2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2013, 2018 The FreeBSD Foundation
7 * This software was developed by Pawel Jakub Dawidek under sponsorship from
8 * the FreeBSD Foundation.
10 * Portions of this software were developed by Mark Johnston
11 * under sponsorship from the FreeBSD Foundation.
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <sys/cdefs.h>
36 #include <sys/types.h>
37 #include <sys/capsicum.h>
38 #include <sys/sysctl.h>
50 #include <libcasper.h>
51 #include <casper/cap_sysctl.h>
56 * We need some sysctls to perform the tests on.
57 * We remember their values and restore them afer the test is done.
59 #define SYSCTL0_PARENT "kern"
60 #define SYSCTL0_NAME "kern.sync_on_panic"
61 #define SYSCTL0_FILE "./sysctl0"
62 #define SYSCTL1_PARENT "debug"
63 #define SYSCTL1_NAME "debug.minidump"
64 #define SYSCTL1_FILE "./sysctl1"
66 #define SYSCTL0_READ0 0x0001
67 #define SYSCTL0_READ1 0x0002
68 #define SYSCTL0_READ2 0x0004
69 #define SYSCTL0_WRITE 0x0008
70 #define SYSCTL0_READ_WRITE 0x0010
71 #define SYSCTL1_READ0 0x0020
72 #define SYSCTL1_READ1 0x0040
73 #define SYSCTL1_READ2 0x0080
74 #define SYSCTL1_WRITE 0x0100
75 #define SYSCTL1_READ_WRITE 0x0200
78 save_int_sysctl(const char *name, const char *file)
85 error = sysctlbyname(name, &val, &sz, NULL, 0);
86 ATF_REQUIRE_MSG(error == 0,
87 "sysctlbyname(%s): %s", name, strerror(errno));
89 fd = open(file, O_CREAT | O_WRONLY, 0600);
90 ATF_REQUIRE_MSG(fd >= 0, "open(%s): %s", file, strerror(errno));
91 n = write(fd, &val, sz);
92 ATF_REQUIRE(n >= 0 && (size_t)n == sz);
94 ATF_REQUIRE(error == 0);
98 restore_int_sysctl(const char *name, const char *file)
104 fd = open(file, O_RDONLY);
105 ATF_REQUIRE(fd >= 0);
107 n = read(fd, &val, sz);
108 ATF_REQUIRE(n >= 0 && (size_t)n == sz);
109 error = unlink(file);
110 ATF_REQUIRE(error == 0);
112 ATF_REQUIRE(error == 0);
114 error = sysctlbyname(name, NULL, NULL, &val, sz);
115 ATF_REQUIRE_MSG(error == 0,
116 "sysctlbyname(%s): %s", name, strerror(errno));
119 static cap_channel_t *
122 cap_channel_t *capcas, *capsysctl;
124 save_int_sysctl(SYSCTL0_NAME, SYSCTL0_FILE);
125 save_int_sysctl(SYSCTL1_NAME, SYSCTL1_FILE);
128 ATF_REQUIRE(capcas != NULL);
130 capsysctl = cap_service_open(capcas, "system.sysctl");
131 ATF_REQUIRE(capsysctl != NULL);
142 restore_int_sysctl(SYSCTL0_NAME, SYSCTL0_FILE);
143 restore_int_sysctl(SYSCTL1_NAME, SYSCTL1_FILE);
147 checkcaps(cap_channel_t *capsysctl)
150 size_t len0, len1, oldsize;
151 int error, mib0[2], mib1[2], oldvalue, newvalue;
156 ATF_REQUIRE(sysctlnametomib(SYSCTL0_NAME, mib0, &len0) == 0);
158 ATF_REQUIRE(sysctlnametomib(SYSCTL1_NAME, mib1, &len1) == 0);
160 oldsize = sizeof(oldvalue);
161 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,
163 if (oldsize == sizeof(oldvalue))
164 result |= SYSCTL0_READ0;
166 error = cap_sysctl(capsysctl, mib0, len0, &oldvalue, &oldsize, NULL, 0);
167 if ((result & SYSCTL0_READ0) != 0)
168 ATF_REQUIRE(error == 0);
170 ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);
173 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, NULL, NULL, &newvalue,
174 sizeof(newvalue)) == 0) {
175 result |= SYSCTL0_WRITE;
178 if ((result & SYSCTL0_WRITE) != 0) {
179 oldsize = sizeof(oldvalue);
180 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,
181 &oldsize, NULL, 0) == 0) {
182 if (oldsize == sizeof(oldvalue) && oldvalue == 123)
183 result |= SYSCTL0_READ1;
187 error = cap_sysctl(capsysctl, mib0, len0, NULL, NULL,
188 &newvalue, sizeof(newvalue));
189 if ((result & SYSCTL0_WRITE) != 0)
190 ATF_REQUIRE(error == 0);
192 ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);
194 oldsize = sizeof(oldvalue);
196 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,
197 &newvalue, sizeof(newvalue)) == 0) {
198 if (oldsize == sizeof(oldvalue) && oldvalue == 123)
199 result |= SYSCTL0_READ_WRITE;
202 if ((result & SYSCTL0_READ_WRITE) != 0) {
203 oldsize = sizeof(oldvalue);
204 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,
205 &oldsize, NULL, 0) == 0) {
206 if (oldsize == sizeof(oldvalue) && oldvalue == 4567)
207 result |= SYSCTL0_READ2;
211 oldsize = sizeof(oldvalue);
212 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,
214 if (oldsize == sizeof(oldvalue))
215 result |= SYSCTL1_READ0;
217 error = cap_sysctl(capsysctl, mib1, len1, &oldvalue, &oldsize, NULL, 0);
218 if ((result & SYSCTL1_READ0) != 0)
219 ATF_REQUIRE(error == 0);
221 ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);
224 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, NULL, NULL, &newvalue,
225 sizeof(newvalue)) == 0) {
226 result |= SYSCTL1_WRITE;
229 if ((result & SYSCTL1_WRITE) != 0) {
231 ATF_REQUIRE(cap_sysctl(capsysctl, mib1, len1, NULL, NULL,
232 &newvalue, sizeof(newvalue)) == 0);
234 oldsize = sizeof(oldvalue);
235 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,
236 &oldsize, NULL, 0) == 0) {
237 if (oldsize == sizeof(oldvalue) && oldvalue == 506)
238 result |= SYSCTL1_READ1;
242 error = cap_sysctl(capsysctl, mib1, len1, NULL, NULL,
243 &newvalue, sizeof(newvalue));
244 if ((result & SYSCTL1_WRITE) != 0)
245 ATF_REQUIRE(error == 0);
247 ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);
249 oldsize = sizeof(oldvalue);
251 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,
252 &newvalue, sizeof(newvalue)) == 0) {
253 if (oldsize == sizeof(oldvalue) && oldvalue == 506)
254 result |= SYSCTL1_READ_WRITE;
257 if ((result & SYSCTL1_READ_WRITE) != 0) {
258 oldsize = sizeof(oldvalue);
259 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,
260 &oldsize, NULL, 0) == 0) {
261 if (oldsize == sizeof(oldvalue) && oldvalue == 7008)
262 result |= SYSCTL1_READ2;
269 ATF_TC_WITH_CLEANUP(cap_sysctl__operation);
270 ATF_TC_HEAD(cap_sysctl__operation, tc)
273 ATF_TC_BODY(cap_sysctl__operation, tc)
275 cap_channel_t *capsysctl, *ocapsysctl;
278 ocapsysctl = initcap();
282 * SYSCTL0_PARENT/RDWR/RECURSIVE
283 * SYSCTL1_PARENT/RDWR/RECURSIVE
286 capsysctl = cap_clone(ocapsysctl);
287 ATF_REQUIRE(capsysctl != NULL);
289 limit = cap_sysctl_limit_init(capsysctl);
290 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
291 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
292 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
293 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
294 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
296 limit = cap_sysctl_limit_init(capsysctl);
297 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
298 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
299 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
300 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
301 (void)cap_sysctl_limit_name(limit, "foo.bar",
302 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
303 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
305 limit = cap_sysctl_limit_init(capsysctl);
306 (void)cap_sysctl_limit_name(limit, "foo.bar",
307 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
308 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
310 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
311 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
312 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
313 SYSCTL1_READ_WRITE));
315 limit = cap_sysctl_limit_init(capsysctl);
316 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
317 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
318 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
319 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
320 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
322 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
323 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
324 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
325 SYSCTL1_READ_WRITE));
327 limit = cap_sysctl_limit_init(capsysctl);
328 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
329 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
330 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
331 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
332 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
334 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
336 limit = cap_sysctl_limit_init(capsysctl);
337 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
338 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
339 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
341 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
343 limit = cap_sysctl_limit_init(capsysctl);
344 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
345 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
347 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL0_READ0);
349 cap_close(capsysctl);
353 * SYSCTL0_NAME/RDWR/RECURSIVE
354 * SYSCTL1_NAME/RDWR/RECURSIVE
357 capsysctl = cap_clone(ocapsysctl);
358 ATF_REQUIRE(capsysctl != NULL);
360 limit = cap_sysctl_limit_init(capsysctl);
361 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
362 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
363 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
364 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
365 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
367 limit = cap_sysctl_limit_init(capsysctl);
368 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
369 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
370 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
371 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
372 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
373 limit = cap_sysctl_limit_init(capsysctl);
374 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
375 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
376 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
377 limit = cap_sysctl_limit_init(capsysctl);
378 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
379 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
380 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
381 limit = cap_sysctl_limit_init(capsysctl);
382 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
383 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
385 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
386 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
387 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
388 SYSCTL1_READ_WRITE));
390 cap_close(capsysctl);
394 * SYSCTL0_PARENT/RDWR
395 * SYSCTL1_PARENT/RDWR
398 capsysctl = cap_clone(ocapsysctl);
399 ATF_REQUIRE(capsysctl != NULL);
401 limit = cap_sysctl_limit_init(capsysctl);
402 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
403 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
404 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
405 limit = cap_sysctl_limit_init(capsysctl);
406 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
407 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
408 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
409 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
410 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
411 limit = cap_sysctl_limit_init(capsysctl);
412 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
413 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
414 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
415 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
416 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
417 limit = cap_sysctl_limit_init(capsysctl);
418 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
419 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
420 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
422 ATF_REQUIRE(checkcaps(capsysctl) == 0);
424 cap_close(capsysctl);
432 capsysctl = cap_clone(ocapsysctl);
433 ATF_REQUIRE(capsysctl != NULL);
435 limit = cap_sysctl_limit_init(capsysctl);
436 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
437 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
438 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
439 limit = cap_sysctl_limit_init(capsysctl);
440 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
441 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
442 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
443 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
444 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
445 limit = cap_sysctl_limit_init(capsysctl);
446 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
447 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
448 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
449 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
450 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
451 limit = cap_sysctl_limit_init(capsysctl);
452 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
453 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
454 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
456 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
457 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
458 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
459 SYSCTL1_READ_WRITE));
461 cap_close(capsysctl);
465 * SYSCTL0_PARENT/RDWR
466 * SYSCTL1_PARENT/RDWR/RECURSIVE
469 capsysctl = cap_clone(ocapsysctl);
470 ATF_REQUIRE(capsysctl != NULL);
472 limit = cap_sysctl_limit_init(capsysctl);
473 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
474 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
475 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
476 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
477 limit = cap_sysctl_limit_init(capsysctl);
478 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
479 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
480 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
481 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
482 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
483 limit = cap_sysctl_limit_init(capsysctl);
484 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
485 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
486 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
487 limit = cap_sysctl_limit_init(capsysctl);
488 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
489 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
490 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
491 limit = cap_sysctl_limit_init(capsysctl);
492 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
493 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
494 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
496 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
497 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
499 cap_close(capsysctl);
504 * SYSCTL1_NAME/RDWR/RECURSIVE
507 capsysctl = cap_clone(ocapsysctl);
508 ATF_REQUIRE(capsysctl != NULL);
510 limit = cap_sysctl_limit_init(capsysctl);
511 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
512 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
513 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
514 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
515 limit = cap_sysctl_limit_init(capsysctl);
516 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
517 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
518 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
519 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
520 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
521 limit = cap_sysctl_limit_init(capsysctl);
522 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
523 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
524 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
525 limit = cap_sysctl_limit_init(capsysctl);
526 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
527 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
528 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
530 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
531 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
532 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
533 SYSCTL1_READ_WRITE));
535 cap_close(capsysctl);
539 * SYSCTL0_PARENT/READ/RECURSIVE
540 * SYSCTL1_PARENT/READ/RECURSIVE
543 capsysctl = cap_clone(ocapsysctl);
544 ATF_REQUIRE(capsysctl != NULL);
546 limit = cap_sysctl_limit_init(capsysctl);
547 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
548 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
549 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
550 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
551 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
552 limit = cap_sysctl_limit_init(capsysctl);
553 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
554 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
555 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
556 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
557 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
558 limit = cap_sysctl_limit_init(capsysctl);
559 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
560 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
561 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
562 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
563 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
564 limit = cap_sysctl_limit_init(capsysctl);
565 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
566 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
567 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
568 limit = cap_sysctl_limit_init(capsysctl);
569 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
570 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
571 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
572 limit = cap_sysctl_limit_init(capsysctl);
573 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
574 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
575 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
576 limit = cap_sysctl_limit_init(capsysctl);
577 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
578 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
579 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
580 limit = cap_sysctl_limit_init(capsysctl);
581 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
582 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
583 limit = cap_sysctl_limit_init(capsysctl);
584 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
585 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
587 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
589 cap_close(capsysctl);
593 * SYSCTL0_NAME/READ/RECURSIVE
594 * SYSCTL1_NAME/READ/RECURSIVE
597 capsysctl = cap_clone(ocapsysctl);
598 ATF_REQUIRE(capsysctl != NULL);
600 limit = cap_sysctl_limit_init(capsysctl);
601 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
602 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
603 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
604 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
605 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
606 limit = cap_sysctl_limit_init(capsysctl);
607 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
608 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
609 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
610 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
611 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
612 limit = cap_sysctl_limit_init(capsysctl);
613 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
614 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
615 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
616 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
617 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
618 limit = cap_sysctl_limit_init(capsysctl);
619 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
620 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
621 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
622 limit = cap_sysctl_limit_init(capsysctl);
623 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
624 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
625 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
626 limit = cap_sysctl_limit_init(capsysctl);
627 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
628 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
629 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
630 limit = cap_sysctl_limit_init(capsysctl);
631 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
632 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
633 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
634 limit = cap_sysctl_limit_init(capsysctl);
635 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
636 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
637 limit = cap_sysctl_limit_init(capsysctl);
638 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
639 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
641 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
643 cap_close(capsysctl);
647 * SYSCTL0_PARENT/READ
648 * SYSCTL1_PARENT/READ
651 capsysctl = cap_clone(ocapsysctl);
652 ATF_REQUIRE(capsysctl != NULL);
654 limit = cap_sysctl_limit_init(capsysctl);
655 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
656 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
657 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
658 limit = cap_sysctl_limit_init(capsysctl);
659 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
660 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
661 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
662 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
663 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
664 limit = cap_sysctl_limit_init(capsysctl);
665 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
666 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
667 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
668 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
669 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
670 limit = cap_sysctl_limit_init(capsysctl);
671 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
672 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
673 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
674 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
675 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
676 limit = cap_sysctl_limit_init(capsysctl);
677 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
678 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
679 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
680 limit = cap_sysctl_limit_init(capsysctl);
681 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
682 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
683 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
684 limit = cap_sysctl_limit_init(capsysctl);
685 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
686 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
687 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
688 limit = cap_sysctl_limit_init(capsysctl);
689 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
690 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
691 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
692 limit = cap_sysctl_limit_init(capsysctl);
693 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
694 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
695 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
696 limit = cap_sysctl_limit_init(capsysctl);
697 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
698 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
699 limit = cap_sysctl_limit_init(capsysctl);
700 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
701 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
703 ATF_REQUIRE(checkcaps(capsysctl) == 0);
705 cap_close(capsysctl);
713 capsysctl = cap_clone(ocapsysctl);
714 ATF_REQUIRE(capsysctl != NULL);
716 limit = cap_sysctl_limit_init(capsysctl);
717 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
718 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
719 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
720 limit = cap_sysctl_limit_init(capsysctl);
721 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
722 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
723 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
724 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
725 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
726 limit = cap_sysctl_limit_init(capsysctl);
727 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
728 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
729 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
730 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
731 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
732 limit = cap_sysctl_limit_init(capsysctl);
733 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
734 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
735 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
736 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
737 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
738 limit = cap_sysctl_limit_init(capsysctl);
739 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
740 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
741 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
742 limit = cap_sysctl_limit_init(capsysctl);
743 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
744 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
745 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
746 limit = cap_sysctl_limit_init(capsysctl);
747 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
748 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
749 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
750 limit = cap_sysctl_limit_init(capsysctl);
751 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
752 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
753 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
754 limit = cap_sysctl_limit_init(capsysctl);
755 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
756 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
757 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
758 limit = cap_sysctl_limit_init(capsysctl);
759 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
760 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
761 limit = cap_sysctl_limit_init(capsysctl);
762 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
763 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
765 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
767 cap_close(capsysctl);
771 * SYSCTL0_PARENT/READ
772 * SYSCTL1_PARENT/READ/RECURSIVE
775 capsysctl = cap_clone(ocapsysctl);
776 ATF_REQUIRE(capsysctl != NULL);
778 limit = cap_sysctl_limit_init(capsysctl);
779 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
780 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
781 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
782 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
783 limit = cap_sysctl_limit_init(capsysctl);
784 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
785 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
786 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
787 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
789 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_READ0);
791 cap_close(capsysctl);
796 * SYSCTL1_NAME/READ/RECURSIVE
799 capsysctl = cap_clone(ocapsysctl);
800 ATF_REQUIRE(capsysctl != NULL);
802 limit = cap_sysctl_limit_init(capsysctl);
803 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
804 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
805 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
806 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
807 limit = cap_sysctl_limit_init(capsysctl);
808 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
809 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
810 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
811 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
813 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
815 cap_close(capsysctl);
819 * SYSCTL0_PARENT/WRITE/RECURSIVE
820 * SYSCTL1_PARENT/WRITE/RECURSIVE
823 capsysctl = cap_clone(ocapsysctl);
824 ATF_REQUIRE(capsysctl != NULL);
826 limit = cap_sysctl_limit_init(capsysctl);
827 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
828 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
829 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
830 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
831 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
832 limit = cap_sysctl_limit_init(capsysctl);
833 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
834 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
835 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
836 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
837 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
838 limit = cap_sysctl_limit_init(capsysctl);
839 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
840 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
841 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
842 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
843 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
844 limit = cap_sysctl_limit_init(capsysctl);
845 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
846 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
847 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
848 limit = cap_sysctl_limit_init(capsysctl);
849 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
850 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
851 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
852 limit = cap_sysctl_limit_init(capsysctl);
853 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
854 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
855 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
856 limit = cap_sysctl_limit_init(capsysctl);
857 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
858 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
859 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
860 limit = cap_sysctl_limit_init(capsysctl);
861 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
862 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
863 limit = cap_sysctl_limit_init(capsysctl);
864 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
865 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
867 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
869 cap_close(capsysctl);
873 * SYSCTL0_NAME/WRITE/RECURSIVE
874 * SYSCTL1_NAME/WRITE/RECURSIVE
877 capsysctl = cap_clone(ocapsysctl);
878 ATF_REQUIRE(capsysctl != NULL);
880 limit = cap_sysctl_limit_init(capsysctl);
881 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
882 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
883 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
884 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
885 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
886 limit = cap_sysctl_limit_init(capsysctl);
887 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
888 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
889 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
890 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
891 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
892 limit = cap_sysctl_limit_init(capsysctl);
893 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
894 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
895 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
896 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
897 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
898 limit = cap_sysctl_limit_init(capsysctl);
899 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
900 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
901 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
902 limit = cap_sysctl_limit_init(capsysctl);
903 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
904 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
905 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
906 limit = cap_sysctl_limit_init(capsysctl);
907 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
908 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
909 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
910 limit = cap_sysctl_limit_init(capsysctl);
911 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
912 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
913 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
914 limit = cap_sysctl_limit_init(capsysctl);
915 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
916 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
917 limit = cap_sysctl_limit_init(capsysctl);
918 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
919 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
921 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
923 cap_close(capsysctl);
927 * SYSCTL0_PARENT/WRITE
928 * SYSCTL1_PARENT/WRITE
931 capsysctl = cap_clone(ocapsysctl);
932 ATF_REQUIRE(capsysctl != NULL);
934 limit = cap_sysctl_limit_init(capsysctl);
935 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
936 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
937 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
938 limit = cap_sysctl_limit_init(capsysctl);
939 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
940 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
941 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
942 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
943 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
944 limit = cap_sysctl_limit_init(capsysctl);
945 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
946 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
947 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
948 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
949 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
950 limit = cap_sysctl_limit_init(capsysctl);
951 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
952 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
953 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
954 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
955 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
956 limit = cap_sysctl_limit_init(capsysctl);
957 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
958 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
959 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
960 limit = cap_sysctl_limit_init(capsysctl);
961 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
962 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
963 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
964 limit = cap_sysctl_limit_init(capsysctl);
965 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
966 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
967 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
968 limit = cap_sysctl_limit_init(capsysctl);
969 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
970 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
971 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
972 limit = cap_sysctl_limit_init(capsysctl);
973 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
974 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
975 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
976 limit = cap_sysctl_limit_init(capsysctl);
977 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
978 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
979 limit = cap_sysctl_limit_init(capsysctl);
980 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
981 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
983 ATF_REQUIRE(checkcaps(capsysctl) == 0);
985 cap_close(capsysctl);
993 capsysctl = cap_clone(ocapsysctl);
994 ATF_REQUIRE(capsysctl != NULL);
996 limit = cap_sysctl_limit_init(capsysctl);
997 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
998 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
999 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1000 limit = cap_sysctl_limit_init(capsysctl);
1001 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1002 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1003 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1004 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1005 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1006 limit = cap_sysctl_limit_init(capsysctl);
1007 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1008 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1009 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1010 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1011 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1012 limit = cap_sysctl_limit_init(capsysctl);
1013 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1014 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1015 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1016 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1017 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1018 limit = cap_sysctl_limit_init(capsysctl);
1019 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1020 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1021 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1022 limit = cap_sysctl_limit_init(capsysctl);
1023 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1024 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
1025 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1026 limit = cap_sysctl_limit_init(capsysctl);
1027 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1028 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1029 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1030 limit = cap_sysctl_limit_init(capsysctl);
1031 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1032 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1033 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1034 limit = cap_sysctl_limit_init(capsysctl);
1035 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1036 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1037 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1038 limit = cap_sysctl_limit_init(capsysctl);
1039 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1040 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1041 limit = cap_sysctl_limit_init(capsysctl);
1042 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1043 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1045 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
1047 cap_close(capsysctl);
1051 * SYSCTL0_PARENT/WRITE
1052 * SYSCTL1_PARENT/WRITE/RECURSIVE
1055 capsysctl = cap_clone(ocapsysctl);
1056 ATF_REQUIRE(capsysctl != NULL);
1058 limit = cap_sysctl_limit_init(capsysctl);
1059 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1060 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1061 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1062 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1063 limit = cap_sysctl_limit_init(capsysctl);
1064 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1065 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1066 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1067 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1069 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);
1071 cap_close(capsysctl);
1075 * SYSCTL0_NAME/WRITE
1076 * SYSCTL1_NAME/WRITE/RECURSIVE
1079 capsysctl = cap_clone(ocapsysctl);
1080 ATF_REQUIRE(capsysctl != NULL);
1082 limit = cap_sysctl_limit_init(capsysctl);
1083 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1084 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1085 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1086 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1087 limit = cap_sysctl_limit_init(capsysctl);
1088 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1089 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1090 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1091 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1093 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
1095 cap_close(capsysctl);
1099 * SYSCTL0_PARENT/READ/RECURSIVE
1100 * SYSCTL1_PARENT/WRITE/RECURSIVE
1103 capsysctl = cap_clone(ocapsysctl);
1104 ATF_REQUIRE(capsysctl != NULL);
1106 limit = cap_sysctl_limit_init(capsysctl);
1107 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1108 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1109 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1110 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1111 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1113 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1115 cap_close(capsysctl);
1119 * SYSCTL0_NAME/READ/RECURSIVE
1120 * SYSCTL1_NAME/WRITE/RECURSIVE
1123 capsysctl = cap_clone(ocapsysctl);
1124 ATF_REQUIRE(capsysctl != NULL);
1126 limit = cap_sysctl_limit_init(capsysctl);
1127 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1128 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1129 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1130 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1131 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1133 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1135 cap_close(capsysctl);
1139 * SYSCTL0_PARENT/READ
1140 * SYSCTL1_PARENT/WRITE
1143 capsysctl = cap_clone(ocapsysctl);
1144 ATF_REQUIRE(capsysctl != NULL);
1146 limit = cap_sysctl_limit_init(capsysctl);
1147 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1148 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1149 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1151 ATF_REQUIRE(checkcaps(capsysctl) == 0);
1153 cap_close(capsysctl);
1158 * SYSCTL1_NAME/WRITE
1161 capsysctl = cap_clone(ocapsysctl);
1162 ATF_REQUIRE(capsysctl != NULL);
1164 limit = cap_sysctl_limit_init(capsysctl);
1165 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1166 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1167 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1169 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1171 cap_close(capsysctl);
1175 * SYSCTL0_PARENT/READ
1176 * SYSCTL1_PARENT/WRITE/RECURSIVE
1179 capsysctl = cap_clone(ocapsysctl);
1180 ATF_REQUIRE(capsysctl != NULL);
1182 limit = cap_sysctl_limit_init(capsysctl);
1183 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1184 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1185 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1186 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1188 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);
1190 cap_close(capsysctl);
1195 * SYSCTL1_NAME/WRITE/RECURSIVE
1198 capsysctl = cap_clone(ocapsysctl);
1199 ATF_REQUIRE(capsysctl != NULL);
1201 limit = cap_sysctl_limit_init(capsysctl);
1202 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1203 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1204 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1205 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1207 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1209 cap_close(capsysctl);
1211 ATF_TC_CLEANUP(cap_sysctl__operation, tc)
1216 ATF_TC_WITH_CLEANUP(cap_sysctl__names);
1217 ATF_TC_HEAD(cap_sysctl__names, tc)
1220 ATF_TC_BODY(cap_sysctl__names, tc)
1222 cap_channel_t *capsysctl, *ocapsysctl;
1225 ocapsysctl = initcap();
1229 * SYSCTL0_PARENT/READ/RECURSIVE
1232 capsysctl = cap_clone(ocapsysctl);
1233 ATF_REQUIRE(capsysctl != NULL);
1235 limit = cap_sysctl_limit_init(capsysctl);
1236 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1237 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1238 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1239 limit = cap_sysctl_limit_init(capsysctl);
1240 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1241 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1242 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1243 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1244 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1245 limit = cap_sysctl_limit_init(capsysctl);
1246 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1247 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1248 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1249 limit = cap_sysctl_limit_init(capsysctl);
1250 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1251 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1252 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1253 limit = cap_sysctl_limit_init(capsysctl);
1254 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1255 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1257 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL0_READ0);
1259 cap_close(capsysctl);
1263 * SYSCTL1_NAME/READ/RECURSIVE
1266 capsysctl = cap_clone(ocapsysctl);
1267 ATF_REQUIRE(capsysctl != NULL);
1269 limit = cap_sysctl_limit_init(capsysctl);
1270 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1271 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1272 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1273 limit = cap_sysctl_limit_init(capsysctl);
1274 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1275 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1276 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1277 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1278 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1279 limit = cap_sysctl_limit_init(capsysctl);
1280 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1281 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1282 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1283 limit = cap_sysctl_limit_init(capsysctl);
1284 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1285 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
1286 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1287 limit = cap_sysctl_limit_init(capsysctl);
1288 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1289 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1291 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_READ0);
1293 cap_close(capsysctl);
1297 * SYSCTL0_PARENT/WRITE/RECURSIVE
1300 capsysctl = cap_clone(ocapsysctl);
1301 ATF_REQUIRE(capsysctl != NULL);
1303 limit = cap_sysctl_limit_init(capsysctl);
1304 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1305 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1306 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1307 limit = cap_sysctl_limit_init(capsysctl);
1308 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1309 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1310 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1311 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1312 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1313 limit = cap_sysctl_limit_init(capsysctl);
1314 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1315 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1316 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1317 limit = cap_sysctl_limit_init(capsysctl);
1318 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1319 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1320 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1321 limit = cap_sysctl_limit_init(capsysctl);
1322 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1323 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1325 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL0_WRITE);
1327 cap_close(capsysctl);
1331 * SYSCTL1_NAME/WRITE/RECURSIVE
1334 capsysctl = cap_clone(ocapsysctl);
1335 ATF_REQUIRE(capsysctl != NULL);
1337 limit = cap_sysctl_limit_init(capsysctl);
1338 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1339 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1340 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1341 limit = cap_sysctl_limit_init(capsysctl);
1342 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1343 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1344 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1345 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1346 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1347 limit = cap_sysctl_limit_init(capsysctl);
1348 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1349 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1350 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1351 limit = cap_sysctl_limit_init(capsysctl);
1352 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1353 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1354 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1355 limit = cap_sysctl_limit_init(capsysctl);
1356 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1357 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1359 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);
1361 cap_close(capsysctl);
1365 * SYSCTL0_PARENT/RDWR/RECURSIVE
1368 capsysctl = cap_clone(ocapsysctl);
1369 ATF_REQUIRE(capsysctl != NULL);
1371 limit = cap_sysctl_limit_init(capsysctl);
1372 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1373 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1374 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1375 limit = cap_sysctl_limit_init(capsysctl);
1376 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1377 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1378 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1379 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1380 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1381 limit = cap_sysctl_limit_init(capsysctl);
1382 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1383 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1384 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1385 limit = cap_sysctl_limit_init(capsysctl);
1386 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1387 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1388 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1389 limit = cap_sysctl_limit_init(capsysctl);
1390 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1391 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1393 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
1394 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE));
1396 cap_close(capsysctl);
1400 * SYSCTL1_NAME/RDWR/RECURSIVE
1403 capsysctl = cap_clone(ocapsysctl);
1404 ATF_REQUIRE(capsysctl != NULL);
1406 limit = cap_sysctl_limit_init(capsysctl);
1407 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1408 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1409 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1410 limit = cap_sysctl_limit_init(capsysctl);
1411 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1412 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1413 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1414 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1415 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1416 limit = cap_sysctl_limit_init(capsysctl);
1417 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1418 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1419 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1420 limit = cap_sysctl_limit_init(capsysctl);
1421 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1422 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
1423 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1424 limit = cap_sysctl_limit_init(capsysctl);
1425 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1426 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1428 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
1429 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
1431 cap_close(capsysctl);
1435 * SYSCTL0_PARENT/READ
1438 capsysctl = cap_clone(ocapsysctl);
1439 ATF_REQUIRE(capsysctl != NULL);
1441 limit = cap_sysctl_limit_init(capsysctl);
1442 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1443 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1444 limit = cap_sysctl_limit_init(capsysctl);
1445 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1446 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1447 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1448 limit = cap_sysctl_limit_init(capsysctl);
1449 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1450 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1452 ATF_REQUIRE(checkcaps(capsysctl) == 0);
1454 cap_close(capsysctl);
1461 capsysctl = cap_clone(ocapsysctl);
1462 ATF_REQUIRE(capsysctl != NULL);
1464 limit = cap_sysctl_limit_init(capsysctl);
1465 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
1466 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1467 limit = cap_sysctl_limit_init(capsysctl);
1468 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1469 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
1470 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1471 limit = cap_sysctl_limit_init(capsysctl);
1472 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1473 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1475 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_READ0);
1477 cap_close(capsysctl);
1481 * SYSCTL0_PARENT/WRITE
1484 capsysctl = cap_clone(ocapsysctl);
1485 ATF_REQUIRE(capsysctl != NULL);
1487 limit = cap_sysctl_limit_init(capsysctl);
1488 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1489 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1490 limit = cap_sysctl_limit_init(capsysctl);
1491 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1492 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1493 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1494 limit = cap_sysctl_limit_init(capsysctl);
1495 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1496 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1498 ATF_REQUIRE(checkcaps(capsysctl) == 0);
1500 cap_close(capsysctl);
1504 * SYSCTL1_NAME/WRITE
1507 capsysctl = cap_clone(ocapsysctl);
1508 ATF_REQUIRE(capsysctl != NULL);
1510 limit = cap_sysctl_limit_init(capsysctl);
1511 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1512 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1513 limit = cap_sysctl_limit_init(capsysctl);
1514 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1515 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1516 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1517 limit = cap_sysctl_limit_init(capsysctl);
1518 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1519 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1521 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);
1523 cap_close(capsysctl);
1527 * SYSCTL0_PARENT/RDWR
1530 capsysctl = cap_clone(ocapsysctl);
1531 ATF_REQUIRE(capsysctl != NULL);
1533 limit = cap_sysctl_limit_init(capsysctl);
1534 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
1535 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1536 limit = cap_sysctl_limit_init(capsysctl);
1537 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
1538 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
1539 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1540 limit = cap_sysctl_limit_init(capsysctl);
1541 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
1542 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1544 ATF_REQUIRE(checkcaps(capsysctl) == 0);
1546 cap_close(capsysctl);
1553 capsysctl = cap_clone(ocapsysctl);
1554 ATF_REQUIRE(capsysctl != NULL);
1556 limit = cap_sysctl_limit_init(capsysctl);
1557 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1558 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1559 limit = cap_sysctl_limit_init(capsysctl);
1560 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1561 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1562 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1563 limit = cap_sysctl_limit_init(capsysctl);
1564 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1565 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1567 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
1568 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
1570 cap_close(capsysctl);
1572 ATF_TC_CLEANUP(cap_sysctl__names, tc)
1577 ATF_TC_WITH_CLEANUP(cap_sysctl__no_limits);
1578 ATF_TC_HEAD(cap_sysctl__no_limits, tc)
1581 ATF_TC_BODY(cap_sysctl__no_limits, tc)
1583 cap_channel_t *capsysctl;
1585 capsysctl = initcap();
1587 ATF_REQUIRE_EQ(checkcaps(capsysctl), (SYSCTL0_READ0 | SYSCTL0_READ1 |
1588 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
1589 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
1590 SYSCTL1_READ_WRITE));
1592 ATF_TC_CLEANUP(cap_sysctl__no_limits, tc)
1597 ATF_TC_WITH_CLEANUP(cap_sysctl__recursive_limits);
1598 ATF_TC_HEAD(cap_sysctl__recursive_limits, tc)
1601 ATF_TC_BODY(cap_sysctl__recursive_limits, tc)
1603 cap_channel_t *capsysctl, *ocapsysctl;
1606 int mib[2], val = 420;
1609 ATF_REQUIRE(sysctlnametomib(SYSCTL0_NAME, mib, &len) == 0);
1611 ocapsysctl = initcap();
1614 * Make sure that we match entire components.
1616 capsysctl = cap_clone(ocapsysctl);
1617 ATF_REQUIRE(capsysctl != NULL);
1619 limit = cap_sysctl_limit_init(capsysctl);
1620 (void)cap_sysctl_limit_name(limit, "ker",
1621 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1622 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1624 ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctlbyname(capsysctl, SYSCTL0_NAME,
1625 NULL, NULL, &val, sizeof(val)));
1626 ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctl(capsysctl, mib, len,
1627 NULL, NULL, &val, sizeof(val)));
1629 cap_close(capsysctl);
1632 * Verify that we check for CAP_SYSCTL_RECURSIVE.
1634 capsysctl = cap_clone(ocapsysctl);
1635 ATF_REQUIRE(capsysctl != NULL);
1637 limit = cap_sysctl_limit_init(capsysctl);
1638 (void)cap_sysctl_limit_name(limit, "kern", CAP_SYSCTL_RDWR);
1639 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1641 ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctlbyname(capsysctl, SYSCTL0_NAME,
1642 NULL, NULL, &val, sizeof(val)));
1643 ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctl(capsysctl, mib, len,
1644 NULL, NULL, &val, sizeof(val)));
1646 cap_close(capsysctl);
1648 ATF_TC_CLEANUP(cap_sysctl__recursive_limits, tc)
1653 ATF_TC_WITH_CLEANUP(cap_sysctl__just_size);
1654 ATF_TC_HEAD(cap_sysctl__just_size, tc)
1657 ATF_TC_BODY(cap_sysctl__just_size, tc)
1659 cap_channel_t *capsysctl;
1663 capsysctl = initcap();
1666 ATF_REQUIRE(sysctlnametomib(SYSCTL0_NAME, mib0, &len) == 0);
1668 ATF_REQUIRE(cap_sysctlbyname(capsysctl, SYSCTL0_NAME,
1669 NULL, &len, NULL, 0) == 0);
1670 ATF_REQUIRE(len == sizeof(int));
1671 ATF_REQUIRE(cap_sysctl(capsysctl, mib0, nitems(mib0),
1672 NULL, &len, NULL, 0) == 0);
1673 ATF_REQUIRE(len == sizeof(int));
1675 cap_close(capsysctl);
1677 ATF_TC_CLEANUP(cap_sysctl__just_size, tc)
1684 ATF_TP_ADD_TC(tp, cap_sysctl__operation);
1685 ATF_TP_ADD_TC(tp, cap_sysctl__names);
1686 ATF_TP_ADD_TC(tp, cap_sysctl__no_limits);
1687 ATF_TP_ADD_TC(tp, cap_sysctl__recursive_limits);
1688 ATF_TP_ADD_TC(tp, cap_sysctl__just_size);
1690 return (atf_no_error());
projects / FreeBSD / FreeBSD.git / blob