2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2013, 2018 The FreeBSD Foundation
7 * This software was developed by Pawel Jakub Dawidek under sponsorship from
8 * the FreeBSD Foundation.
10 * Portions of this software were developed by Mark Johnston
11 * under sponsorship from the FreeBSD Foundation.
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
38 #include <sys/types.h>
39 #include <sys/capsicum.h>
40 #include <sys/sysctl.h>
52 #include <libcasper.h>
53 #include <casper/cap_sysctl.h>
58 * We need some sysctls to perform the tests on.
59 * We remember their values and restore them afer the test is done.
61 #define SYSCTL0_PARENT "kern"
62 #define SYSCTL0_NAME "kern.sync_on_panic"
63 #define SYSCTL0_FILE "./sysctl0"
64 #define SYSCTL1_PARENT "debug"
65 #define SYSCTL1_NAME "debug.minidump"
66 #define SYSCTL1_FILE "./sysctl1"
68 #define SYSCTL0_READ0 0x0001
69 #define SYSCTL0_READ1 0x0002
70 #define SYSCTL0_READ2 0x0004
71 #define SYSCTL0_WRITE 0x0008
72 #define SYSCTL0_READ_WRITE 0x0010
73 #define SYSCTL1_READ0 0x0020
74 #define SYSCTL1_READ1 0x0040
75 #define SYSCTL1_READ2 0x0080
76 #define SYSCTL1_WRITE 0x0100
77 #define SYSCTL1_READ_WRITE 0x0200
80 save_int_sysctl(const char *name, const char *file)
87 error = sysctlbyname(name, &val, &sz, NULL, 0);
88 ATF_REQUIRE_MSG(error == 0,
89 "sysctlbyname(%s): %s", name, strerror(errno));
91 fd = open(file, O_CREAT | O_WRONLY, 0600);
92 ATF_REQUIRE_MSG(fd >= 0, "open(%s): %s", file, strerror(errno));
93 n = write(fd, &val, sz);
94 ATF_REQUIRE(n >= 0 && (size_t)n == sz);
96 ATF_REQUIRE(error == 0);
100 restore_int_sysctl(const char *name, const char *file)
106 fd = open(file, O_RDONLY);
107 ATF_REQUIRE(fd >= 0);
109 n = read(fd, &val, sz);
110 ATF_REQUIRE(n >= 0 && (size_t)n == sz);
111 error = unlink(file);
112 ATF_REQUIRE(error == 0);
114 ATF_REQUIRE(error == 0);
116 error = sysctlbyname(name, NULL, NULL, &val, sz);
117 ATF_REQUIRE_MSG(error == 0,
118 "sysctlbyname(%s): %s", name, strerror(errno));
121 static cap_channel_t *
124 cap_channel_t *capcas, *capsysctl;
126 save_int_sysctl(SYSCTL0_NAME, SYSCTL0_FILE);
127 save_int_sysctl(SYSCTL1_NAME, SYSCTL1_FILE);
130 ATF_REQUIRE(capcas != NULL);
132 capsysctl = cap_service_open(capcas, "system.sysctl");
133 ATF_REQUIRE(capsysctl != NULL);
144 restore_int_sysctl(SYSCTL0_NAME, SYSCTL0_FILE);
145 restore_int_sysctl(SYSCTL1_NAME, SYSCTL1_FILE);
149 checkcaps(cap_channel_t *capsysctl)
152 size_t len0, len1, oldsize;
153 int error, mib0[2], mib1[2], oldvalue, newvalue;
158 ATF_REQUIRE(sysctlnametomib(SYSCTL0_NAME, mib0, &len0) == 0);
160 ATF_REQUIRE(sysctlnametomib(SYSCTL1_NAME, mib1, &len1) == 0);
162 oldsize = sizeof(oldvalue);
163 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,
165 if (oldsize == sizeof(oldvalue))
166 result |= SYSCTL0_READ0;
168 error = cap_sysctl(capsysctl, mib0, len0, &oldvalue, &oldsize, NULL, 0);
169 if ((result & SYSCTL0_READ0) != 0)
170 ATF_REQUIRE(error == 0);
172 ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);
175 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, NULL, NULL, &newvalue,
176 sizeof(newvalue)) == 0) {
177 result |= SYSCTL0_WRITE;
180 if ((result & SYSCTL0_WRITE) != 0) {
181 oldsize = sizeof(oldvalue);
182 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,
183 &oldsize, NULL, 0) == 0) {
184 if (oldsize == sizeof(oldvalue) && oldvalue == 123)
185 result |= SYSCTL0_READ1;
189 error = cap_sysctl(capsysctl, mib0, len0, NULL, NULL,
190 &newvalue, sizeof(newvalue));
191 if ((result & SYSCTL0_WRITE) != 0)
192 ATF_REQUIRE(error == 0);
194 ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);
196 oldsize = sizeof(oldvalue);
198 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,
199 &newvalue, sizeof(newvalue)) == 0) {
200 if (oldsize == sizeof(oldvalue) && oldvalue == 123)
201 result |= SYSCTL0_READ_WRITE;
204 if ((result & SYSCTL0_READ_WRITE) != 0) {
205 oldsize = sizeof(oldvalue);
206 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,
207 &oldsize, NULL, 0) == 0) {
208 if (oldsize == sizeof(oldvalue) && oldvalue == 4567)
209 result |= SYSCTL0_READ2;
213 oldsize = sizeof(oldvalue);
214 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,
216 if (oldsize == sizeof(oldvalue))
217 result |= SYSCTL1_READ0;
219 error = cap_sysctl(capsysctl, mib1, len1, &oldvalue, &oldsize, NULL, 0);
220 if ((result & SYSCTL1_READ0) != 0)
221 ATF_REQUIRE(error == 0);
223 ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);
226 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, NULL, NULL, &newvalue,
227 sizeof(newvalue)) == 0) {
228 result |= SYSCTL1_WRITE;
231 if ((result & SYSCTL1_WRITE) != 0) {
233 ATF_REQUIRE(cap_sysctl(capsysctl, mib1, len1, NULL, NULL,
234 &newvalue, sizeof(newvalue)) == 0);
236 oldsize = sizeof(oldvalue);
237 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,
238 &oldsize, NULL, 0) == 0) {
239 if (oldsize == sizeof(oldvalue) && oldvalue == 506)
240 result |= SYSCTL1_READ1;
244 error = cap_sysctl(capsysctl, mib1, len1, NULL, NULL,
245 &newvalue, sizeof(newvalue));
246 if ((result & SYSCTL1_WRITE) != 0)
247 ATF_REQUIRE(error == 0);
249 ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);
251 oldsize = sizeof(oldvalue);
253 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,
254 &newvalue, sizeof(newvalue)) == 0) {
255 if (oldsize == sizeof(oldvalue) && oldvalue == 506)
256 result |= SYSCTL1_READ_WRITE;
259 if ((result & SYSCTL1_READ_WRITE) != 0) {
260 oldsize = sizeof(oldvalue);
261 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,
262 &oldsize, NULL, 0) == 0) {
263 if (oldsize == sizeof(oldvalue) && oldvalue == 7008)
264 result |= SYSCTL1_READ2;
271 ATF_TC_WITH_CLEANUP(cap_sysctl__operation);
272 ATF_TC_HEAD(cap_sysctl__operation, tc)
275 ATF_TC_BODY(cap_sysctl__operation, tc)
277 cap_channel_t *capsysctl, *ocapsysctl;
280 ocapsysctl = initcap();
284 * SYSCTL0_PARENT/RDWR/RECURSIVE
285 * SYSCTL1_PARENT/RDWR/RECURSIVE
288 capsysctl = cap_clone(ocapsysctl);
289 ATF_REQUIRE(capsysctl != NULL);
291 limit = cap_sysctl_limit_init(capsysctl);
292 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
293 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
294 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
295 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
296 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
298 limit = cap_sysctl_limit_init(capsysctl);
299 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
300 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
301 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
302 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
303 (void)cap_sysctl_limit_name(limit, "foo.bar",
304 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
305 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
307 limit = cap_sysctl_limit_init(capsysctl);
308 (void)cap_sysctl_limit_name(limit, "foo.bar",
309 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
310 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
312 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
313 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
314 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
315 SYSCTL1_READ_WRITE));
317 limit = cap_sysctl_limit_init(capsysctl);
318 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
319 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
320 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
321 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
322 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
324 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
325 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
326 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
327 SYSCTL1_READ_WRITE));
329 limit = cap_sysctl_limit_init(capsysctl);
330 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
331 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
332 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
333 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
334 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
336 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
338 limit = cap_sysctl_limit_init(capsysctl);
339 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
340 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
341 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
343 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
345 limit = cap_sysctl_limit_init(capsysctl);
346 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
347 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
349 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL0_READ0);
351 cap_close(capsysctl);
355 * SYSCTL0_NAME/RDWR/RECURSIVE
356 * SYSCTL1_NAME/RDWR/RECURSIVE
359 capsysctl = cap_clone(ocapsysctl);
360 ATF_REQUIRE(capsysctl != NULL);
362 limit = cap_sysctl_limit_init(capsysctl);
363 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
364 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
365 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
366 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
367 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
369 limit = cap_sysctl_limit_init(capsysctl);
370 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
371 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
372 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
373 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
374 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
375 limit = cap_sysctl_limit_init(capsysctl);
376 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
377 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
378 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
379 limit = cap_sysctl_limit_init(capsysctl);
380 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
381 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
382 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
383 limit = cap_sysctl_limit_init(capsysctl);
384 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
385 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
387 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
388 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
389 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
390 SYSCTL1_READ_WRITE));
392 cap_close(capsysctl);
396 * SYSCTL0_PARENT/RDWR
397 * SYSCTL1_PARENT/RDWR
400 capsysctl = cap_clone(ocapsysctl);
401 ATF_REQUIRE(capsysctl != NULL);
403 limit = cap_sysctl_limit_init(capsysctl);
404 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
405 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
406 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
407 limit = cap_sysctl_limit_init(capsysctl);
408 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
409 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
410 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
411 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
412 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
413 limit = cap_sysctl_limit_init(capsysctl);
414 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
415 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
416 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
417 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
418 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
419 limit = cap_sysctl_limit_init(capsysctl);
420 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
421 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
422 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
424 ATF_REQUIRE(checkcaps(capsysctl) == 0);
426 cap_close(capsysctl);
434 capsysctl = cap_clone(ocapsysctl);
435 ATF_REQUIRE(capsysctl != NULL);
437 limit = cap_sysctl_limit_init(capsysctl);
438 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
439 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
440 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
441 limit = cap_sysctl_limit_init(capsysctl);
442 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
443 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
444 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
445 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
446 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
447 limit = cap_sysctl_limit_init(capsysctl);
448 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
449 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
450 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
451 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
452 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
453 limit = cap_sysctl_limit_init(capsysctl);
454 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
455 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
456 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
458 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
459 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
460 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
461 SYSCTL1_READ_WRITE));
463 cap_close(capsysctl);
467 * SYSCTL0_PARENT/RDWR
468 * SYSCTL1_PARENT/RDWR/RECURSIVE
471 capsysctl = cap_clone(ocapsysctl);
472 ATF_REQUIRE(capsysctl != NULL);
474 limit = cap_sysctl_limit_init(capsysctl);
475 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
476 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
477 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
478 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
479 limit = cap_sysctl_limit_init(capsysctl);
480 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
481 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
482 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
483 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
484 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
485 limit = cap_sysctl_limit_init(capsysctl);
486 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
487 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
488 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
489 limit = cap_sysctl_limit_init(capsysctl);
490 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
491 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
492 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
493 limit = cap_sysctl_limit_init(capsysctl);
494 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
495 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
496 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
498 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
499 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
501 cap_close(capsysctl);
506 * SYSCTL1_NAME/RDWR/RECURSIVE
509 capsysctl = cap_clone(ocapsysctl);
510 ATF_REQUIRE(capsysctl != NULL);
512 limit = cap_sysctl_limit_init(capsysctl);
513 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
514 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
515 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
516 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
517 limit = cap_sysctl_limit_init(capsysctl);
518 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
519 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
520 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
521 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
522 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
523 limit = cap_sysctl_limit_init(capsysctl);
524 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
525 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
526 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
527 limit = cap_sysctl_limit_init(capsysctl);
528 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
529 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
530 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
532 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
533 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
534 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
535 SYSCTL1_READ_WRITE));
537 cap_close(capsysctl);
541 * SYSCTL0_PARENT/READ/RECURSIVE
542 * SYSCTL1_PARENT/READ/RECURSIVE
545 capsysctl = cap_clone(ocapsysctl);
546 ATF_REQUIRE(capsysctl != NULL);
548 limit = cap_sysctl_limit_init(capsysctl);
549 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
550 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
551 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
552 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
553 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
554 limit = cap_sysctl_limit_init(capsysctl);
555 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
556 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
557 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
558 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
559 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
560 limit = cap_sysctl_limit_init(capsysctl);
561 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
562 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
563 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
564 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
565 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
566 limit = cap_sysctl_limit_init(capsysctl);
567 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
568 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
569 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
570 limit = cap_sysctl_limit_init(capsysctl);
571 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
572 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
573 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
574 limit = cap_sysctl_limit_init(capsysctl);
575 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
576 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
577 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
578 limit = cap_sysctl_limit_init(capsysctl);
579 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
580 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
581 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
582 limit = cap_sysctl_limit_init(capsysctl);
583 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
584 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
585 limit = cap_sysctl_limit_init(capsysctl);
586 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
587 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
589 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
591 cap_close(capsysctl);
595 * SYSCTL0_NAME/READ/RECURSIVE
596 * SYSCTL1_NAME/READ/RECURSIVE
599 capsysctl = cap_clone(ocapsysctl);
600 ATF_REQUIRE(capsysctl != NULL);
602 limit = cap_sysctl_limit_init(capsysctl);
603 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
604 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
605 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
606 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
607 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
608 limit = cap_sysctl_limit_init(capsysctl);
609 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
610 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
611 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
612 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
613 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
614 limit = cap_sysctl_limit_init(capsysctl);
615 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
616 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
617 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
618 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
619 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
620 limit = cap_sysctl_limit_init(capsysctl);
621 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
622 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
623 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
624 limit = cap_sysctl_limit_init(capsysctl);
625 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
626 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
627 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
628 limit = cap_sysctl_limit_init(capsysctl);
629 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
630 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
631 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
632 limit = cap_sysctl_limit_init(capsysctl);
633 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
634 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
635 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
636 limit = cap_sysctl_limit_init(capsysctl);
637 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
638 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
639 limit = cap_sysctl_limit_init(capsysctl);
640 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
641 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
643 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
645 cap_close(capsysctl);
649 * SYSCTL0_PARENT/READ
650 * SYSCTL1_PARENT/READ
653 capsysctl = cap_clone(ocapsysctl);
654 ATF_REQUIRE(capsysctl != NULL);
656 limit = cap_sysctl_limit_init(capsysctl);
657 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
658 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
659 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
660 limit = cap_sysctl_limit_init(capsysctl);
661 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
662 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
663 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
664 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
665 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
666 limit = cap_sysctl_limit_init(capsysctl);
667 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
668 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
669 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
670 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
671 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
672 limit = cap_sysctl_limit_init(capsysctl);
673 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
674 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
675 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
676 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
677 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
678 limit = cap_sysctl_limit_init(capsysctl);
679 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
680 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
681 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
682 limit = cap_sysctl_limit_init(capsysctl);
683 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
684 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
685 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
686 limit = cap_sysctl_limit_init(capsysctl);
687 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
688 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
689 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
690 limit = cap_sysctl_limit_init(capsysctl);
691 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
692 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
693 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
694 limit = cap_sysctl_limit_init(capsysctl);
695 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
696 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
697 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
698 limit = cap_sysctl_limit_init(capsysctl);
699 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
700 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
701 limit = cap_sysctl_limit_init(capsysctl);
702 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
703 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
705 ATF_REQUIRE(checkcaps(capsysctl) == 0);
707 cap_close(capsysctl);
715 capsysctl = cap_clone(ocapsysctl);
716 ATF_REQUIRE(capsysctl != NULL);
718 limit = cap_sysctl_limit_init(capsysctl);
719 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
720 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
721 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
722 limit = cap_sysctl_limit_init(capsysctl);
723 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
724 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
725 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
726 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
727 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
728 limit = cap_sysctl_limit_init(capsysctl);
729 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
730 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
731 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
732 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
733 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
734 limit = cap_sysctl_limit_init(capsysctl);
735 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
736 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
737 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
738 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
739 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
740 limit = cap_sysctl_limit_init(capsysctl);
741 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
742 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
743 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
744 limit = cap_sysctl_limit_init(capsysctl);
745 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
746 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
747 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
748 limit = cap_sysctl_limit_init(capsysctl);
749 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
750 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
751 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
752 limit = cap_sysctl_limit_init(capsysctl);
753 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
754 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
755 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
756 limit = cap_sysctl_limit_init(capsysctl);
757 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
758 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
759 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
760 limit = cap_sysctl_limit_init(capsysctl);
761 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
762 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
763 limit = cap_sysctl_limit_init(capsysctl);
764 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
765 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
767 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
769 cap_close(capsysctl);
773 * SYSCTL0_PARENT/READ
774 * SYSCTL1_PARENT/READ/RECURSIVE
777 capsysctl = cap_clone(ocapsysctl);
778 ATF_REQUIRE(capsysctl != NULL);
780 limit = cap_sysctl_limit_init(capsysctl);
781 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
782 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
783 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
784 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
785 limit = cap_sysctl_limit_init(capsysctl);
786 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
787 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
788 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
789 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
791 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_READ0);
793 cap_close(capsysctl);
798 * SYSCTL1_NAME/READ/RECURSIVE
801 capsysctl = cap_clone(ocapsysctl);
802 ATF_REQUIRE(capsysctl != NULL);
804 limit = cap_sysctl_limit_init(capsysctl);
805 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
806 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
807 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
808 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
809 limit = cap_sysctl_limit_init(capsysctl);
810 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
811 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
812 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
813 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
815 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
817 cap_close(capsysctl);
821 * SYSCTL0_PARENT/WRITE/RECURSIVE
822 * SYSCTL1_PARENT/WRITE/RECURSIVE
825 capsysctl = cap_clone(ocapsysctl);
826 ATF_REQUIRE(capsysctl != NULL);
828 limit = cap_sysctl_limit_init(capsysctl);
829 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
830 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
831 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
832 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
833 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
834 limit = cap_sysctl_limit_init(capsysctl);
835 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
836 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
837 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
838 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
839 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
840 limit = cap_sysctl_limit_init(capsysctl);
841 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
842 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
843 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
844 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
845 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
846 limit = cap_sysctl_limit_init(capsysctl);
847 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
848 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
849 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
850 limit = cap_sysctl_limit_init(capsysctl);
851 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
852 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
853 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
854 limit = cap_sysctl_limit_init(capsysctl);
855 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
856 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
857 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
858 limit = cap_sysctl_limit_init(capsysctl);
859 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
860 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
861 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
862 limit = cap_sysctl_limit_init(capsysctl);
863 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
864 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
865 limit = cap_sysctl_limit_init(capsysctl);
866 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
867 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
869 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
871 cap_close(capsysctl);
875 * SYSCTL0_NAME/WRITE/RECURSIVE
876 * SYSCTL1_NAME/WRITE/RECURSIVE
879 capsysctl = cap_clone(ocapsysctl);
880 ATF_REQUIRE(capsysctl != NULL);
882 limit = cap_sysctl_limit_init(capsysctl);
883 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
884 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
885 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
886 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
887 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
888 limit = cap_sysctl_limit_init(capsysctl);
889 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
890 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
891 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
892 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
893 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
894 limit = cap_sysctl_limit_init(capsysctl);
895 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
896 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
897 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
898 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
899 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
900 limit = cap_sysctl_limit_init(capsysctl);
901 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
902 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
903 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
904 limit = cap_sysctl_limit_init(capsysctl);
905 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
906 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
907 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
908 limit = cap_sysctl_limit_init(capsysctl);
909 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
910 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
911 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
912 limit = cap_sysctl_limit_init(capsysctl);
913 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
914 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
915 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
916 limit = cap_sysctl_limit_init(capsysctl);
917 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
918 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
919 limit = cap_sysctl_limit_init(capsysctl);
920 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
921 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
923 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
925 cap_close(capsysctl);
929 * SYSCTL0_PARENT/WRITE
930 * SYSCTL1_PARENT/WRITE
933 capsysctl = cap_clone(ocapsysctl);
934 ATF_REQUIRE(capsysctl != NULL);
936 limit = cap_sysctl_limit_init(capsysctl);
937 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
938 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
939 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
940 limit = cap_sysctl_limit_init(capsysctl);
941 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
942 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
943 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
944 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
945 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
946 limit = cap_sysctl_limit_init(capsysctl);
947 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
948 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
949 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
950 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
951 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
952 limit = cap_sysctl_limit_init(capsysctl);
953 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
954 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
955 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
956 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
957 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
958 limit = cap_sysctl_limit_init(capsysctl);
959 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
960 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
961 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
962 limit = cap_sysctl_limit_init(capsysctl);
963 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
964 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
965 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
966 limit = cap_sysctl_limit_init(capsysctl);
967 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
968 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
969 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
970 limit = cap_sysctl_limit_init(capsysctl);
971 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
972 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
973 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
974 limit = cap_sysctl_limit_init(capsysctl);
975 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
976 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
977 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
978 limit = cap_sysctl_limit_init(capsysctl);
979 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
980 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
981 limit = cap_sysctl_limit_init(capsysctl);
982 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
983 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
985 ATF_REQUIRE(checkcaps(capsysctl) == 0);
987 cap_close(capsysctl);
995 capsysctl = cap_clone(ocapsysctl);
996 ATF_REQUIRE(capsysctl != NULL);
998 limit = cap_sysctl_limit_init(capsysctl);
999 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1000 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1001 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1002 limit = cap_sysctl_limit_init(capsysctl);
1003 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1004 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1005 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1006 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1007 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1008 limit = cap_sysctl_limit_init(capsysctl);
1009 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1010 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1011 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1012 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1013 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1014 limit = cap_sysctl_limit_init(capsysctl);
1015 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1016 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1017 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1018 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1019 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1020 limit = cap_sysctl_limit_init(capsysctl);
1021 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1022 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1023 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1024 limit = cap_sysctl_limit_init(capsysctl);
1025 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1026 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
1027 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1028 limit = cap_sysctl_limit_init(capsysctl);
1029 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1030 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1031 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1032 limit = cap_sysctl_limit_init(capsysctl);
1033 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1034 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1035 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1036 limit = cap_sysctl_limit_init(capsysctl);
1037 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1038 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1039 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1040 limit = cap_sysctl_limit_init(capsysctl);
1041 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1042 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1043 limit = cap_sysctl_limit_init(capsysctl);
1044 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1045 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1047 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
1049 cap_close(capsysctl);
1053 * SYSCTL0_PARENT/WRITE
1054 * SYSCTL1_PARENT/WRITE/RECURSIVE
1057 capsysctl = cap_clone(ocapsysctl);
1058 ATF_REQUIRE(capsysctl != NULL);
1060 limit = cap_sysctl_limit_init(capsysctl);
1061 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1062 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1063 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1064 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1065 limit = cap_sysctl_limit_init(capsysctl);
1066 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1067 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1068 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1069 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1071 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);
1073 cap_close(capsysctl);
1077 * SYSCTL0_NAME/WRITE
1078 * SYSCTL1_NAME/WRITE/RECURSIVE
1081 capsysctl = cap_clone(ocapsysctl);
1082 ATF_REQUIRE(capsysctl != NULL);
1084 limit = cap_sysctl_limit_init(capsysctl);
1085 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1086 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1087 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1088 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1089 limit = cap_sysctl_limit_init(capsysctl);
1090 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1091 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1092 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1093 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1095 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
1097 cap_close(capsysctl);
1101 * SYSCTL0_PARENT/READ/RECURSIVE
1102 * SYSCTL1_PARENT/WRITE/RECURSIVE
1105 capsysctl = cap_clone(ocapsysctl);
1106 ATF_REQUIRE(capsysctl != NULL);
1108 limit = cap_sysctl_limit_init(capsysctl);
1109 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1110 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1111 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1112 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1113 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1115 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1117 cap_close(capsysctl);
1121 * SYSCTL0_NAME/READ/RECURSIVE
1122 * SYSCTL1_NAME/WRITE/RECURSIVE
1125 capsysctl = cap_clone(ocapsysctl);
1126 ATF_REQUIRE(capsysctl != NULL);
1128 limit = cap_sysctl_limit_init(capsysctl);
1129 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1130 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1131 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1132 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1133 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1135 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1137 cap_close(capsysctl);
1141 * SYSCTL0_PARENT/READ
1142 * SYSCTL1_PARENT/WRITE
1145 capsysctl = cap_clone(ocapsysctl);
1146 ATF_REQUIRE(capsysctl != NULL);
1148 limit = cap_sysctl_limit_init(capsysctl);
1149 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1150 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1151 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1153 ATF_REQUIRE(checkcaps(capsysctl) == 0);
1155 cap_close(capsysctl);
1160 * SYSCTL1_NAME/WRITE
1163 capsysctl = cap_clone(ocapsysctl);
1164 ATF_REQUIRE(capsysctl != NULL);
1166 limit = cap_sysctl_limit_init(capsysctl);
1167 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1168 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1169 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1171 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1173 cap_close(capsysctl);
1177 * SYSCTL0_PARENT/READ
1178 * SYSCTL1_PARENT/WRITE/RECURSIVE
1181 capsysctl = cap_clone(ocapsysctl);
1182 ATF_REQUIRE(capsysctl != NULL);
1184 limit = cap_sysctl_limit_init(capsysctl);
1185 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1186 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1187 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1188 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1190 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);
1192 cap_close(capsysctl);
1197 * SYSCTL1_NAME/WRITE/RECURSIVE
1200 capsysctl = cap_clone(ocapsysctl);
1201 ATF_REQUIRE(capsysctl != NULL);
1203 limit = cap_sysctl_limit_init(capsysctl);
1204 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1205 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1206 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1207 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1209 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1211 cap_close(capsysctl);
1213 ATF_TC_CLEANUP(cap_sysctl__operation, tc)
1218 ATF_TC_WITH_CLEANUP(cap_sysctl__names);
1219 ATF_TC_HEAD(cap_sysctl__names, tc)
1222 ATF_TC_BODY(cap_sysctl__names, tc)
1224 cap_channel_t *capsysctl, *ocapsysctl;
1227 ocapsysctl = initcap();
1231 * SYSCTL0_PARENT/READ/RECURSIVE
1234 capsysctl = cap_clone(ocapsysctl);
1235 ATF_REQUIRE(capsysctl != NULL);
1237 limit = cap_sysctl_limit_init(capsysctl);
1238 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1239 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1240 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1241 limit = cap_sysctl_limit_init(capsysctl);
1242 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1243 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1244 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1245 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1246 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1247 limit = cap_sysctl_limit_init(capsysctl);
1248 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1249 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1250 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1251 limit = cap_sysctl_limit_init(capsysctl);
1252 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1253 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1254 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1255 limit = cap_sysctl_limit_init(capsysctl);
1256 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1257 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1259 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL0_READ0);
1261 cap_close(capsysctl);
1265 * SYSCTL1_NAME/READ/RECURSIVE
1268 capsysctl = cap_clone(ocapsysctl);
1269 ATF_REQUIRE(capsysctl != NULL);
1271 limit = cap_sysctl_limit_init(capsysctl);
1272 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1273 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1274 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1275 limit = cap_sysctl_limit_init(capsysctl);
1276 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1277 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1278 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1279 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1280 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1281 limit = cap_sysctl_limit_init(capsysctl);
1282 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1283 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1284 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1285 limit = cap_sysctl_limit_init(capsysctl);
1286 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1287 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
1288 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1289 limit = cap_sysctl_limit_init(capsysctl);
1290 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1291 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1293 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_READ0);
1295 cap_close(capsysctl);
1299 * SYSCTL0_PARENT/WRITE/RECURSIVE
1302 capsysctl = cap_clone(ocapsysctl);
1303 ATF_REQUIRE(capsysctl != NULL);
1305 limit = cap_sysctl_limit_init(capsysctl);
1306 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1307 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1308 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1309 limit = cap_sysctl_limit_init(capsysctl);
1310 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1311 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1312 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1313 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1314 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1315 limit = cap_sysctl_limit_init(capsysctl);
1316 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1317 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1318 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1319 limit = cap_sysctl_limit_init(capsysctl);
1320 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1321 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1322 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1323 limit = cap_sysctl_limit_init(capsysctl);
1324 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1325 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1327 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL0_WRITE);
1329 cap_close(capsysctl);
1333 * SYSCTL1_NAME/WRITE/RECURSIVE
1336 capsysctl = cap_clone(ocapsysctl);
1337 ATF_REQUIRE(capsysctl != NULL);
1339 limit = cap_sysctl_limit_init(capsysctl);
1340 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1341 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1342 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1343 limit = cap_sysctl_limit_init(capsysctl);
1344 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1345 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1346 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1347 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1348 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1349 limit = cap_sysctl_limit_init(capsysctl);
1350 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1351 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1352 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1353 limit = cap_sysctl_limit_init(capsysctl);
1354 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1355 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1356 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1357 limit = cap_sysctl_limit_init(capsysctl);
1358 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1359 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1361 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);
1363 cap_close(capsysctl);
1367 * SYSCTL0_PARENT/RDWR/RECURSIVE
1370 capsysctl = cap_clone(ocapsysctl);
1371 ATF_REQUIRE(capsysctl != NULL);
1373 limit = cap_sysctl_limit_init(capsysctl);
1374 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1375 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1376 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1377 limit = cap_sysctl_limit_init(capsysctl);
1378 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,
1379 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1380 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1381 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1382 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1383 limit = cap_sysctl_limit_init(capsysctl);
1384 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,
1385 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1386 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1387 limit = cap_sysctl_limit_init(capsysctl);
1388 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1389 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1390 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1391 limit = cap_sysctl_limit_init(capsysctl);
1392 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1393 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1395 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
1396 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE));
1398 cap_close(capsysctl);
1402 * SYSCTL1_NAME/RDWR/RECURSIVE
1405 capsysctl = cap_clone(ocapsysctl);
1406 ATF_REQUIRE(capsysctl != NULL);
1408 limit = cap_sysctl_limit_init(capsysctl);
1409 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1410 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1411 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1412 limit = cap_sysctl_limit_init(capsysctl);
1413 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1414 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1415 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,
1416 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1417 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1418 limit = cap_sysctl_limit_init(capsysctl);
1419 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,
1420 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1421 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1422 limit = cap_sysctl_limit_init(capsysctl);
1423 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1424 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
1425 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1426 limit = cap_sysctl_limit_init(capsysctl);
1427 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1428 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1430 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
1431 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
1433 cap_close(capsysctl);
1437 * SYSCTL0_PARENT/READ
1440 capsysctl = cap_clone(ocapsysctl);
1441 ATF_REQUIRE(capsysctl != NULL);
1443 limit = cap_sysctl_limit_init(capsysctl);
1444 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1445 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1446 limit = cap_sysctl_limit_init(capsysctl);
1447 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1448 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1449 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1450 limit = cap_sysctl_limit_init(capsysctl);
1451 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1452 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1454 ATF_REQUIRE(checkcaps(capsysctl) == 0);
1456 cap_close(capsysctl);
1463 capsysctl = cap_clone(ocapsysctl);
1464 ATF_REQUIRE(capsysctl != NULL);
1466 limit = cap_sysctl_limit_init(capsysctl);
1467 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
1468 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1469 limit = cap_sysctl_limit_init(capsysctl);
1470 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1471 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);
1472 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1473 limit = cap_sysctl_limit_init(capsysctl);
1474 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);
1475 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1477 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_READ0);
1479 cap_close(capsysctl);
1483 * SYSCTL0_PARENT/WRITE
1486 capsysctl = cap_clone(ocapsysctl);
1487 ATF_REQUIRE(capsysctl != NULL);
1489 limit = cap_sysctl_limit_init(capsysctl);
1490 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1491 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1492 limit = cap_sysctl_limit_init(capsysctl);
1493 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1494 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1495 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1496 limit = cap_sysctl_limit_init(capsysctl);
1497 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1498 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1500 ATF_REQUIRE(checkcaps(capsysctl) == 0);
1502 cap_close(capsysctl);
1506 * SYSCTL1_NAME/WRITE
1509 capsysctl = cap_clone(ocapsysctl);
1510 ATF_REQUIRE(capsysctl != NULL);
1512 limit = cap_sysctl_limit_init(capsysctl);
1513 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1514 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1515 limit = cap_sysctl_limit_init(capsysctl);
1516 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1517 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1518 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1519 limit = cap_sysctl_limit_init(capsysctl);
1520 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1521 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1523 ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);
1525 cap_close(capsysctl);
1529 * SYSCTL0_PARENT/RDWR
1532 capsysctl = cap_clone(ocapsysctl);
1533 ATF_REQUIRE(capsysctl != NULL);
1535 limit = cap_sysctl_limit_init(capsysctl);
1536 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
1537 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1538 limit = cap_sysctl_limit_init(capsysctl);
1539 (void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
1540 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
1541 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1542 limit = cap_sysctl_limit_init(capsysctl);
1543 (void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
1544 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1546 ATF_REQUIRE(checkcaps(capsysctl) == 0);
1548 cap_close(capsysctl);
1555 capsysctl = cap_clone(ocapsysctl);
1556 ATF_REQUIRE(capsysctl != NULL);
1558 limit = cap_sysctl_limit_init(capsysctl);
1559 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1560 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1561 limit = cap_sysctl_limit_init(capsysctl);
1562 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1563 (void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1564 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1565 limit = cap_sysctl_limit_init(capsysctl);
1566 (void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1567 ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);
1569 ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
1570 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
1572 cap_close(capsysctl);
1574 ATF_TC_CLEANUP(cap_sysctl__names, tc)
1579 ATF_TC_WITH_CLEANUP(cap_sysctl__no_limits);
1580 ATF_TC_HEAD(cap_sysctl__no_limits, tc)
1583 ATF_TC_BODY(cap_sysctl__no_limits, tc)
1585 cap_channel_t *capsysctl;
1587 capsysctl = initcap();
1589 ATF_REQUIRE_EQ(checkcaps(capsysctl), (SYSCTL0_READ0 | SYSCTL0_READ1 |
1590 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
1591 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
1592 SYSCTL1_READ_WRITE));
1594 ATF_TC_CLEANUP(cap_sysctl__no_limits, tc)
1599 ATF_TC_WITH_CLEANUP(cap_sysctl__recursive_limits);
1600 ATF_TC_HEAD(cap_sysctl__recursive_limits, tc)
1603 ATF_TC_BODY(cap_sysctl__recursive_limits, tc)
1605 cap_channel_t *capsysctl, *ocapsysctl;
1608 int mib[2], val = 420;
1611 ATF_REQUIRE(sysctlnametomib(SYSCTL0_NAME, mib, &len) == 0);
1613 ocapsysctl = initcap();
1616 * Make sure that we match entire components.
1618 capsysctl = cap_clone(ocapsysctl);
1619 ATF_REQUIRE(capsysctl != NULL);
1621 limit = cap_sysctl_limit_init(capsysctl);
1622 (void)cap_sysctl_limit_name(limit, "ker",
1623 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1624 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1626 ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctlbyname(capsysctl, SYSCTL0_NAME,
1627 NULL, NULL, &val, sizeof(val)));
1628 ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctl(capsysctl, mib, len,
1629 NULL, NULL, &val, sizeof(val)));
1631 cap_close(capsysctl);
1634 * Verify that we check for CAP_SYSCTL_RECURSIVE.
1636 capsysctl = cap_clone(ocapsysctl);
1637 ATF_REQUIRE(capsysctl != NULL);
1639 limit = cap_sysctl_limit_init(capsysctl);
1640 (void)cap_sysctl_limit_name(limit, "kern", CAP_SYSCTL_RDWR);
1641 ATF_REQUIRE(cap_sysctl_limit(limit) == 0);
1643 ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctlbyname(capsysctl, SYSCTL0_NAME,
1644 NULL, NULL, &val, sizeof(val)));
1645 ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctl(capsysctl, mib, len,
1646 NULL, NULL, &val, sizeof(val)));
1648 cap_close(capsysctl);
1650 ATF_TC_CLEANUP(cap_sysctl__recursive_limits, tc)
1655 ATF_TC_WITH_CLEANUP(cap_sysctl__just_size);
1656 ATF_TC_HEAD(cap_sysctl__just_size, tc)
1659 ATF_TC_BODY(cap_sysctl__just_size, tc)
1661 cap_channel_t *capsysctl;
1665 capsysctl = initcap();
1668 ATF_REQUIRE(sysctlnametomib(SYSCTL0_NAME, mib0, &len) == 0);
1670 ATF_REQUIRE(cap_sysctlbyname(capsysctl, SYSCTL0_NAME,
1671 NULL, &len, NULL, 0) == 0);
1672 ATF_REQUIRE(len == sizeof(int));
1673 ATF_REQUIRE(cap_sysctl(capsysctl, mib0, nitems(mib0),
1674 NULL, &len, NULL, 0) == 0);
1675 ATF_REQUIRE(len == sizeof(int));
1677 cap_close(capsysctl);
1679 ATF_TC_CLEANUP(cap_sysctl__just_size, tc)
1686 ATF_TP_ADD_TC(tp, cap_sysctl__operation);
1687 ATF_TP_ADD_TC(tp, cap_sysctl__names);
1688 ATF_TP_ADD_TC(tp, cap_sysctl__no_limits);
1689 ATF_TP_ADD_TC(tp, cap_sysctl__recursive_limits);
1690 ATF_TP_ADD_TC(tp, cap_sysctl__just_size);
1692 return (atf_no_error());
projects / FreeBSD / FreeBSD.git / blob