2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2013 The FreeBSD Foundation
7 * This software was developed by Pawel Jakub Dawidek under sponsorship from
8 * the FreeBSD Foundation.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
35 #include <sys/types.h>
36 #include <sys/capsicum.h>
37 #include <sys/sysctl.h>
49 #include <libcasper.h>
51 #include <casper/cap_sysctl.h>
54 * We need some sysctls to perform the tests on.
55 * We remember their values and restore them afer the test is done.
57 #define SYSCTL0_PARENT "kern"
58 #define SYSCTL0_NAME "kern.sync_on_panic"
59 #define SYSCTL1_PARENT "debug"
60 #define SYSCTL1_NAME "debug.minidump"
64 #define CHECK(expr) do { \
66 printf("ok %d # %s:%u\n", ntest, __FILE__, __LINE__); \
68 printf("not ok %d # %s:%u\n", ntest, __FILE__, __LINE__); \
72 #define CHECKX(expr) do { \
74 printf("ok %d # %s:%u\n", ntest, __FILE__, __LINE__); \
76 printf("not ok %d # %s:%u\n", ntest, __FILE__, __LINE__); \
83 #define SYSCTL0_READ0 0x0001
84 #define SYSCTL0_READ1 0x0002
85 #define SYSCTL0_READ2 0x0004
86 #define SYSCTL0_WRITE 0x0008
87 #define SYSCTL0_READ_WRITE 0x0010
88 #define SYSCTL1_READ0 0x0020
89 #define SYSCTL1_READ1 0x0040
90 #define SYSCTL1_READ2 0x0080
91 #define SYSCTL1_WRITE 0x0100
92 #define SYSCTL1_READ_WRITE 0x0200
95 runtest(cap_channel_t *capsysctl)
98 int oldvalue, newvalue;
103 oldsize = sizeof(oldvalue);
104 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,
106 if (oldsize == sizeof(oldvalue))
107 result |= SYSCTL0_READ0;
111 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, NULL, NULL, &newvalue,
112 sizeof(newvalue)) == 0) {
113 result |= SYSCTL0_WRITE;
116 if ((result & SYSCTL0_WRITE) != 0) {
117 oldsize = sizeof(oldvalue);
118 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,
119 &oldsize, NULL, 0) == 0) {
120 if (oldsize == sizeof(oldvalue) && oldvalue == 123)
121 result |= SYSCTL0_READ1;
125 oldsize = sizeof(oldvalue);
127 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,
128 &newvalue, sizeof(newvalue)) == 0) {
129 if (oldsize == sizeof(oldvalue) && oldvalue == 123)
130 result |= SYSCTL0_READ_WRITE;
133 if ((result & SYSCTL0_READ_WRITE) != 0) {
134 oldsize = sizeof(oldvalue);
135 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,
136 &oldsize, NULL, 0) == 0) {
137 if (oldsize == sizeof(oldvalue) && oldvalue == 4567)
138 result |= SYSCTL0_READ2;
142 oldsize = sizeof(oldvalue);
143 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,
145 if (oldsize == sizeof(oldvalue))
146 result |= SYSCTL1_READ0;
150 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, NULL, NULL, &newvalue,
151 sizeof(newvalue)) == 0) {
152 result |= SYSCTL1_WRITE;
155 if ((result & SYSCTL1_WRITE) != 0) {
156 oldsize = sizeof(oldvalue);
157 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,
158 &oldsize, NULL, 0) == 0) {
159 if (oldsize == sizeof(oldvalue) && oldvalue == 506)
160 result |= SYSCTL1_READ1;
164 oldsize = sizeof(oldvalue);
166 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,
167 &newvalue, sizeof(newvalue)) == 0) {
168 if (oldsize == sizeof(oldvalue) && oldvalue == 506)
169 result |= SYSCTL1_READ_WRITE;
172 if ((result & SYSCTL1_READ_WRITE) != 0) {
173 oldsize = sizeof(oldvalue);
174 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,
175 &oldsize, NULL, 0) == 0) {
176 if (oldsize == sizeof(oldvalue) && oldvalue == 7008)
177 result |= SYSCTL1_READ2;
185 test_operation(cap_channel_t *origcapsysctl)
187 cap_channel_t *capsysctl;
192 * SYSCTL0_PARENT/RDWR/RECURSIVE
193 * SYSCTL1_PARENT/RDWR/RECURSIVE
196 capsysctl = cap_clone(origcapsysctl);
197 CHECK(capsysctl != NULL);
199 limits = nvlist_create(0);
200 nvlist_add_number(limits, SYSCTL0_PARENT,
201 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
202 nvlist_add_number(limits, SYSCTL1_PARENT,
203 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
204 CHECK(cap_limit_set(capsysctl, limits) == 0);
205 limits = nvlist_create(0);
206 nvlist_add_number(limits, SYSCTL0_PARENT,
207 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
208 nvlist_add_number(limits, SYSCTL1_PARENT,
209 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
210 nvlist_add_number(limits, "foo.bar",
211 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
212 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
213 limits = nvlist_create(0);
214 nvlist_add_number(limits, "foo.bar",
215 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
216 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
218 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
219 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
220 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
221 SYSCTL1_READ_WRITE));
223 limits = nvlist_create(0);
224 nvlist_add_number(limits, SYSCTL0_NAME,
225 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
226 nvlist_add_number(limits, SYSCTL1_NAME,
227 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
228 CHECK(cap_limit_set(capsysctl, limits) == 0);
230 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
231 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
232 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
233 SYSCTL1_READ_WRITE));
235 limits = nvlist_create(0);
236 nvlist_add_number(limits, SYSCTL0_NAME,
237 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
238 nvlist_add_number(limits, SYSCTL1_NAME,
239 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
240 CHECK(cap_limit_set(capsysctl, limits) == 0);
242 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
244 limits = nvlist_create(0);
245 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
246 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
247 CHECK(cap_limit_set(capsysctl, limits) == 0);
249 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
251 limits = nvlist_create(0);
252 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
253 CHECK(cap_limit_set(capsysctl, limits) == 0);
255 CHECK(runtest(capsysctl) == SYSCTL0_READ0);
257 cap_close(capsysctl);
261 * SYSCTL0_NAME/RDWR/RECURSIVE
262 * SYSCTL1_NAME/RDWR/RECURSIVE
265 capsysctl = cap_clone(origcapsysctl);
266 CHECK(capsysctl != NULL);
268 limits = nvlist_create(0);
269 nvlist_add_number(limits, SYSCTL0_NAME,
270 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
271 nvlist_add_number(limits, SYSCTL1_NAME,
272 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
273 CHECK(cap_limit_set(capsysctl, limits) == 0);
274 limits = nvlist_create(0);
275 nvlist_add_number(limits, SYSCTL0_PARENT,
276 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
277 nvlist_add_number(limits, SYSCTL1_PARENT,
278 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
279 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
280 limits = nvlist_create(0);
281 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
282 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
283 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
284 limits = nvlist_create(0);
285 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
286 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
287 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
288 limits = nvlist_create(0);
289 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
290 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
292 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
293 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
294 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
295 SYSCTL1_READ_WRITE));
297 cap_close(capsysctl);
301 * SYSCTL0_PARENT/RDWR
302 * SYSCTL1_PARENT/RDWR
305 capsysctl = cap_clone(origcapsysctl);
306 CHECK(capsysctl != NULL);
308 limits = nvlist_create(0);
309 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
310 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
311 CHECK(cap_limit_set(capsysctl, limits) == 0);
312 limits = nvlist_create(0);
313 nvlist_add_number(limits, SYSCTL0_PARENT,
314 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
315 nvlist_add_number(limits, SYSCTL1_PARENT,
316 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
317 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
318 limits = nvlist_create(0);
319 nvlist_add_number(limits, SYSCTL0_PARENT,
320 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
321 nvlist_add_number(limits, SYSCTL1_PARENT,
322 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
323 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
324 limits = nvlist_create(0);
325 nvlist_add_number(limits, SYSCTL0_PARENT,
326 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
327 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
329 CHECK(runtest(capsysctl) == 0);
331 cap_close(capsysctl);
339 capsysctl = cap_clone(origcapsysctl);
340 CHECK(capsysctl != NULL);
342 limits = nvlist_create(0);
343 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
344 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
345 CHECK(cap_limit_set(capsysctl, limits) == 0);
346 limits = nvlist_create(0);
347 nvlist_add_number(limits, SYSCTL0_PARENT,
348 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
349 nvlist_add_number(limits, SYSCTL1_PARENT,
350 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
351 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
352 limits = nvlist_create(0);
353 nvlist_add_number(limits, SYSCTL0_PARENT,
354 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
355 nvlist_add_number(limits, SYSCTL1_PARENT,
356 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
357 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
358 limits = nvlist_create(0);
359 nvlist_add_number(limits, SYSCTL1_PARENT,
360 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
361 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
363 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
364 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
365 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
366 SYSCTL1_READ_WRITE));
368 cap_close(capsysctl);
372 * SYSCTL0_PARENT/RDWR
373 * SYSCTL1_PARENT/RDWR/RECURSIVE
376 capsysctl = cap_clone(origcapsysctl);
377 CHECK(capsysctl != NULL);
379 limits = nvlist_create(0);
380 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
381 nvlist_add_number(limits, SYSCTL1_PARENT,
382 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
383 CHECK(cap_limit_set(capsysctl, limits) == 0);
384 limits = nvlist_create(0);
385 nvlist_add_number(limits, SYSCTL0_PARENT,
386 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
387 nvlist_add_number(limits, SYSCTL1_PARENT,
388 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
389 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
390 limits = nvlist_create(0);
391 nvlist_add_number(limits, SYSCTL0_PARENT,
392 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
393 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
394 limits = nvlist_create(0);
395 nvlist_add_number(limits, SYSCTL0_PARENT,
396 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
397 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
398 limits = nvlist_create(0);
399 nvlist_add_number(limits, SYSCTL0_NAME,
400 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
401 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
403 CHECK(runtest(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
404 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
406 cap_close(capsysctl);
411 * SYSCTL1_NAME/RDWR/RECURSIVE
414 capsysctl = cap_clone(origcapsysctl);
415 CHECK(capsysctl != NULL);
417 limits = nvlist_create(0);
418 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
419 nvlist_add_number(limits, SYSCTL1_NAME,
420 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
421 CHECK(cap_limit_set(capsysctl, limits) == 0);
422 limits = nvlist_create(0);
423 nvlist_add_number(limits, SYSCTL0_NAME,
424 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
425 nvlist_add_number(limits, SYSCTL1_NAME,
426 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
427 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
428 limits = nvlist_create(0);
429 nvlist_add_number(limits, SYSCTL0_NAME,
430 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
431 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
432 limits = nvlist_create(0);
433 nvlist_add_number(limits, SYSCTL0_NAME,
434 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
435 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
437 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
438 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
439 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
440 SYSCTL1_READ_WRITE));
442 cap_close(capsysctl);
446 * SYSCTL0_PARENT/READ/RECURSIVE
447 * SYSCTL1_PARENT/READ/RECURSIVE
450 capsysctl = cap_clone(origcapsysctl);
451 CHECK(capsysctl != NULL);
453 limits = nvlist_create(0);
454 nvlist_add_number(limits, SYSCTL0_PARENT,
455 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
456 nvlist_add_number(limits, SYSCTL1_PARENT,
457 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
458 CHECK(cap_limit_set(capsysctl, limits) == 0);
459 limits = nvlist_create(0);
460 nvlist_add_number(limits, SYSCTL0_PARENT,
461 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
462 nvlist_add_number(limits, SYSCTL1_PARENT,
463 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
464 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
465 limits = nvlist_create(0);
466 nvlist_add_number(limits, SYSCTL0_PARENT,
467 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
468 nvlist_add_number(limits, SYSCTL1_PARENT,
469 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
470 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
471 limits = nvlist_create(0);
472 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
473 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
474 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
475 limits = nvlist_create(0);
476 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
477 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
478 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
479 limits = nvlist_create(0);
480 nvlist_add_number(limits, SYSCTL0_PARENT,
481 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
482 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
483 limits = nvlist_create(0);
484 nvlist_add_number(limits, SYSCTL1_PARENT,
485 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
486 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
487 limits = nvlist_create(0);
488 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
489 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
490 limits = nvlist_create(0);
491 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
492 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
494 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
496 cap_close(capsysctl);
500 * SYSCTL0_NAME/READ/RECURSIVE
501 * SYSCTL1_NAME/READ/RECURSIVE
504 capsysctl = cap_clone(origcapsysctl);
505 CHECK(capsysctl != NULL);
507 limits = nvlist_create(0);
508 nvlist_add_number(limits, SYSCTL0_NAME,
509 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
510 nvlist_add_number(limits, SYSCTL1_NAME,
511 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
512 CHECK(cap_limit_set(capsysctl, limits) == 0);
513 limits = nvlist_create(0);
514 nvlist_add_number(limits, SYSCTL0_NAME,
515 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
516 nvlist_add_number(limits, SYSCTL1_NAME,
517 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
518 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
519 limits = nvlist_create(0);
520 nvlist_add_number(limits, SYSCTL0_NAME,
521 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
522 nvlist_add_number(limits, SYSCTL1_NAME,
523 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
524 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
525 limits = nvlist_create(0);
526 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
527 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
528 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
529 limits = nvlist_create(0);
530 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
531 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
532 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
533 limits = nvlist_create(0);
534 nvlist_add_number(limits, SYSCTL0_NAME,
535 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
536 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
537 limits = nvlist_create(0);
538 nvlist_add_number(limits, SYSCTL1_NAME,
539 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
540 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
541 limits = nvlist_create(0);
542 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
543 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
544 limits = nvlist_create(0);
545 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
546 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
548 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
550 cap_close(capsysctl);
554 * SYSCTL0_PARENT/READ
555 * SYSCTL1_PARENT/READ
558 capsysctl = cap_clone(origcapsysctl);
559 CHECK(capsysctl != NULL);
561 limits = nvlist_create(0);
562 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
563 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
564 CHECK(cap_limit_set(capsysctl, limits) == 0);
565 limits = nvlist_create(0);
566 nvlist_add_number(limits, SYSCTL0_PARENT,
567 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
568 nvlist_add_number(limits, SYSCTL1_PARENT,
569 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
570 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
571 limits = nvlist_create(0);
572 nvlist_add_number(limits, SYSCTL0_PARENT,
573 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
574 nvlist_add_number(limits, SYSCTL1_PARENT,
575 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
576 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
577 limits = nvlist_create(0);
578 nvlist_add_number(limits, SYSCTL0_PARENT,
579 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
580 nvlist_add_number(limits, SYSCTL1_PARENT,
581 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
582 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
583 limits = nvlist_create(0);
584 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
585 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
586 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
587 limits = nvlist_create(0);
588 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
589 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
590 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
591 limits = nvlist_create(0);
592 nvlist_add_number(limits, SYSCTL0_PARENT,
593 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
594 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
595 limits = nvlist_create(0);
596 nvlist_add_number(limits, SYSCTL1_PARENT,
597 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
598 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
599 limits = nvlist_create(0);
600 nvlist_add_number(limits, SYSCTL0_PARENT,
601 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
602 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
603 limits = nvlist_create(0);
604 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
605 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
606 limits = nvlist_create(0);
607 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
608 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
610 CHECK(runtest(capsysctl) == 0);
612 cap_close(capsysctl);
620 capsysctl = cap_clone(origcapsysctl);
621 CHECK(capsysctl != NULL);
623 limits = nvlist_create(0);
624 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
625 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
626 CHECK(cap_limit_set(capsysctl, limits) == 0);
627 limits = nvlist_create(0);
628 nvlist_add_number(limits, SYSCTL0_NAME,
629 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
630 nvlist_add_number(limits, SYSCTL1_NAME,
631 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
632 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
633 limits = nvlist_create(0);
634 nvlist_add_number(limits, SYSCTL0_NAME,
635 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
636 nvlist_add_number(limits, SYSCTL1_NAME,
637 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
638 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
639 limits = nvlist_create(0);
640 nvlist_add_number(limits, SYSCTL0_NAME,
641 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
642 nvlist_add_number(limits, SYSCTL1_NAME,
643 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
644 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
645 limits = nvlist_create(0);
646 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
647 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
648 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
649 limits = nvlist_create(0);
650 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
651 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
652 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
653 limits = nvlist_create(0);
654 nvlist_add_number(limits, SYSCTL0_NAME,
655 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
656 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
657 limits = nvlist_create(0);
658 nvlist_add_number(limits, SYSCTL1_NAME,
659 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
660 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
661 limits = nvlist_create(0);
662 nvlist_add_number(limits, SYSCTL0_NAME,
663 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
664 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
665 limits = nvlist_create(0);
666 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
667 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
668 limits = nvlist_create(0);
669 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
670 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
672 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
674 cap_close(capsysctl);
678 * SYSCTL0_PARENT/READ
679 * SYSCTL1_PARENT/READ/RECURSIVE
682 capsysctl = cap_clone(origcapsysctl);
683 CHECK(capsysctl != NULL);
685 limits = nvlist_create(0);
686 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
687 nvlist_add_number(limits, SYSCTL1_PARENT,
688 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
689 CHECK(cap_limit_set(capsysctl, limits) == 0);
690 limits = nvlist_create(0);
691 nvlist_add_number(limits, SYSCTL0_PARENT,
692 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
693 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
694 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
696 CHECK(runtest(capsysctl) == SYSCTL1_READ0);
698 cap_close(capsysctl);
703 * SYSCTL1_NAME/READ/RECURSIVE
706 capsysctl = cap_clone(origcapsysctl);
707 CHECK(capsysctl != NULL);
709 limits = nvlist_create(0);
710 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
711 nvlist_add_number(limits, SYSCTL1_NAME,
712 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
713 CHECK(cap_limit_set(capsysctl, limits) == 0);
714 limits = nvlist_create(0);
715 nvlist_add_number(limits, SYSCTL0_NAME,
716 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
717 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
718 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
720 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
722 cap_close(capsysctl);
726 * SYSCTL0_PARENT/WRITE/RECURSIVE
727 * SYSCTL1_PARENT/WRITE/RECURSIVE
730 capsysctl = cap_clone(origcapsysctl);
731 CHECK(capsysctl != NULL);
733 limits = nvlist_create(0);
734 nvlist_add_number(limits, SYSCTL0_PARENT,
735 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
736 nvlist_add_number(limits, SYSCTL1_PARENT,
737 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
738 CHECK(cap_limit_set(capsysctl, limits) == 0);
739 limits = nvlist_create(0);
740 nvlist_add_number(limits, SYSCTL0_PARENT,
741 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
742 nvlist_add_number(limits, SYSCTL1_PARENT,
743 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
744 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
745 limits = nvlist_create(0);
746 nvlist_add_number(limits, SYSCTL0_PARENT,
747 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
748 nvlist_add_number(limits, SYSCTL1_PARENT,
749 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
750 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
751 limits = nvlist_create(0);
752 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
753 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
754 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
755 limits = nvlist_create(0);
756 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
757 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
758 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
759 limits = nvlist_create(0);
760 nvlist_add_number(limits, SYSCTL0_PARENT,
761 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
762 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
763 limits = nvlist_create(0);
764 nvlist_add_number(limits, SYSCTL1_PARENT,
765 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
766 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
767 limits = nvlist_create(0);
768 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
769 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
770 limits = nvlist_create(0);
771 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
772 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
774 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
776 cap_close(capsysctl);
780 * SYSCTL0_NAME/WRITE/RECURSIVE
781 * SYSCTL1_NAME/WRITE/RECURSIVE
784 capsysctl = cap_clone(origcapsysctl);
785 CHECK(capsysctl != NULL);
787 limits = nvlist_create(0);
788 nvlist_add_number(limits, SYSCTL0_NAME,
789 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
790 nvlist_add_number(limits, SYSCTL1_NAME,
791 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
792 CHECK(cap_limit_set(capsysctl, limits) == 0);
793 limits = nvlist_create(0);
794 nvlist_add_number(limits, SYSCTL0_NAME,
795 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
796 nvlist_add_number(limits, SYSCTL1_NAME,
797 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
798 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
799 limits = nvlist_create(0);
800 nvlist_add_number(limits, SYSCTL0_NAME,
801 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
802 nvlist_add_number(limits, SYSCTL1_NAME,
803 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
804 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
805 limits = nvlist_create(0);
806 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
807 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
808 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
809 limits = nvlist_create(0);
810 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
811 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
812 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
813 limits = nvlist_create(0);
814 nvlist_add_number(limits, SYSCTL0_NAME,
815 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
816 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
817 limits = nvlist_create(0);
818 nvlist_add_number(limits, SYSCTL1_NAME,
819 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
820 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
821 limits = nvlist_create(0);
822 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
823 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
824 limits = nvlist_create(0);
825 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
826 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
828 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
830 cap_close(capsysctl);
834 * SYSCTL0_PARENT/WRITE
835 * SYSCTL1_PARENT/WRITE
838 capsysctl = cap_clone(origcapsysctl);
839 CHECK(capsysctl != NULL);
841 limits = nvlist_create(0);
842 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
843 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
844 CHECK(cap_limit_set(capsysctl, limits) == 0);
845 limits = nvlist_create(0);
846 nvlist_add_number(limits, SYSCTL0_PARENT,
847 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
848 nvlist_add_number(limits, SYSCTL1_PARENT,
849 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
850 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
851 limits = nvlist_create(0);
852 nvlist_add_number(limits, SYSCTL0_PARENT,
853 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
854 nvlist_add_number(limits, SYSCTL1_PARENT,
855 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
856 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
857 limits = nvlist_create(0);
858 nvlist_add_number(limits, SYSCTL0_PARENT,
859 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
860 nvlist_add_number(limits, SYSCTL1_PARENT,
861 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
862 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
863 limits = nvlist_create(0);
864 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
865 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
866 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
867 limits = nvlist_create(0);
868 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
869 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
870 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
871 limits = nvlist_create(0);
872 nvlist_add_number(limits, SYSCTL0_PARENT,
873 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
874 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
875 limits = nvlist_create(0);
876 nvlist_add_number(limits, SYSCTL1_PARENT,
877 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
878 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
879 limits = nvlist_create(0);
880 nvlist_add_number(limits, SYSCTL0_PARENT,
881 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
882 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
883 limits = nvlist_create(0);
884 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
885 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
886 limits = nvlist_create(0);
887 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
888 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
890 CHECK(runtest(capsysctl) == 0);
892 cap_close(capsysctl);
900 capsysctl = cap_clone(origcapsysctl);
901 CHECK(capsysctl != NULL);
903 limits = nvlist_create(0);
904 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
905 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
906 CHECK(cap_limit_set(capsysctl, limits) == 0);
907 limits = nvlist_create(0);
908 nvlist_add_number(limits, SYSCTL0_NAME,
909 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
910 nvlist_add_number(limits, SYSCTL1_NAME,
911 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
912 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
913 limits = nvlist_create(0);
914 nvlist_add_number(limits, SYSCTL0_NAME,
915 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
916 nvlist_add_number(limits, SYSCTL1_NAME,
917 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
918 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
919 limits = nvlist_create(0);
920 nvlist_add_number(limits, SYSCTL0_NAME,
921 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
922 nvlist_add_number(limits, SYSCTL1_NAME,
923 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
924 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
925 limits = nvlist_create(0);
926 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
927 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
928 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
929 limits = nvlist_create(0);
930 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
931 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
932 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
933 limits = nvlist_create(0);
934 nvlist_add_number(limits, SYSCTL0_NAME,
935 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
936 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
937 limits = nvlist_create(0);
938 nvlist_add_number(limits, SYSCTL1_NAME,
939 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
940 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
941 limits = nvlist_create(0);
942 nvlist_add_number(limits, SYSCTL0_NAME,
943 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
944 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
945 limits = nvlist_create(0);
946 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
947 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
948 limits = nvlist_create(0);
949 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
950 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
952 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
954 cap_close(capsysctl);
958 * SYSCTL0_PARENT/WRITE
959 * SYSCTL1_PARENT/WRITE/RECURSIVE
962 capsysctl = cap_clone(origcapsysctl);
963 CHECK(capsysctl != NULL);
965 limits = nvlist_create(0);
966 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
967 nvlist_add_number(limits, SYSCTL1_PARENT,
968 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
969 CHECK(cap_limit_set(capsysctl, limits) == 0);
970 limits = nvlist_create(0);
971 nvlist_add_number(limits, SYSCTL0_PARENT,
972 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
973 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
974 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
976 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
978 cap_close(capsysctl);
983 * SYSCTL1_NAME/WRITE/RECURSIVE
986 capsysctl = cap_clone(origcapsysctl);
987 CHECK(capsysctl != NULL);
989 limits = nvlist_create(0);
990 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
991 nvlist_add_number(limits, SYSCTL1_NAME,
992 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
993 CHECK(cap_limit_set(capsysctl, limits) == 0);
994 limits = nvlist_create(0);
995 nvlist_add_number(limits, SYSCTL0_NAME,
996 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
997 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
998 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1000 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
1002 cap_close(capsysctl);
1006 * SYSCTL0_PARENT/READ/RECURSIVE
1007 * SYSCTL1_PARENT/WRITE/RECURSIVE
1010 capsysctl = cap_clone(origcapsysctl);
1011 CHECK(capsysctl != NULL);
1013 limits = nvlist_create(0);
1014 nvlist_add_number(limits, SYSCTL0_PARENT,
1015 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1016 nvlist_add_number(limits, SYSCTL1_PARENT,
1017 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1018 CHECK(cap_limit_set(capsysctl, limits) == 0);
1020 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1022 cap_close(capsysctl);
1026 * SYSCTL0_NAME/READ/RECURSIVE
1027 * SYSCTL1_NAME/WRITE/RECURSIVE
1030 capsysctl = cap_clone(origcapsysctl);
1031 CHECK(capsysctl != NULL);
1033 limits = nvlist_create(0);
1034 nvlist_add_number(limits, SYSCTL0_NAME,
1035 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1036 nvlist_add_number(limits, SYSCTL1_NAME,
1037 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1038 CHECK(cap_limit_set(capsysctl, limits) == 0);
1040 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1042 cap_close(capsysctl);
1046 * SYSCTL0_PARENT/READ
1047 * SYSCTL1_PARENT/WRITE
1050 capsysctl = cap_clone(origcapsysctl);
1051 CHECK(capsysctl != NULL);
1053 limits = nvlist_create(0);
1054 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1055 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1056 CHECK(cap_limit_set(capsysctl, limits) == 0);
1058 CHECK(runtest(capsysctl) == 0);
1060 cap_close(capsysctl);
1065 * SYSCTL1_NAME/WRITE
1068 capsysctl = cap_clone(origcapsysctl);
1069 CHECK(capsysctl != NULL);
1071 limits = nvlist_create(0);
1072 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1073 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1074 CHECK(cap_limit_set(capsysctl, limits) == 0);
1076 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1078 cap_close(capsysctl);
1082 * SYSCTL0_PARENT/READ
1083 * SYSCTL1_PARENT/WRITE/RECURSIVE
1086 capsysctl = cap_clone(origcapsysctl);
1087 CHECK(capsysctl != NULL);
1089 limits = nvlist_create(0);
1090 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1091 nvlist_add_number(limits, SYSCTL1_PARENT,
1092 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1093 CHECK(cap_limit_set(capsysctl, limits) == 0);
1095 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
1097 cap_close(capsysctl);
1102 * SYSCTL1_NAME/WRITE/RECURSIVE
1105 capsysctl = cap_clone(origcapsysctl);
1106 CHECK(capsysctl != NULL);
1108 limits = nvlist_create(0);
1109 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1110 nvlist_add_number(limits, SYSCTL1_NAME,
1111 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1112 CHECK(cap_limit_set(capsysctl, limits) == 0);
1114 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1116 cap_close(capsysctl);
1120 test_names(cap_channel_t *origcapsysctl)
1122 cap_channel_t *capsysctl;
1127 * SYSCTL0_PARENT/READ/RECURSIVE
1130 capsysctl = cap_clone(origcapsysctl);
1131 CHECK(capsysctl != NULL);
1133 limits = nvlist_create(0);
1134 nvlist_add_number(limits, SYSCTL0_PARENT,
1135 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1136 CHECK(cap_limit_set(capsysctl, limits) == 0);
1137 limits = nvlist_create(0);
1138 nvlist_add_number(limits, SYSCTL0_PARENT,
1139 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1140 nvlist_add_number(limits, SYSCTL1_PARENT,
1141 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1142 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1143 limits = nvlist_create(0);
1144 nvlist_add_number(limits, SYSCTL1_PARENT,
1145 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1146 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1147 limits = nvlist_create(0);
1148 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1149 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1150 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1151 limits = nvlist_create(0);
1152 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1153 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1155 CHECK(runtest(capsysctl) == SYSCTL0_READ0);
1157 cap_close(capsysctl);
1161 * SYSCTL1_NAME/READ/RECURSIVE
1164 capsysctl = cap_clone(origcapsysctl);
1165 CHECK(capsysctl != NULL);
1167 limits = nvlist_create(0);
1168 nvlist_add_number(limits, SYSCTL1_NAME,
1169 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1170 CHECK(cap_limit_set(capsysctl, limits) == 0);
1171 limits = nvlist_create(0);
1172 nvlist_add_number(limits, SYSCTL0_NAME,
1173 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1174 nvlist_add_number(limits, SYSCTL1_NAME,
1175 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1176 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1177 limits = nvlist_create(0);
1178 nvlist_add_number(limits, SYSCTL0_NAME,
1179 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1180 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1181 limits = nvlist_create(0);
1182 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1183 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1184 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1185 limits = nvlist_create(0);
1186 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1187 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1189 CHECK(runtest(capsysctl) == SYSCTL1_READ0);
1191 cap_close(capsysctl);
1195 * SYSCTL0_PARENT/WRITE/RECURSIVE
1198 capsysctl = cap_clone(origcapsysctl);
1199 CHECK(capsysctl != NULL);
1201 limits = nvlist_create(0);
1202 nvlist_add_number(limits, SYSCTL0_PARENT,
1203 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1204 CHECK(cap_limit_set(capsysctl, limits) == 0);
1205 limits = nvlist_create(0);
1206 nvlist_add_number(limits, SYSCTL0_PARENT,
1207 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1208 nvlist_add_number(limits, SYSCTL1_PARENT,
1209 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1210 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1211 limits = nvlist_create(0);
1212 nvlist_add_number(limits, SYSCTL1_PARENT,
1213 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1214 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1215 limits = nvlist_create(0);
1216 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1217 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1218 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1219 limits = nvlist_create(0);
1220 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1221 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1223 CHECK(runtest(capsysctl) == SYSCTL0_WRITE);
1225 cap_close(capsysctl);
1229 * SYSCTL1_NAME/WRITE/RECURSIVE
1232 capsysctl = cap_clone(origcapsysctl);
1233 CHECK(capsysctl != NULL);
1235 limits = nvlist_create(0);
1236 nvlist_add_number(limits, SYSCTL1_NAME,
1237 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1238 CHECK(cap_limit_set(capsysctl, limits) == 0);
1239 limits = nvlist_create(0);
1240 nvlist_add_number(limits, SYSCTL0_NAME,
1241 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1242 nvlist_add_number(limits, SYSCTL1_NAME,
1243 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1244 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1245 limits = nvlist_create(0);
1246 nvlist_add_number(limits, SYSCTL0_NAME,
1247 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1248 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1249 limits = nvlist_create(0);
1250 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1251 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1252 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1253 limits = nvlist_create(0);
1254 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1255 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1257 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
1259 cap_close(capsysctl);
1263 * SYSCTL0_PARENT/RDWR/RECURSIVE
1266 capsysctl = cap_clone(origcapsysctl);
1267 CHECK(capsysctl != NULL);
1269 limits = nvlist_create(0);
1270 nvlist_add_number(limits, SYSCTL0_PARENT,
1271 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1272 CHECK(cap_limit_set(capsysctl, limits) == 0);
1273 limits = nvlist_create(0);
1274 nvlist_add_number(limits, SYSCTL0_PARENT,
1275 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1276 nvlist_add_number(limits, SYSCTL1_PARENT,
1277 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1278 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1279 limits = nvlist_create(0);
1280 nvlist_add_number(limits, SYSCTL1_PARENT,
1281 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1282 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1283 limits = nvlist_create(0);
1284 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1285 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1286 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1287 limits = nvlist_create(0);
1288 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1289 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1291 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
1292 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE));
1294 cap_close(capsysctl);
1298 * SYSCTL1_NAME/RDWR/RECURSIVE
1301 capsysctl = cap_clone(origcapsysctl);
1302 CHECK(capsysctl != NULL);
1304 limits = nvlist_create(0);
1305 nvlist_add_number(limits, SYSCTL1_NAME,
1306 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1307 CHECK(cap_limit_set(capsysctl, limits) == 0);
1308 limits = nvlist_create(0);
1309 nvlist_add_number(limits, SYSCTL0_NAME,
1310 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1311 nvlist_add_number(limits, SYSCTL1_NAME,
1312 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1313 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1314 limits = nvlist_create(0);
1315 nvlist_add_number(limits, SYSCTL0_NAME,
1316 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1317 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1318 limits = nvlist_create(0);
1319 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1320 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1321 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1322 limits = nvlist_create(0);
1323 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1324 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1326 CHECK(runtest(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
1327 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
1329 cap_close(capsysctl);
1333 * SYSCTL0_PARENT/READ
1336 capsysctl = cap_clone(origcapsysctl);
1337 CHECK(capsysctl != NULL);
1339 limits = nvlist_create(0);
1340 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1341 CHECK(cap_limit_set(capsysctl, limits) == 0);
1342 limits = nvlist_create(0);
1343 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1344 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1345 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1346 limits = nvlist_create(0);
1347 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1348 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1350 CHECK(runtest(capsysctl) == 0);
1352 cap_close(capsysctl);
1359 capsysctl = cap_clone(origcapsysctl);
1360 CHECK(capsysctl != NULL);
1362 limits = nvlist_create(0);
1363 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1364 CHECK(cap_limit_set(capsysctl, limits) == 0);
1365 limits = nvlist_create(0);
1366 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1367 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1368 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1369 limits = nvlist_create(0);
1370 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1371 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1373 CHECK(runtest(capsysctl) == SYSCTL1_READ0);
1375 cap_close(capsysctl);
1379 * SYSCTL0_PARENT/WRITE
1382 capsysctl = cap_clone(origcapsysctl);
1383 CHECK(capsysctl != NULL);
1385 limits = nvlist_create(0);
1386 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1387 CHECK(cap_limit_set(capsysctl, limits) == 0);
1388 limits = nvlist_create(0);
1389 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1390 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1391 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1392 limits = nvlist_create(0);
1393 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1394 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1396 CHECK(runtest(capsysctl) == 0);
1398 cap_close(capsysctl);
1402 * SYSCTL1_NAME/WRITE
1405 capsysctl = cap_clone(origcapsysctl);
1406 CHECK(capsysctl != NULL);
1408 limits = nvlist_create(0);
1409 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1410 CHECK(cap_limit_set(capsysctl, limits) == 0);
1411 limits = nvlist_create(0);
1412 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1413 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1414 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1415 limits = nvlist_create(0);
1416 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1417 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1419 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
1421 cap_close(capsysctl);
1425 * SYSCTL0_PARENT/RDWR
1428 capsysctl = cap_clone(origcapsysctl);
1429 CHECK(capsysctl != NULL);
1431 limits = nvlist_create(0);
1432 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
1433 CHECK(cap_limit_set(capsysctl, limits) == 0);
1434 limits = nvlist_create(0);
1435 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
1436 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
1437 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1438 limits = nvlist_create(0);
1439 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
1440 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1442 CHECK(runtest(capsysctl) == 0);
1444 cap_close(capsysctl);
1451 capsysctl = cap_clone(origcapsysctl);
1452 CHECK(capsysctl != NULL);
1454 limits = nvlist_create(0);
1455 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1456 CHECK(cap_limit_set(capsysctl, limits) == 0);
1457 limits = nvlist_create(0);
1458 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1459 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1460 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1461 limits = nvlist_create(0);
1462 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1463 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1465 CHECK(runtest(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
1466 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
1468 cap_close(capsysctl);
1474 cap_channel_t *capcas, *capsysctl;
1475 int scvalue0, scvalue1;
1481 scsize = sizeof(scvalue0);
1482 CHECKX(sysctlbyname(SYSCTL0_NAME, &scvalue0, &scsize, NULL, 0) == 0);
1483 CHECKX(scsize == sizeof(scvalue0));
1484 scsize = sizeof(scvalue1);
1485 CHECKX(sysctlbyname(SYSCTL1_NAME, &scvalue1, &scsize, NULL, 0) == 0);
1486 CHECKX(scsize == sizeof(scvalue1));
1488 capcas = cap_init();
1489 CHECKX(capcas != NULL);
1491 capsysctl = cap_service_open(capcas, "system.sysctl");
1492 CHECKX(capsysctl != NULL);
1496 /* No limits set. */
1498 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
1499 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
1500 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
1501 SYSCTL1_READ_WRITE));
1503 test_operation(capsysctl);
1505 test_names(capsysctl);
1507 cap_close(capsysctl);
1509 CHECK(sysctlbyname(SYSCTL0_NAME, NULL, NULL, &scvalue0,
1510 sizeof(scvalue0)) == 0);
1511 CHECK(sysctlbyname(SYSCTL1_NAME, NULL, NULL, &scvalue1,
1512 sizeof(scvalue1)) == 0);
projects / FreeBSD / FreeBSD.git / blob