
49 #include <casper/cap_sysctl.h>
52 * We need some sysctls to perform the tests on.
53 * We remember their values and restore them afer the test is done.
55 #define SYSCTL0_PARENT "kern"
56 #define SYSCTL0_NAME "kern.sync_on_panic"
57 #define SYSCTL1_PARENT "debug"
58 #define SYSCTL1_NAME "debug.minidump"
62 #define CHECK(expr) do { \
64 printf("ok %d # %s:%u\n", ntest, __FILE__, __LINE__); \
66 printf("not ok %d # %s:%u\n", ntest, __FILE__, __LINE__); \
70 #define CHECKX(expr) do { \
72 printf("ok %d # %s:%u\n", ntest, __FILE__, __LINE__); \
74 printf("not ok %d # %s:%u\n", ntest, __FILE__, __LINE__); \
81 #define SYSCTL0_READ0 0x0001
82 #define SYSCTL0_READ1 0x0002
83 #define SYSCTL0_READ2 0x0004
84 #define SYSCTL0_WRITE 0x0008
85 #define SYSCTL0_READ_WRITE 0x0010
86 #define SYSCTL1_READ0 0x0020
87 #define SYSCTL1_READ1 0x0040
88 #define SYSCTL1_READ2 0x0080
89 #define SYSCTL1_WRITE 0x0100
90 #define SYSCTL1_READ_WRITE 0x0200
93 runtest(cap_channel_t *capsysctl)
96 int oldvalue, newvalue;
101 oldsize = sizeof(oldvalue);
102 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,
104 if (oldsize == sizeof(oldvalue))
105 result |= SYSCTL0_READ0;
109 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, NULL, NULL, &newvalue,
110 sizeof(newvalue)) == 0) {
111 result |= SYSCTL0_WRITE;
114 if ((result & SYSCTL0_WRITE) != 0) {
115 oldsize = sizeof(oldvalue);
116 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,
117 &oldsize, NULL, 0) == 0) {
118 if (oldsize == sizeof(oldvalue) && oldvalue == 123)
119 result |= SYSCTL0_READ1;
123 oldsize = sizeof(oldvalue);
125 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,
126 &newvalue, sizeof(newvalue)) == 0) {
127 if (oldsize == sizeof(oldvalue) && oldvalue == 123)
128 result |= SYSCTL0_READ_WRITE;
131 if ((result & SYSCTL0_READ_WRITE) != 0) {
132 oldsize = sizeof(oldvalue);
133 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,
134 &oldsize, NULL, 0) == 0) {
135 if (oldsize == sizeof(oldvalue) && oldvalue == 4567)
136 result |= SYSCTL0_READ2;
140 oldsize = sizeof(oldvalue);
141 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,
143 if (oldsize == sizeof(oldvalue))
144 result |= SYSCTL1_READ0;
148 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, NULL, NULL, &newvalue,
149 sizeof(newvalue)) == 0) {
150 result |= SYSCTL1_WRITE;
153 if ((result & SYSCTL1_WRITE) != 0) {
154 oldsize = sizeof(oldvalue);
155 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,
156 &oldsize, NULL, 0) == 0) {
157 if (oldsize == sizeof(oldvalue) && oldvalue == 506)
158 result |= SYSCTL1_READ1;
162 oldsize = sizeof(oldvalue);
164 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,
165 &newvalue, sizeof(newvalue)) == 0) {
166 if (oldsize == sizeof(oldvalue) && oldvalue == 506)
167 result |= SYSCTL1_READ_WRITE;
170 if ((result & SYSCTL1_READ_WRITE) != 0) {
171 oldsize = sizeof(oldvalue);
172 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,
173 &oldsize, NULL, 0) == 0) {
174 if (oldsize == sizeof(oldvalue) && oldvalue == 7008)
175 result |= SYSCTL1_READ2;
183 test_operation(cap_channel_t *origcapsysctl)
185 cap_channel_t *capsysctl;
190 * SYSCTL0_PARENT/RDWR/RECURSIVE
191 * SYSCTL1_PARENT/RDWR/RECURSIVE
194 capsysctl = cap_clone(origcapsysctl);
195 CHECK(capsysctl != NULL);
197 limits = nvlist_create(0);
198 nvlist_add_number(limits, SYSCTL0_PARENT,
199 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
200 nvlist_add_number(limits, SYSCTL1_PARENT,
201 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
202 CHECK(cap_limit_set(capsysctl, limits) == 0);
203 limits = nvlist_create(0);
204 nvlist_add_number(limits, SYSCTL0_PARENT,
205 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
206 nvlist_add_number(limits, SYSCTL1_PARENT,
207 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
208 nvlist_add_number(limits, "foo.bar",
209 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
210 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
211 limits = nvlist_create(0);
212 nvlist_add_number(limits, "foo.bar",
213 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
214 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
216 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
217 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
218 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
219 SYSCTL1_READ_WRITE));
221 limits = nvlist_create(0);
222 nvlist_add_number(limits, SYSCTL0_NAME,
223 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
224 nvlist_add_number(limits, SYSCTL1_NAME,
225 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
226 CHECK(cap_limit_set(capsysctl, limits) == 0);
228 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
229 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
230 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
231 SYSCTL1_READ_WRITE));
233 limits = nvlist_create(0);
234 nvlist_add_number(limits, SYSCTL0_NAME,
235 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
236 nvlist_add_number(limits, SYSCTL1_NAME,
237 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
238 CHECK(cap_limit_set(capsysctl, limits) == 0);
240 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
242 limits = nvlist_create(0);
243 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
244 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
245 CHECK(cap_limit_set(capsysctl, limits) == 0);
247 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
249 limits = nvlist_create(0);
250 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
251 CHECK(cap_limit_set(capsysctl, limits) == 0);
253 CHECK(runtest(capsysctl) == SYSCTL0_READ0);
255 cap_close(capsysctl);
259 * SYSCTL0_NAME/RDWR/RECURSIVE
260 * SYSCTL1_NAME/RDWR/RECURSIVE
263 capsysctl = cap_clone(origcapsysctl);
264 CHECK(capsysctl != NULL);
266 limits = nvlist_create(0);
267 nvlist_add_number(limits, SYSCTL0_NAME,
268 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
269 nvlist_add_number(limits, SYSCTL1_NAME,
270 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
271 CHECK(cap_limit_set(capsysctl, limits) == 0);
272 limits = nvlist_create(0);
273 nvlist_add_number(limits, SYSCTL0_PARENT,
274 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
275 nvlist_add_number(limits, SYSCTL1_PARENT,
276 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
277 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
278 limits = nvlist_create(0);
279 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
280 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
281 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
282 limits = nvlist_create(0);
283 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
284 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
285 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
286 limits = nvlist_create(0);
287 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
288 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
290 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
291 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
292 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
293 SYSCTL1_READ_WRITE));
295 cap_close(capsysctl);
299 * SYSCTL0_PARENT/RDWR
300 * SYSCTL1_PARENT/RDWR
303 capsysctl = cap_clone(origcapsysctl);
304 CHECK(capsysctl != NULL);
306 limits = nvlist_create(0);
307 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
308 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
309 CHECK(cap_limit_set(capsysctl, limits) == 0);
310 limits = nvlist_create(0);
311 nvlist_add_number(limits, SYSCTL0_PARENT,
312 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
313 nvlist_add_number(limits, SYSCTL1_PARENT,
314 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
315 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
316 limits = nvlist_create(0);
317 nvlist_add_number(limits, SYSCTL0_PARENT,
318 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
319 nvlist_add_number(limits, SYSCTL1_PARENT,
320 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
321 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
322 limits = nvlist_create(0);
323 nvlist_add_number(limits, SYSCTL0_PARENT,
324 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
325 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
327 CHECK(runtest(capsysctl) == 0);
329 cap_close(capsysctl);
337 capsysctl = cap_clone(origcapsysctl);
338 CHECK(capsysctl != NULL);
340 limits = nvlist_create(0);
341 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
342 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
343 CHECK(cap_limit_set(capsysctl, limits) == 0);
344 limits = nvlist_create(0);
345 nvlist_add_number(limits, SYSCTL0_PARENT,
346 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
347 nvlist_add_number(limits, SYSCTL1_PARENT,
348 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
349 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
350 limits = nvlist_create(0);
351 nvlist_add_number(limits, SYSCTL0_PARENT,
352 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
353 nvlist_add_number(limits, SYSCTL1_PARENT,
354 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
355 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
356 limits = nvlist_create(0);
357 nvlist_add_number(limits, SYSCTL1_PARENT,
358 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
359 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
361 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
362 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
363 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
364 SYSCTL1_READ_WRITE));
366 cap_close(capsysctl);
370 * SYSCTL0_PARENT/RDWR
371 * SYSCTL1_PARENT/RDWR/RECURSIVE
374 capsysctl = cap_clone(origcapsysctl);
375 CHECK(capsysctl != NULL);
377 limits = nvlist_create(0);
378 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
379 nvlist_add_number(limits, SYSCTL1_PARENT,
380 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
381 CHECK(cap_limit_set(capsysctl, limits) == 0);
382 limits = nvlist_create(0);
383 nvlist_add_number(limits, SYSCTL0_PARENT,
384 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
385 nvlist_add_number(limits, SYSCTL1_PARENT,
386 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
387 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
388 limits = nvlist_create(0);
389 nvlist_add_number(limits, SYSCTL0_PARENT,
390 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
391 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
392 limits = nvlist_create(0);
393 nvlist_add_number(limits, SYSCTL0_PARENT,
394 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
395 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
396 limits = nvlist_create(0);
397 nvlist_add_number(limits, SYSCTL0_NAME,
398 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
399 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
401 CHECK(runtest(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
402 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
404 cap_close(capsysctl);
409 * SYSCTL1_NAME/RDWR/RECURSIVE
412 capsysctl = cap_clone(origcapsysctl);
413 CHECK(capsysctl != NULL);
415 limits = nvlist_create(0);
416 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
417 nvlist_add_number(limits, SYSCTL1_NAME,
418 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
419 CHECK(cap_limit_set(capsysctl, limits) == 0);
420 limits = nvlist_create(0);
421 nvlist_add_number(limits, SYSCTL0_NAME,
422 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
423 nvlist_add_number(limits, SYSCTL1_NAME,
424 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
425 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
426 limits = nvlist_create(0);
427 nvlist_add_number(limits, SYSCTL0_NAME,
428 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
429 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
430 limits = nvlist_create(0);
431 nvlist_add_number(limits, SYSCTL0_NAME,
432 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
433 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
435 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
436 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
437 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
438 SYSCTL1_READ_WRITE));
440 cap_close(capsysctl);
444 * SYSCTL0_PARENT/READ/RECURSIVE
445 * SYSCTL1_PARENT/READ/RECURSIVE
448 capsysctl = cap_clone(origcapsysctl);
449 CHECK(capsysctl != NULL);
451 limits = nvlist_create(0);
452 nvlist_add_number(limits, SYSCTL0_PARENT,
453 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
454 nvlist_add_number(limits, SYSCTL1_PARENT,
455 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
456 CHECK(cap_limit_set(capsysctl, limits) == 0);
457 limits = nvlist_create(0);
458 nvlist_add_number(limits, SYSCTL0_PARENT,
459 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
460 nvlist_add_number(limits, SYSCTL1_PARENT,
461 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
462 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
463 limits = nvlist_create(0);
464 nvlist_add_number(limits, SYSCTL0_PARENT,
465 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
466 nvlist_add_number(limits, SYSCTL1_PARENT,
467 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
468 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
469 limits = nvlist_create(0);
470 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
471 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
472 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
473 limits = nvlist_create(0);
474 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
475 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
476 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
477 limits = nvlist_create(0);
478 nvlist_add_number(limits, SYSCTL0_PARENT,
479 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
480 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
481 limits = nvlist_create(0);
482 nvlist_add_number(limits, SYSCTL1_PARENT,
483 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
484 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
485 limits = nvlist_create(0);
486 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
487 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
488 limits = nvlist_create(0);
489 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
490 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
492 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
494 cap_close(capsysctl);
498 * SYSCTL0_NAME/READ/RECURSIVE
499 * SYSCTL1_NAME/READ/RECURSIVE
502 capsysctl = cap_clone(origcapsysctl);
503 CHECK(capsysctl != NULL);
505 limits = nvlist_create(0);
506 nvlist_add_number(limits, SYSCTL0_NAME,
507 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
508 nvlist_add_number(limits, SYSCTL1_NAME,
509 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
510 CHECK(cap_limit_set(capsysctl, limits) == 0);
511 limits = nvlist_create(0);
512 nvlist_add_number(limits, SYSCTL0_NAME,
513 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
514 nvlist_add_number(limits, SYSCTL1_NAME,
515 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
516 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
517 limits = nvlist_create(0);
518 nvlist_add_number(limits, SYSCTL0_NAME,
519 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
520 nvlist_add_number(limits, SYSCTL1_NAME,
521 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
522 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
523 limits = nvlist_create(0);
524 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
525 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
526 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
527 limits = nvlist_create(0);
528 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
529 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
530 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
531 limits = nvlist_create(0);
532 nvlist_add_number(limits, SYSCTL0_NAME,
533 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
534 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
535 limits = nvlist_create(0);
536 nvlist_add_number(limits, SYSCTL1_NAME,
537 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
538 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
539 limits = nvlist_create(0);
540 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
541 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
542 limits = nvlist_create(0);
543 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
544 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
546 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
548 cap_close(capsysctl);
552 * SYSCTL0_PARENT/READ
553 * SYSCTL1_PARENT/READ
556 capsysctl = cap_clone(origcapsysctl);
557 CHECK(capsysctl != NULL);
559 limits = nvlist_create(0);
560 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
561 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
562 CHECK(cap_limit_set(capsysctl, limits) == 0);
563 limits = nvlist_create(0);
564 nvlist_add_number(limits, SYSCTL0_PARENT,
565 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
566 nvlist_add_number(limits, SYSCTL1_PARENT,
567 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
568 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
569 limits = nvlist_create(0);
570 nvlist_add_number(limits, SYSCTL0_PARENT,
571 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
572 nvlist_add_number(limits, SYSCTL1_PARENT,
573 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
574 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
575 limits = nvlist_create(0);
576 nvlist_add_number(limits, SYSCTL0_PARENT,
577 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
578 nvlist_add_number(limits, SYSCTL1_PARENT,
579 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
580 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
581 limits = nvlist_create(0);
582 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
583 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
584 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
585 limits = nvlist_create(0);
586 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
587 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
588 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
589 limits = nvlist_create(0);
590 nvlist_add_number(limits, SYSCTL0_PARENT,
591 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
592 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
593 limits = nvlist_create(0);
594 nvlist_add_number(limits, SYSCTL1_PARENT,
595 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
596 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
597 limits = nvlist_create(0);
598 nvlist_add_number(limits, SYSCTL0_PARENT,
599 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
600 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
601 limits = nvlist_create(0);
602 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
603 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
604 limits = nvlist_create(0);
605 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
606 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
608 CHECK(runtest(capsysctl) == 0);
610 cap_close(capsysctl);
618 capsysctl = cap_clone(origcapsysctl);
619 CHECK(capsysctl != NULL);
621 limits = nvlist_create(0);
622 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
623 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
624 CHECK(cap_limit_set(capsysctl, limits) == 0);
625 limits = nvlist_create(0);
626 nvlist_add_number(limits, SYSCTL0_NAME,
627 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
628 nvlist_add_number(limits, SYSCTL1_NAME,
629 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
630 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
631 limits = nvlist_create(0);
632 nvlist_add_number(limits, SYSCTL0_NAME,
633 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
634 nvlist_add_number(limits, SYSCTL1_NAME,
635 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
636 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
637 limits = nvlist_create(0);
638 nvlist_add_number(limits, SYSCTL0_NAME,
639 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
640 nvlist_add_number(limits, SYSCTL1_NAME,
641 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
642 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
643 limits = nvlist_create(0);
644 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
645 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
646 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
647 limits = nvlist_create(0);
648 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
649 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
650 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
651 limits = nvlist_create(0);
652 nvlist_add_number(limits, SYSCTL0_NAME,
653 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
654 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
655 limits = nvlist_create(0);
656 nvlist_add_number(limits, SYSCTL1_NAME,
657 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
658 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
659 limits = nvlist_create(0);
660 nvlist_add_number(limits, SYSCTL0_NAME,
661 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
662 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
663 limits = nvlist_create(0);
664 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
665 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
666 limits = nvlist_create(0);
667 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
668 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
670 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
672 cap_close(capsysctl);
676 * SYSCTL0_PARENT/READ
677 * SYSCTL1_PARENT/READ/RECURSIVE
680 capsysctl = cap_clone(origcapsysctl);
681 CHECK(capsysctl != NULL);
683 limits = nvlist_create(0);
684 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
685 nvlist_add_number(limits, SYSCTL1_PARENT,
686 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
687 CHECK(cap_limit_set(capsysctl, limits) == 0);
688 limits = nvlist_create(0);
689 nvlist_add_number(limits, SYSCTL0_PARENT,
690 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
691 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
692 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
694 CHECK(runtest(capsysctl) == SYSCTL1_READ0);
696 cap_close(capsysctl);
701 * SYSCTL1_NAME/READ/RECURSIVE
704 capsysctl = cap_clone(origcapsysctl);
705 CHECK(capsysctl != NULL);
707 limits = nvlist_create(0);
708 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
709 nvlist_add_number(limits, SYSCTL1_NAME,
710 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
711 CHECK(cap_limit_set(capsysctl, limits) == 0);
712 limits = nvlist_create(0);
713 nvlist_add_number(limits, SYSCTL0_NAME,
714 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
715 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
716 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
718 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
720 cap_close(capsysctl);
724 * SYSCTL0_PARENT/WRITE/RECURSIVE
725 * SYSCTL1_PARENT/WRITE/RECURSIVE
728 capsysctl = cap_clone(origcapsysctl);
729 CHECK(capsysctl != NULL);
731 limits = nvlist_create(0);
732 nvlist_add_number(limits, SYSCTL0_PARENT,
733 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
734 nvlist_add_number(limits, SYSCTL1_PARENT,
735 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
736 CHECK(cap_limit_set(capsysctl, limits) == 0);
737 limits = nvlist_create(0);
738 nvlist_add_number(limits, SYSCTL0_PARENT,
739 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
740 nvlist_add_number(limits, SYSCTL1_PARENT,
741 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
742 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
743 limits = nvlist_create(0);
744 nvlist_add_number(limits, SYSCTL0_PARENT,
745 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
746 nvlist_add_number(limits, SYSCTL1_PARENT,
747 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
748 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
749 limits = nvlist_create(0);
750 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
751 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
752 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
753 limits = nvlist_create(0);
754 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
755 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
756 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
757 limits = nvlist_create(0);
758 nvlist_add_number(limits, SYSCTL0_PARENT,
759 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
760 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
761 limits = nvlist_create(0);
762 nvlist_add_number(limits, SYSCTL1_PARENT,
763 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
764 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
765 limits = nvlist_create(0);
766 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
767 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
768 limits = nvlist_create(0);
769 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
770 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
772 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
774 cap_close(capsysctl);
778 * SYSCTL0_NAME/WRITE/RECURSIVE
779 * SYSCTL1_NAME/WRITE/RECURSIVE
782 capsysctl = cap_clone(origcapsysctl);
783 CHECK(capsysctl != NULL);
785 limits = nvlist_create(0);
786 nvlist_add_number(limits, SYSCTL0_NAME,
787 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
788 nvlist_add_number(limits, SYSCTL1_NAME,
789 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
790 CHECK(cap_limit_set(capsysctl, limits) == 0);
791 limits = nvlist_create(0);
792 nvlist_add_number(limits, SYSCTL0_NAME,
793 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
794 nvlist_add_number(limits, SYSCTL1_NAME,
795 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
796 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
797 limits = nvlist_create(0);
798 nvlist_add_number(limits, SYSCTL0_NAME,
799 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
800 nvlist_add_number(limits, SYSCTL1_NAME,
801 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
802 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
803 limits = nvlist_create(0);
804 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
805 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
806 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
807 limits = nvlist_create(0);
808 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
809 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
810 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
811 limits = nvlist_create(0);
812 nvlist_add_number(limits, SYSCTL0_NAME,
813 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
814 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
815 limits = nvlist_create(0);
816 nvlist_add_number(limits, SYSCTL1_NAME,
817 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
818 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
819 limits = nvlist_create(0);
820 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
821 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
822 limits = nvlist_create(0);
823 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
824 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
826 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
828 cap_close(capsysctl);
832 * SYSCTL0_PARENT/WRITE
833 * SYSCTL1_PARENT/WRITE
836 capsysctl = cap_clone(origcapsysctl);
837 CHECK(capsysctl != NULL);
839 limits = nvlist_create(0);
840 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
841 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
842 CHECK(cap_limit_set(capsysctl, limits) == 0);
843 limits = nvlist_create(0);
844 nvlist_add_number(limits, SYSCTL0_PARENT,
845 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
846 nvlist_add_number(limits, SYSCTL1_PARENT,
847 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
848 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
849 limits = nvlist_create(0);
850 nvlist_add_number(limits, SYSCTL0_PARENT,
851 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
852 nvlist_add_number(limits, SYSCTL1_PARENT,
853 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
854 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
855 limits = nvlist_create(0);
856 nvlist_add_number(limits, SYSCTL0_PARENT,
857 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
858 nvlist_add_number(limits, SYSCTL1_PARENT,
859 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
860 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
861 limits = nvlist_create(0);
862 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
863 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
864 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
865 limits = nvlist_create(0);
866 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
867 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
868 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
869 limits = nvlist_create(0);
870 nvlist_add_number(limits, SYSCTL0_PARENT,
871 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
872 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
873 limits = nvlist_create(0);
874 nvlist_add_number(limits, SYSCTL1_PARENT,
875 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
876 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
877 limits = nvlist_create(0);
878 nvlist_add_number(limits, SYSCTL0_PARENT,
879 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
880 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
881 limits = nvlist_create(0);
882 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
883 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
884 limits = nvlist_create(0);
885 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
886 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
888 CHECK(runtest(capsysctl) == 0);
890 cap_close(capsysctl);
898 capsysctl = cap_clone(origcapsysctl);
899 CHECK(capsysctl != NULL);
901 limits = nvlist_create(0);
902 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
903 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
904 CHECK(cap_limit_set(capsysctl, limits) == 0);
905 limits = nvlist_create(0);
906 nvlist_add_number(limits, SYSCTL0_NAME,
907 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
908 nvlist_add_number(limits, SYSCTL1_NAME,
909 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
910 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
911 limits = nvlist_create(0);
912 nvlist_add_number(limits, SYSCTL0_NAME,
913 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
914 nvlist_add_number(limits, SYSCTL1_NAME,
915 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
916 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
917 limits = nvlist_create(0);
918 nvlist_add_number(limits, SYSCTL0_NAME,
919 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
920 nvlist_add_number(limits, SYSCTL1_NAME,
921 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
922 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
923 limits = nvlist_create(0);
924 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
925 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
926 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
927 limits = nvlist_create(0);
928 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
929 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
930 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
931 limits = nvlist_create(0);
932 nvlist_add_number(limits, SYSCTL0_NAME,
933 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
934 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
935 limits = nvlist_create(0);
936 nvlist_add_number(limits, SYSCTL1_NAME,
937 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
938 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
939 limits = nvlist_create(0);
940 nvlist_add_number(limits, SYSCTL0_NAME,
941 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
942 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
943 limits = nvlist_create(0);
944 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
945 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
946 limits = nvlist_create(0);
947 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
948 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
950 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
952 cap_close(capsysctl);
956 * SYSCTL0_PARENT/WRITE
957 * SYSCTL1_PARENT/WRITE/RECURSIVE
960 capsysctl = cap_clone(origcapsysctl);
961 CHECK(capsysctl != NULL);
963 limits = nvlist_create(0);
964 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
965 nvlist_add_number(limits, SYSCTL1_PARENT,
966 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
967 CHECK(cap_limit_set(capsysctl, limits) == 0);
968 limits = nvlist_create(0);
969 nvlist_add_number(limits, SYSCTL0_PARENT,
970 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
971 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
972 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
974 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
976 cap_close(capsysctl);
981 * SYSCTL1_NAME/WRITE/RECURSIVE
984 capsysctl = cap_clone(origcapsysctl);
985 CHECK(capsysctl != NULL);
987 limits = nvlist_create(0);
988 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
989 nvlist_add_number(limits, SYSCTL1_NAME,
990 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
991 CHECK(cap_limit_set(capsysctl, limits) == 0);
992 limits = nvlist_create(0);
993 nvlist_add_number(limits, SYSCTL0_NAME,
994 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
995 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
996 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
998 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
1000 cap_close(capsysctl);
1004 * SYSCTL0_PARENT/READ/RECURSIVE
1005 * SYSCTL1_PARENT/WRITE/RECURSIVE
1008 capsysctl = cap_clone(origcapsysctl);
1009 CHECK(capsysctl != NULL);
1011 limits = nvlist_create(0);
1012 nvlist_add_number(limits, SYSCTL0_PARENT,
1013 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1014 nvlist_add_number(limits, SYSCTL1_PARENT,
1015 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1016 CHECK(cap_limit_set(capsysctl, limits) == 0);
1018 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1020 cap_close(capsysctl);
1024 * SYSCTL0_NAME/READ/RECURSIVE
1025 * SYSCTL1_NAME/WRITE/RECURSIVE
1028 capsysctl = cap_clone(origcapsysctl);
1029 CHECK(capsysctl != NULL);
1031 limits = nvlist_create(0);
1032 nvlist_add_number(limits, SYSCTL0_NAME,
1033 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1034 nvlist_add_number(limits, SYSCTL1_NAME,
1035 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1036 CHECK(cap_limit_set(capsysctl, limits) == 0);
1038 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1040 cap_close(capsysctl);
1044 * SYSCTL0_PARENT/READ
1045 * SYSCTL1_PARENT/WRITE
1048 capsysctl = cap_clone(origcapsysctl);
1049 CHECK(capsysctl != NULL);
1051 limits = nvlist_create(0);
1052 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1053 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1054 CHECK(cap_limit_set(capsysctl, limits) == 0);
1056 CHECK(runtest(capsysctl) == 0);
1058 cap_close(capsysctl);
1063 * SYSCTL1_NAME/WRITE
1066 capsysctl = cap_clone(origcapsysctl);
1067 CHECK(capsysctl != NULL);
1069 limits = nvlist_create(0);
1070 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1071 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1072 CHECK(cap_limit_set(capsysctl, limits) == 0);
1074 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1076 cap_close(capsysctl);
1080 * SYSCTL0_PARENT/READ
1081 * SYSCTL1_PARENT/WRITE/RECURSIVE
1084 capsysctl = cap_clone(origcapsysctl);
1085 CHECK(capsysctl != NULL);
1087 limits = nvlist_create(0);
1088 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1089 nvlist_add_number(limits, SYSCTL1_PARENT,
1090 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1091 CHECK(cap_limit_set(capsysctl, limits) == 0);
1093 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
1095 cap_close(capsysctl);
1100 * SYSCTL1_NAME/WRITE/RECURSIVE
1103 capsysctl = cap_clone(origcapsysctl);
1104 CHECK(capsysctl != NULL);
1106 limits = nvlist_create(0);
1107 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1108 nvlist_add_number(limits, SYSCTL1_NAME,
1109 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1110 CHECK(cap_limit_set(capsysctl, limits) == 0);
1112 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1114 cap_close(capsysctl);
1118 test_names(cap_channel_t *origcapsysctl)
1120 cap_channel_t *capsysctl;
1125 * SYSCTL0_PARENT/READ/RECURSIVE
1128 capsysctl = cap_clone(origcapsysctl);
1129 CHECK(capsysctl != NULL);
1131 limits = nvlist_create(0);
1132 nvlist_add_number(limits, SYSCTL0_PARENT,
1133 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1134 CHECK(cap_limit_set(capsysctl, limits) == 0);
1135 limits = nvlist_create(0);
1136 nvlist_add_number(limits, SYSCTL0_PARENT,
1137 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1138 nvlist_add_number(limits, SYSCTL1_PARENT,
1139 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1140 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1141 limits = nvlist_create(0);
1142 nvlist_add_number(limits, SYSCTL1_PARENT,
1143 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1144 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1145 limits = nvlist_create(0);
1146 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1147 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1148 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1149 limits = nvlist_create(0);
1150 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1151 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1153 CHECK(runtest(capsysctl) == SYSCTL0_READ0);
1155 cap_close(capsysctl);
1159 * SYSCTL1_NAME/READ/RECURSIVE
1162 capsysctl = cap_clone(origcapsysctl);
1163 CHECK(capsysctl != NULL);
1165 limits = nvlist_create(0);
1166 nvlist_add_number(limits, SYSCTL1_NAME,
1167 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1168 CHECK(cap_limit_set(capsysctl, limits) == 0);
1169 limits = nvlist_create(0);
1170 nvlist_add_number(limits, SYSCTL0_NAME,
1171 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1172 nvlist_add_number(limits, SYSCTL1_NAME,
1173 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1174 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1175 limits = nvlist_create(0);
1176 nvlist_add_number(limits, SYSCTL0_NAME,
1177 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1178 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1179 limits = nvlist_create(0);
1180 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1181 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1182 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1183 limits = nvlist_create(0);
1184 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1185 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1187 CHECK(runtest(capsysctl) == SYSCTL1_READ0);
1189 cap_close(capsysctl);
1193 * SYSCTL0_PARENT/WRITE/RECURSIVE
1196 capsysctl = cap_clone(origcapsysctl);
1197 CHECK(capsysctl != NULL);
1199 limits = nvlist_create(0);
1200 nvlist_add_number(limits, SYSCTL0_PARENT,
1201 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1202 CHECK(cap_limit_set(capsysctl, limits) == 0);
1203 limits = nvlist_create(0);
1204 nvlist_add_number(limits, SYSCTL0_PARENT,
1205 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1206 nvlist_add_number(limits, SYSCTL1_PARENT,
1207 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1208 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1209 limits = nvlist_create(0);
1210 nvlist_add_number(limits, SYSCTL1_PARENT,
1211 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1212 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1213 limits = nvlist_create(0);
1214 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1215 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1216 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1217 limits = nvlist_create(0);
1218 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1219 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1221 CHECK(runtest(capsysctl) == SYSCTL0_WRITE);
1223 cap_close(capsysctl);
1227 * SYSCTL1_NAME/WRITE/RECURSIVE
1230 capsysctl = cap_clone(origcapsysctl);
1231 CHECK(capsysctl != NULL);
1233 limits = nvlist_create(0);
1234 nvlist_add_number(limits, SYSCTL1_NAME,
1235 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1236 CHECK(cap_limit_set(capsysctl, limits) == 0);
1237 limits = nvlist_create(0);
1238 nvlist_add_number(limits, SYSCTL0_NAME,
1239 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1240 nvlist_add_number(limits, SYSCTL1_NAME,
1241 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1242 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1243 limits = nvlist_create(0);
1244 nvlist_add_number(limits, SYSCTL0_NAME,
1245 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1246 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1247 limits = nvlist_create(0);
1248 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1249 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1250 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1251 limits = nvlist_create(0);
1252 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1253 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1255 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
1257 cap_close(capsysctl);
1261 * SYSCTL0_PARENT/RDWR/RECURSIVE
1264 capsysctl = cap_clone(origcapsysctl);
1265 CHECK(capsysctl != NULL);
1267 limits = nvlist_create(0);
1268 nvlist_add_number(limits, SYSCTL0_PARENT,
1269 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1270 CHECK(cap_limit_set(capsysctl, limits) == 0);
1271 limits = nvlist_create(0);
1272 nvlist_add_number(limits, SYSCTL0_PARENT,
1273 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1274 nvlist_add_number(limits, SYSCTL1_PARENT,
1275 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1276 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1277 limits = nvlist_create(0);
1278 nvlist_add_number(limits, SYSCTL1_PARENT,
1279 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1280 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1281 limits = nvlist_create(0);
1282 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1283 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1284 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1285 limits = nvlist_create(0);
1286 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1287 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1289 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
1290 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE));
1292 cap_close(capsysctl);
1296 * SYSCTL1_NAME/RDWR/RECURSIVE
1299 capsysctl = cap_clone(origcapsysctl);
1300 CHECK(capsysctl != NULL);
1302 limits = nvlist_create(0);
1303 nvlist_add_number(limits, SYSCTL1_NAME,
1304 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1305 CHECK(cap_limit_set(capsysctl, limits) == 0);
1306 limits = nvlist_create(0);
1307 nvlist_add_number(limits, SYSCTL0_NAME,
1308 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1309 nvlist_add_number(limits, SYSCTL1_NAME,
1310 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1311 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1312 limits = nvlist_create(0);
1313 nvlist_add_number(limits, SYSCTL0_NAME,
1314 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1315 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1316 limits = nvlist_create(0);
1317 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1318 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1319 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1320 limits = nvlist_create(0);
1321 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1322 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1324 CHECK(runtest(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
1325 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
1327 cap_close(capsysctl);
1331 * SYSCTL0_PARENT/READ
1334 capsysctl = cap_clone(origcapsysctl);
1335 CHECK(capsysctl != NULL);
1337 limits = nvlist_create(0);
1338 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1339 CHECK(cap_limit_set(capsysctl, limits) == 0);
1340 limits = nvlist_create(0);
1341 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1342 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1343 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1344 limits = nvlist_create(0);
1345 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1346 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1348 CHECK(runtest(capsysctl) == 0);
1350 cap_close(capsysctl);
1357 capsysctl = cap_clone(origcapsysctl);
1358 CHECK(capsysctl != NULL);
1360 limits = nvlist_create(0);
1361 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1362 CHECK(cap_limit_set(capsysctl, limits) == 0);
1363 limits = nvlist_create(0);
1364 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1365 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1366 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1367 limits = nvlist_create(0);
1368 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1369 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1371 CHECK(runtest(capsysctl) == SYSCTL1_READ0);
1373 cap_close(capsysctl);
1377 * SYSCTL0_PARENT/WRITE
1380 capsysctl = cap_clone(origcapsysctl);
1381 CHECK(capsysctl != NULL);
1383 limits = nvlist_create(0);
1384 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1385 CHECK(cap_limit_set(capsysctl, limits) == 0);
1386 limits = nvlist_create(0);
1387 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1388 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1389 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1390 limits = nvlist_create(0);
1391 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1392 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1394 CHECK(runtest(capsysctl) == 0);
1396 cap_close(capsysctl);
1400 * SYSCTL1_NAME/WRITE
1403 capsysctl = cap_clone(origcapsysctl);
1404 CHECK(capsysctl != NULL);
1406 limits = nvlist_create(0);
1407 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1408 CHECK(cap_limit_set(capsysctl, limits) == 0);
1409 limits = nvlist_create(0);
1410 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1411 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1412 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1413 limits = nvlist_create(0);
1414 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1415 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1417 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
1419 cap_close(capsysctl);
1423 * SYSCTL0_PARENT/RDWR
1426 capsysctl = cap_clone(origcapsysctl);
1427 CHECK(capsysctl != NULL);
1429 limits = nvlist_create(0);
1430 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
1431 CHECK(cap_limit_set(capsysctl, limits) == 0);
1432 limits = nvlist_create(0);
1433 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
1434 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
1435 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1436 limits = nvlist_create(0);
1437 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
1438 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1440 CHECK(runtest(capsysctl) == 0);
1442 cap_close(capsysctl);
1449 capsysctl = cap_clone(origcapsysctl);
1450 CHECK(capsysctl != NULL);
1452 limits = nvlist_create(0);
1453 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1454 CHECK(cap_limit_set(capsysctl, limits) == 0);
1455 limits = nvlist_create(0);
1456 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1457 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1458 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1459 limits = nvlist_create(0);
1460 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1461 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1463 CHECK(runtest(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
1464 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
1466 cap_close(capsysctl);
1472 cap_channel_t *capcas, *capsysctl;
1473 int scvalue0, scvalue1;
1479 scsize = sizeof(scvalue0);
1480 CHECKX(sysctlbyname(SYSCTL0_NAME, &scvalue0, &scsize, NULL, 0) == 0);
1481 CHECKX(scsize == sizeof(scvalue0));
1482 scsize = sizeof(scvalue1);
1483 CHECKX(sysctlbyname(SYSCTL1_NAME, &scvalue1, &scsize, NULL, 0) == 0);
1484 CHECKX(scsize == sizeof(scvalue1));
1486 capcas = cap_init();
1487 CHECKX(capcas != NULL);
1489 capsysctl = cap_service_open(capcas, "system.sysctl");
1490 CHECKX(capsysctl != NULL);
1494 /* No limits set. */
1496 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
1497 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
1498 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
1499 SYSCTL1_READ_WRITE));
1501 test_operation(capsysctl);
1503 test_names(capsysctl);
1505 cap_close(capsysctl);
1507 CHECK(sysctlbyname(SYSCTL0_NAME, NULL, NULL, &scvalue0,
1508 sizeof(scvalue0)) == 0);
1509 CHECK(sysctlbyname(SYSCTL1_NAME, NULL, NULL, &scvalue1,
1510 sizeof(scvalue1)) == 0);
projects / FreeBSD / FreeBSD.git / blob