2 * Copyright (c) 2013 The FreeBSD Foundation
5 * This software was developed by Pawel Jakub Dawidek under sponsorship from
6 * the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
33 #include <sys/types.h>
34 #include <sys/capsicum.h>
35 #include <sys/sysctl.h>
47 #include <libcasper.h>
49 #include <casper/cap_sysctl.h>
52 * We need some sysctls to perform the tests on.
53 * We remember their values and restore them afer the test is done.
55 #define SYSCTL0_PARENT "kern"
56 #define SYSCTL0_NAME "kern.sync_on_panic"
57 #define SYSCTL1_PARENT "debug"
58 #define SYSCTL1_NAME "debug.minidump"
62 #define CHECK(expr) do { \
64 printf("ok %d %s:%u\n", ntest, __FILE__, __LINE__); \
66 printf("not ok %d %s:%u\n", ntest, __FILE__, __LINE__); \
69 #define CHECKX(expr) do { \
71 printf("ok %d %s:%u\n", ntest, __FILE__, __LINE__); \
73 printf("not ok %d %s:%u\n", ntest, __FILE__, __LINE__); \
79 #define SYSCTL0_READ0 0x0001
80 #define SYSCTL0_READ1 0x0002
81 #define SYSCTL0_READ2 0x0004
82 #define SYSCTL0_WRITE 0x0008
83 #define SYSCTL0_READ_WRITE 0x0010
84 #define SYSCTL1_READ0 0x0020
85 #define SYSCTL1_READ1 0x0040
86 #define SYSCTL1_READ2 0x0080
87 #define SYSCTL1_WRITE 0x0100
88 #define SYSCTL1_READ_WRITE 0x0200
91 runtest(cap_channel_t *capsysctl)
94 int oldvalue, newvalue;
99 oldsize = sizeof(oldvalue);
100 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,
102 if (oldsize == sizeof(oldvalue))
103 result |= SYSCTL0_READ0;
107 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, NULL, NULL, &newvalue,
108 sizeof(newvalue)) == 0) {
109 result |= SYSCTL0_WRITE;
112 if ((result & SYSCTL0_WRITE) != 0) {
113 oldsize = sizeof(oldvalue);
114 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,
115 &oldsize, NULL, 0) == 0) {
116 if (oldsize == sizeof(oldvalue) && oldvalue == 123)
117 result |= SYSCTL0_READ1;
121 oldsize = sizeof(oldvalue);
123 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,
124 &newvalue, sizeof(newvalue)) == 0) {
125 if (oldsize == sizeof(oldvalue) && oldvalue == 123)
126 result |= SYSCTL0_READ_WRITE;
129 if ((result & SYSCTL0_READ_WRITE) != 0) {
130 oldsize = sizeof(oldvalue);
131 if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,
132 &oldsize, NULL, 0) == 0) {
133 if (oldsize == sizeof(oldvalue) && oldvalue == 4567)
134 result |= SYSCTL0_READ2;
138 oldsize = sizeof(oldvalue);
139 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,
141 if (oldsize == sizeof(oldvalue))
142 result |= SYSCTL1_READ0;
146 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, NULL, NULL, &newvalue,
147 sizeof(newvalue)) == 0) {
148 result |= SYSCTL1_WRITE;
151 if ((result & SYSCTL1_WRITE) != 0) {
152 oldsize = sizeof(oldvalue);
153 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,
154 &oldsize, NULL, 0) == 0) {
155 if (oldsize == sizeof(oldvalue) && oldvalue == 506)
156 result |= SYSCTL1_READ1;
160 oldsize = sizeof(oldvalue);
162 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,
163 &newvalue, sizeof(newvalue)) == 0) {
164 if (oldsize == sizeof(oldvalue) && oldvalue == 506)
165 result |= SYSCTL1_READ_WRITE;
168 if ((result & SYSCTL1_READ_WRITE) != 0) {
169 oldsize = sizeof(oldvalue);
170 if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,
171 &oldsize, NULL, 0) == 0) {
172 if (oldsize == sizeof(oldvalue) && oldvalue == 7008)
173 result |= SYSCTL1_READ2;
181 test_operation(cap_channel_t *origcapsysctl)
183 cap_channel_t *capsysctl;
188 * SYSCTL0_PARENT/RDWR/RECURSIVE
189 * SYSCTL1_PARENT/RDWR/RECURSIVE
192 capsysctl = cap_clone(origcapsysctl);
193 CHECK(capsysctl != NULL);
195 limits = nvlist_create(0);
196 nvlist_add_number(limits, SYSCTL0_PARENT,
197 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
198 nvlist_add_number(limits, SYSCTL1_PARENT,
199 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
200 CHECK(cap_limit_set(capsysctl, limits) == 0);
201 limits = nvlist_create(0);
202 nvlist_add_number(limits, SYSCTL0_PARENT,
203 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
204 nvlist_add_number(limits, SYSCTL1_PARENT,
205 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
206 nvlist_add_number(limits, "foo.bar",
207 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
208 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
209 limits = nvlist_create(0);
210 nvlist_add_number(limits, "foo.bar",
211 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
212 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
214 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
215 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
216 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
217 SYSCTL1_READ_WRITE));
219 limits = nvlist_create(0);
220 nvlist_add_number(limits, SYSCTL0_NAME,
221 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
222 nvlist_add_number(limits, SYSCTL1_NAME,
223 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
224 CHECK(cap_limit_set(capsysctl, limits) == 0);
226 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
227 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
228 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
229 SYSCTL1_READ_WRITE));
231 limits = nvlist_create(0);
232 nvlist_add_number(limits, SYSCTL0_NAME,
233 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
234 nvlist_add_number(limits, SYSCTL1_NAME,
235 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
236 CHECK(cap_limit_set(capsysctl, limits) == 0);
238 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
240 limits = nvlist_create(0);
241 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
242 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
243 CHECK(cap_limit_set(capsysctl, limits) == 0);
245 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
247 limits = nvlist_create(0);
248 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
249 CHECK(cap_limit_set(capsysctl, limits) == 0);
251 CHECK(runtest(capsysctl) == SYSCTL0_READ0);
253 cap_close(capsysctl);
257 * SYSCTL0_NAME/RDWR/RECURSIVE
258 * SYSCTL1_NAME/RDWR/RECURSIVE
261 capsysctl = cap_clone(origcapsysctl);
262 CHECK(capsysctl != NULL);
264 limits = nvlist_create(0);
265 nvlist_add_number(limits, SYSCTL0_NAME,
266 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
267 nvlist_add_number(limits, SYSCTL1_NAME,
268 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
269 CHECK(cap_limit_set(capsysctl, limits) == 0);
270 limits = nvlist_create(0);
271 nvlist_add_number(limits, SYSCTL0_PARENT,
272 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
273 nvlist_add_number(limits, SYSCTL1_PARENT,
274 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
275 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
276 limits = nvlist_create(0);
277 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
278 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
279 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
280 limits = nvlist_create(0);
281 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
282 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
283 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
284 limits = nvlist_create(0);
285 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
286 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
288 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
289 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
290 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
291 SYSCTL1_READ_WRITE));
293 cap_close(capsysctl);
297 * SYSCTL0_PARENT/RDWR
298 * SYSCTL1_PARENT/RDWR
301 capsysctl = cap_clone(origcapsysctl);
302 CHECK(capsysctl != NULL);
304 limits = nvlist_create(0);
305 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
306 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
307 CHECK(cap_limit_set(capsysctl, limits) == 0);
308 limits = nvlist_create(0);
309 nvlist_add_number(limits, SYSCTL0_PARENT,
310 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
311 nvlist_add_number(limits, SYSCTL1_PARENT,
312 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
313 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
314 limits = nvlist_create(0);
315 nvlist_add_number(limits, SYSCTL0_PARENT,
316 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
317 nvlist_add_number(limits, SYSCTL1_PARENT,
318 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
319 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
320 limits = nvlist_create(0);
321 nvlist_add_number(limits, SYSCTL0_PARENT,
322 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
323 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
325 CHECK(runtest(capsysctl) == 0);
327 cap_close(capsysctl);
335 capsysctl = cap_clone(origcapsysctl);
336 CHECK(capsysctl != NULL);
338 limits = nvlist_create(0);
339 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
340 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
341 CHECK(cap_limit_set(capsysctl, limits) == 0);
342 limits = nvlist_create(0);
343 nvlist_add_number(limits, SYSCTL0_PARENT,
344 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
345 nvlist_add_number(limits, SYSCTL1_PARENT,
346 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
347 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
348 limits = nvlist_create(0);
349 nvlist_add_number(limits, SYSCTL0_PARENT,
350 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
351 nvlist_add_number(limits, SYSCTL1_PARENT,
352 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
353 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
354 limits = nvlist_create(0);
355 nvlist_add_number(limits, SYSCTL1_PARENT,
356 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
357 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
359 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
360 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
361 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
362 SYSCTL1_READ_WRITE));
364 cap_close(capsysctl);
368 * SYSCTL0_PARENT/RDWR
369 * SYSCTL1_PARENT/RDWR/RECURSIVE
372 capsysctl = cap_clone(origcapsysctl);
373 CHECK(capsysctl != NULL);
375 limits = nvlist_create(0);
376 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
377 nvlist_add_number(limits, SYSCTL1_PARENT,
378 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
379 CHECK(cap_limit_set(capsysctl, limits) == 0);
380 limits = nvlist_create(0);
381 nvlist_add_number(limits, SYSCTL0_PARENT,
382 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
383 nvlist_add_number(limits, SYSCTL1_PARENT,
384 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
385 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
386 limits = nvlist_create(0);
387 nvlist_add_number(limits, SYSCTL0_PARENT,
388 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
389 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
390 limits = nvlist_create(0);
391 nvlist_add_number(limits, SYSCTL0_PARENT,
392 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
393 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
394 limits = nvlist_create(0);
395 nvlist_add_number(limits, SYSCTL0_NAME,
396 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
397 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
399 CHECK(runtest(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
400 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
402 cap_close(capsysctl);
407 * SYSCTL1_NAME/RDWR/RECURSIVE
410 capsysctl = cap_clone(origcapsysctl);
411 CHECK(capsysctl != NULL);
413 limits = nvlist_create(0);
414 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
415 nvlist_add_number(limits, SYSCTL1_NAME,
416 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
417 CHECK(cap_limit_set(capsysctl, limits) == 0);
418 limits = nvlist_create(0);
419 nvlist_add_number(limits, SYSCTL0_NAME,
420 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
421 nvlist_add_number(limits, SYSCTL1_NAME,
422 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
423 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
424 limits = nvlist_create(0);
425 nvlist_add_number(limits, SYSCTL0_NAME,
426 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
427 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
428 limits = nvlist_create(0);
429 nvlist_add_number(limits, SYSCTL0_NAME,
430 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
431 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
433 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
434 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
435 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
436 SYSCTL1_READ_WRITE));
438 cap_close(capsysctl);
442 * SYSCTL0_PARENT/READ/RECURSIVE
443 * SYSCTL1_PARENT/READ/RECURSIVE
446 capsysctl = cap_clone(origcapsysctl);
447 CHECK(capsysctl != NULL);
449 limits = nvlist_create(0);
450 nvlist_add_number(limits, SYSCTL0_PARENT,
451 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
452 nvlist_add_number(limits, SYSCTL1_PARENT,
453 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
454 CHECK(cap_limit_set(capsysctl, limits) == 0);
455 limits = nvlist_create(0);
456 nvlist_add_number(limits, SYSCTL0_PARENT,
457 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
458 nvlist_add_number(limits, SYSCTL1_PARENT,
459 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
460 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
461 limits = nvlist_create(0);
462 nvlist_add_number(limits, SYSCTL0_PARENT,
463 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
464 nvlist_add_number(limits, SYSCTL1_PARENT,
465 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
466 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
467 limits = nvlist_create(0);
468 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
469 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
470 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
471 limits = nvlist_create(0);
472 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
473 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
474 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
475 limits = nvlist_create(0);
476 nvlist_add_number(limits, SYSCTL0_PARENT,
477 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
478 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
479 limits = nvlist_create(0);
480 nvlist_add_number(limits, SYSCTL1_PARENT,
481 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
482 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
483 limits = nvlist_create(0);
484 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
485 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
486 limits = nvlist_create(0);
487 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
488 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
490 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
492 cap_close(capsysctl);
496 * SYSCTL0_NAME/READ/RECURSIVE
497 * SYSCTL1_NAME/READ/RECURSIVE
500 capsysctl = cap_clone(origcapsysctl);
501 CHECK(capsysctl != NULL);
503 limits = nvlist_create(0);
504 nvlist_add_number(limits, SYSCTL0_NAME,
505 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
506 nvlist_add_number(limits, SYSCTL1_NAME,
507 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
508 CHECK(cap_limit_set(capsysctl, limits) == 0);
509 limits = nvlist_create(0);
510 nvlist_add_number(limits, SYSCTL0_NAME,
511 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
512 nvlist_add_number(limits, SYSCTL1_NAME,
513 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
514 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
515 limits = nvlist_create(0);
516 nvlist_add_number(limits, SYSCTL0_NAME,
517 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
518 nvlist_add_number(limits, SYSCTL1_NAME,
519 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
520 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
521 limits = nvlist_create(0);
522 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
523 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
524 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
525 limits = nvlist_create(0);
526 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
527 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
528 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
529 limits = nvlist_create(0);
530 nvlist_add_number(limits, SYSCTL0_NAME,
531 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
532 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
533 limits = nvlist_create(0);
534 nvlist_add_number(limits, SYSCTL1_NAME,
535 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
536 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
537 limits = nvlist_create(0);
538 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
539 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
540 limits = nvlist_create(0);
541 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
542 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
544 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
546 cap_close(capsysctl);
550 * SYSCTL0_PARENT/READ
551 * SYSCTL1_PARENT/READ
554 capsysctl = cap_clone(origcapsysctl);
555 CHECK(capsysctl != NULL);
557 limits = nvlist_create(0);
558 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
559 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
560 CHECK(cap_limit_set(capsysctl, limits) == 0);
561 limits = nvlist_create(0);
562 nvlist_add_number(limits, SYSCTL0_PARENT,
563 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
564 nvlist_add_number(limits, SYSCTL1_PARENT,
565 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
566 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
567 limits = nvlist_create(0);
568 nvlist_add_number(limits, SYSCTL0_PARENT,
569 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
570 nvlist_add_number(limits, SYSCTL1_PARENT,
571 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
572 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
573 limits = nvlist_create(0);
574 nvlist_add_number(limits, SYSCTL0_PARENT,
575 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
576 nvlist_add_number(limits, SYSCTL1_PARENT,
577 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
578 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
579 limits = nvlist_create(0);
580 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
581 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
582 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
583 limits = nvlist_create(0);
584 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
585 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
586 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
587 limits = nvlist_create(0);
588 nvlist_add_number(limits, SYSCTL0_PARENT,
589 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
590 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
591 limits = nvlist_create(0);
592 nvlist_add_number(limits, SYSCTL1_PARENT,
593 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
594 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
595 limits = nvlist_create(0);
596 nvlist_add_number(limits, SYSCTL0_PARENT,
597 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
598 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
599 limits = nvlist_create(0);
600 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
601 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
602 limits = nvlist_create(0);
603 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
604 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
606 CHECK(runtest(capsysctl) == 0);
608 cap_close(capsysctl);
616 capsysctl = cap_clone(origcapsysctl);
617 CHECK(capsysctl != NULL);
619 limits = nvlist_create(0);
620 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
621 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
622 CHECK(cap_limit_set(capsysctl, limits) == 0);
623 limits = nvlist_create(0);
624 nvlist_add_number(limits, SYSCTL0_NAME,
625 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
626 nvlist_add_number(limits, SYSCTL1_NAME,
627 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
628 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
629 limits = nvlist_create(0);
630 nvlist_add_number(limits, SYSCTL0_NAME,
631 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
632 nvlist_add_number(limits, SYSCTL1_NAME,
633 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
634 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
635 limits = nvlist_create(0);
636 nvlist_add_number(limits, SYSCTL0_NAME,
637 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
638 nvlist_add_number(limits, SYSCTL1_NAME,
639 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
640 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
641 limits = nvlist_create(0);
642 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
643 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
644 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
645 limits = nvlist_create(0);
646 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
647 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
648 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
649 limits = nvlist_create(0);
650 nvlist_add_number(limits, SYSCTL0_NAME,
651 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
652 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
653 limits = nvlist_create(0);
654 nvlist_add_number(limits, SYSCTL1_NAME,
655 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
656 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
657 limits = nvlist_create(0);
658 nvlist_add_number(limits, SYSCTL0_NAME,
659 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
660 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
661 limits = nvlist_create(0);
662 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
663 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
664 limits = nvlist_create(0);
665 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
666 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
668 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
670 cap_close(capsysctl);
674 * SYSCTL0_PARENT/READ
675 * SYSCTL1_PARENT/READ/RECURSIVE
678 capsysctl = cap_clone(origcapsysctl);
679 CHECK(capsysctl != NULL);
681 limits = nvlist_create(0);
682 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
683 nvlist_add_number(limits, SYSCTL1_PARENT,
684 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
685 CHECK(cap_limit_set(capsysctl, limits) == 0);
686 limits = nvlist_create(0);
687 nvlist_add_number(limits, SYSCTL0_PARENT,
688 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
689 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
690 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
692 CHECK(runtest(capsysctl) == SYSCTL1_READ0);
694 cap_close(capsysctl);
699 * SYSCTL1_NAME/READ/RECURSIVE
702 capsysctl = cap_clone(origcapsysctl);
703 CHECK(capsysctl != NULL);
705 limits = nvlist_create(0);
706 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
707 nvlist_add_number(limits, SYSCTL1_NAME,
708 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
709 CHECK(cap_limit_set(capsysctl, limits) == 0);
710 limits = nvlist_create(0);
711 nvlist_add_number(limits, SYSCTL0_NAME,
712 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
713 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
714 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
716 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));
718 cap_close(capsysctl);
722 * SYSCTL0_PARENT/WRITE/RECURSIVE
723 * SYSCTL1_PARENT/WRITE/RECURSIVE
726 capsysctl = cap_clone(origcapsysctl);
727 CHECK(capsysctl != NULL);
729 limits = nvlist_create(0);
730 nvlist_add_number(limits, SYSCTL0_PARENT,
731 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
732 nvlist_add_number(limits, SYSCTL1_PARENT,
733 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
734 CHECK(cap_limit_set(capsysctl, limits) == 0);
735 limits = nvlist_create(0);
736 nvlist_add_number(limits, SYSCTL0_PARENT,
737 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
738 nvlist_add_number(limits, SYSCTL1_PARENT,
739 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
740 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
741 limits = nvlist_create(0);
742 nvlist_add_number(limits, SYSCTL0_PARENT,
743 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
744 nvlist_add_number(limits, SYSCTL1_PARENT,
745 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
746 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
747 limits = nvlist_create(0);
748 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
749 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
750 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
751 limits = nvlist_create(0);
752 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
753 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
754 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
755 limits = nvlist_create(0);
756 nvlist_add_number(limits, SYSCTL0_PARENT,
757 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
758 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
759 limits = nvlist_create(0);
760 nvlist_add_number(limits, SYSCTL1_PARENT,
761 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
762 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
763 limits = nvlist_create(0);
764 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
765 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
766 limits = nvlist_create(0);
767 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
768 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
770 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
772 cap_close(capsysctl);
776 * SYSCTL0_NAME/WRITE/RECURSIVE
777 * SYSCTL1_NAME/WRITE/RECURSIVE
780 capsysctl = cap_clone(origcapsysctl);
781 CHECK(capsysctl != NULL);
783 limits = nvlist_create(0);
784 nvlist_add_number(limits, SYSCTL0_NAME,
785 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
786 nvlist_add_number(limits, SYSCTL1_NAME,
787 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
788 CHECK(cap_limit_set(capsysctl, limits) == 0);
789 limits = nvlist_create(0);
790 nvlist_add_number(limits, SYSCTL0_NAME,
791 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
792 nvlist_add_number(limits, SYSCTL1_NAME,
793 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
794 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
795 limits = nvlist_create(0);
796 nvlist_add_number(limits, SYSCTL0_NAME,
797 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
798 nvlist_add_number(limits, SYSCTL1_NAME,
799 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
800 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
801 limits = nvlist_create(0);
802 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
803 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
804 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
805 limits = nvlist_create(0);
806 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
807 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
808 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
809 limits = nvlist_create(0);
810 nvlist_add_number(limits, SYSCTL0_NAME,
811 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
812 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
813 limits = nvlist_create(0);
814 nvlist_add_number(limits, SYSCTL1_NAME,
815 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
816 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
817 limits = nvlist_create(0);
818 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
819 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
820 limits = nvlist_create(0);
821 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
822 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
824 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
826 cap_close(capsysctl);
830 * SYSCTL0_PARENT/WRITE
831 * SYSCTL1_PARENT/WRITE
834 capsysctl = cap_clone(origcapsysctl);
835 CHECK(capsysctl != NULL);
837 limits = nvlist_create(0);
838 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
839 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
840 CHECK(cap_limit_set(capsysctl, limits) == 0);
841 limits = nvlist_create(0);
842 nvlist_add_number(limits, SYSCTL0_PARENT,
843 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
844 nvlist_add_number(limits, SYSCTL1_PARENT,
845 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
846 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
847 limits = nvlist_create(0);
848 nvlist_add_number(limits, SYSCTL0_PARENT,
849 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
850 nvlist_add_number(limits, SYSCTL1_PARENT,
851 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
852 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
853 limits = nvlist_create(0);
854 nvlist_add_number(limits, SYSCTL0_PARENT,
855 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
856 nvlist_add_number(limits, SYSCTL1_PARENT,
857 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
858 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
859 limits = nvlist_create(0);
860 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
861 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
862 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
863 limits = nvlist_create(0);
864 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
865 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
866 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
867 limits = nvlist_create(0);
868 nvlist_add_number(limits, SYSCTL0_PARENT,
869 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
870 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
871 limits = nvlist_create(0);
872 nvlist_add_number(limits, SYSCTL1_PARENT,
873 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
874 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
875 limits = nvlist_create(0);
876 nvlist_add_number(limits, SYSCTL0_PARENT,
877 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
878 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
879 limits = nvlist_create(0);
880 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
881 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
882 limits = nvlist_create(0);
883 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
884 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
886 CHECK(runtest(capsysctl) == 0);
888 cap_close(capsysctl);
896 capsysctl = cap_clone(origcapsysctl);
897 CHECK(capsysctl != NULL);
899 limits = nvlist_create(0);
900 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
901 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
902 CHECK(cap_limit_set(capsysctl, limits) == 0);
903 limits = nvlist_create(0);
904 nvlist_add_number(limits, SYSCTL0_NAME,
905 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
906 nvlist_add_number(limits, SYSCTL1_NAME,
907 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
908 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
909 limits = nvlist_create(0);
910 nvlist_add_number(limits, SYSCTL0_NAME,
911 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
912 nvlist_add_number(limits, SYSCTL1_NAME,
913 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
914 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
915 limits = nvlist_create(0);
916 nvlist_add_number(limits, SYSCTL0_NAME,
917 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
918 nvlist_add_number(limits, SYSCTL1_NAME,
919 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
920 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
921 limits = nvlist_create(0);
922 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
923 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
924 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
925 limits = nvlist_create(0);
926 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
927 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
928 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
929 limits = nvlist_create(0);
930 nvlist_add_number(limits, SYSCTL0_NAME,
931 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
932 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
933 limits = nvlist_create(0);
934 nvlist_add_number(limits, SYSCTL1_NAME,
935 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
936 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
937 limits = nvlist_create(0);
938 nvlist_add_number(limits, SYSCTL0_NAME,
939 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
940 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
941 limits = nvlist_create(0);
942 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
943 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
944 limits = nvlist_create(0);
945 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
946 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
948 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
950 cap_close(capsysctl);
954 * SYSCTL0_PARENT/WRITE
955 * SYSCTL1_PARENT/WRITE/RECURSIVE
958 capsysctl = cap_clone(origcapsysctl);
959 CHECK(capsysctl != NULL);
961 limits = nvlist_create(0);
962 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
963 nvlist_add_number(limits, SYSCTL1_PARENT,
964 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
965 CHECK(cap_limit_set(capsysctl, limits) == 0);
966 limits = nvlist_create(0);
967 nvlist_add_number(limits, SYSCTL0_PARENT,
968 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
969 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
970 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
972 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
974 cap_close(capsysctl);
979 * SYSCTL1_NAME/WRITE/RECURSIVE
982 capsysctl = cap_clone(origcapsysctl);
983 CHECK(capsysctl != NULL);
985 limits = nvlist_create(0);
986 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
987 nvlist_add_number(limits, SYSCTL1_NAME,
988 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
989 CHECK(cap_limit_set(capsysctl, limits) == 0);
990 limits = nvlist_create(0);
991 nvlist_add_number(limits, SYSCTL0_NAME,
992 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
993 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
994 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
996 CHECK(runtest(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));
998 cap_close(capsysctl);
1002 * SYSCTL0_PARENT/READ/RECURSIVE
1003 * SYSCTL1_PARENT/WRITE/RECURSIVE
1006 capsysctl = cap_clone(origcapsysctl);
1007 CHECK(capsysctl != NULL);
1009 limits = nvlist_create(0);
1010 nvlist_add_number(limits, SYSCTL0_PARENT,
1011 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1012 nvlist_add_number(limits, SYSCTL1_PARENT,
1013 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1014 CHECK(cap_limit_set(capsysctl, limits) == 0);
1016 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1018 cap_close(capsysctl);
1022 * SYSCTL0_NAME/READ/RECURSIVE
1023 * SYSCTL1_NAME/WRITE/RECURSIVE
1026 capsysctl = cap_clone(origcapsysctl);
1027 CHECK(capsysctl != NULL);
1029 limits = nvlist_create(0);
1030 nvlist_add_number(limits, SYSCTL0_NAME,
1031 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1032 nvlist_add_number(limits, SYSCTL1_NAME,
1033 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1034 CHECK(cap_limit_set(capsysctl, limits) == 0);
1036 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1038 cap_close(capsysctl);
1042 * SYSCTL0_PARENT/READ
1043 * SYSCTL1_PARENT/WRITE
1046 capsysctl = cap_clone(origcapsysctl);
1047 CHECK(capsysctl != NULL);
1049 limits = nvlist_create(0);
1050 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1051 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1052 CHECK(cap_limit_set(capsysctl, limits) == 0);
1054 CHECK(runtest(capsysctl) == 0);
1056 cap_close(capsysctl);
1061 * SYSCTL1_NAME/WRITE
1064 capsysctl = cap_clone(origcapsysctl);
1065 CHECK(capsysctl != NULL);
1067 limits = nvlist_create(0);
1068 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1069 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1070 CHECK(cap_limit_set(capsysctl, limits) == 0);
1072 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1074 cap_close(capsysctl);
1078 * SYSCTL0_PARENT/READ
1079 * SYSCTL1_PARENT/WRITE/RECURSIVE
1082 capsysctl = cap_clone(origcapsysctl);
1083 CHECK(capsysctl != NULL);
1085 limits = nvlist_create(0);
1086 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1087 nvlist_add_number(limits, SYSCTL1_PARENT,
1088 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1089 CHECK(cap_limit_set(capsysctl, limits) == 0);
1091 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
1093 cap_close(capsysctl);
1098 * SYSCTL1_NAME/WRITE/RECURSIVE
1101 capsysctl = cap_clone(origcapsysctl);
1102 CHECK(capsysctl != NULL);
1104 limits = nvlist_create(0);
1105 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1106 nvlist_add_number(limits, SYSCTL1_NAME,
1107 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1108 CHECK(cap_limit_set(capsysctl, limits) == 0);
1110 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));
1112 cap_close(capsysctl);
1116 test_names(cap_channel_t *origcapsysctl)
1118 cap_channel_t *capsysctl;
1123 * SYSCTL0_PARENT/READ/RECURSIVE
1126 capsysctl = cap_clone(origcapsysctl);
1127 CHECK(capsysctl != NULL);
1129 limits = nvlist_create(0);
1130 nvlist_add_number(limits, SYSCTL0_PARENT,
1131 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1132 CHECK(cap_limit_set(capsysctl, limits) == 0);
1133 limits = nvlist_create(0);
1134 nvlist_add_number(limits, SYSCTL0_PARENT,
1135 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1136 nvlist_add_number(limits, SYSCTL1_PARENT,
1137 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1138 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1139 limits = nvlist_create(0);
1140 nvlist_add_number(limits, SYSCTL1_PARENT,
1141 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1142 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1143 limits = nvlist_create(0);
1144 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1145 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1146 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1147 limits = nvlist_create(0);
1148 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1149 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1151 CHECK(runtest(capsysctl) == SYSCTL0_READ0);
1153 cap_close(capsysctl);
1157 * SYSCTL1_NAME/READ/RECURSIVE
1160 capsysctl = cap_clone(origcapsysctl);
1161 CHECK(capsysctl != NULL);
1163 limits = nvlist_create(0);
1164 nvlist_add_number(limits, SYSCTL1_NAME,
1165 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1166 CHECK(cap_limit_set(capsysctl, limits) == 0);
1167 limits = nvlist_create(0);
1168 nvlist_add_number(limits, SYSCTL0_NAME,
1169 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1170 nvlist_add_number(limits, SYSCTL1_NAME,
1171 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1172 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1173 limits = nvlist_create(0);
1174 nvlist_add_number(limits, SYSCTL0_NAME,
1175 CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);
1176 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1177 limits = nvlist_create(0);
1178 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1179 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1180 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1181 limits = nvlist_create(0);
1182 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1183 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1185 CHECK(runtest(capsysctl) == SYSCTL1_READ0);
1187 cap_close(capsysctl);
1191 * SYSCTL0_PARENT/WRITE/RECURSIVE
1194 capsysctl = cap_clone(origcapsysctl);
1195 CHECK(capsysctl != NULL);
1197 limits = nvlist_create(0);
1198 nvlist_add_number(limits, SYSCTL0_PARENT,
1199 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1200 CHECK(cap_limit_set(capsysctl, limits) == 0);
1201 limits = nvlist_create(0);
1202 nvlist_add_number(limits, SYSCTL0_PARENT,
1203 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1204 nvlist_add_number(limits, SYSCTL1_PARENT,
1205 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1206 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1207 limits = nvlist_create(0);
1208 nvlist_add_number(limits, SYSCTL1_PARENT,
1209 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1210 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1211 limits = nvlist_create(0);
1212 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1213 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1214 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1215 limits = nvlist_create(0);
1216 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1217 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1219 CHECK(runtest(capsysctl) == SYSCTL0_WRITE);
1221 cap_close(capsysctl);
1225 * SYSCTL1_NAME/WRITE/RECURSIVE
1228 capsysctl = cap_clone(origcapsysctl);
1229 CHECK(capsysctl != NULL);
1231 limits = nvlist_create(0);
1232 nvlist_add_number(limits, SYSCTL1_NAME,
1233 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1234 CHECK(cap_limit_set(capsysctl, limits) == 0);
1235 limits = nvlist_create(0);
1236 nvlist_add_number(limits, SYSCTL0_NAME,
1237 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1238 nvlist_add_number(limits, SYSCTL1_NAME,
1239 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1240 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1241 limits = nvlist_create(0);
1242 nvlist_add_number(limits, SYSCTL0_NAME,
1243 CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);
1244 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1245 limits = nvlist_create(0);
1246 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1247 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1248 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1249 limits = nvlist_create(0);
1250 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1251 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1253 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
1255 cap_close(capsysctl);
1259 * SYSCTL0_PARENT/RDWR/RECURSIVE
1262 capsysctl = cap_clone(origcapsysctl);
1263 CHECK(capsysctl != NULL);
1265 limits = nvlist_create(0);
1266 nvlist_add_number(limits, SYSCTL0_PARENT,
1267 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1268 CHECK(cap_limit_set(capsysctl, limits) == 0);
1269 limits = nvlist_create(0);
1270 nvlist_add_number(limits, SYSCTL0_PARENT,
1271 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1272 nvlist_add_number(limits, SYSCTL1_PARENT,
1273 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1274 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1275 limits = nvlist_create(0);
1276 nvlist_add_number(limits, SYSCTL1_PARENT,
1277 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1278 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1279 limits = nvlist_create(0);
1280 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1281 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1282 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1283 limits = nvlist_create(0);
1284 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1285 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1287 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
1288 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE));
1290 cap_close(capsysctl);
1294 * SYSCTL1_NAME/RDWR/RECURSIVE
1297 capsysctl = cap_clone(origcapsysctl);
1298 CHECK(capsysctl != NULL);
1300 limits = nvlist_create(0);
1301 nvlist_add_number(limits, SYSCTL1_NAME,
1302 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1303 CHECK(cap_limit_set(capsysctl, limits) == 0);
1304 limits = nvlist_create(0);
1305 nvlist_add_number(limits, SYSCTL0_NAME,
1306 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1307 nvlist_add_number(limits, SYSCTL1_NAME,
1308 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1309 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1310 limits = nvlist_create(0);
1311 nvlist_add_number(limits, SYSCTL0_NAME,
1312 CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);
1313 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1314 limits = nvlist_create(0);
1315 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1316 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1317 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1318 limits = nvlist_create(0);
1319 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1320 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1322 CHECK(runtest(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
1323 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
1325 cap_close(capsysctl);
1329 * SYSCTL0_PARENT/READ
1332 capsysctl = cap_clone(origcapsysctl);
1333 CHECK(capsysctl != NULL);
1335 limits = nvlist_create(0);
1336 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1337 CHECK(cap_limit_set(capsysctl, limits) == 0);
1338 limits = nvlist_create(0);
1339 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_READ);
1340 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1341 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1342 limits = nvlist_create(0);
1343 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_READ);
1344 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1346 CHECK(runtest(capsysctl) == 0);
1348 cap_close(capsysctl);
1355 capsysctl = cap_clone(origcapsysctl);
1356 CHECK(capsysctl != NULL);
1358 limits = nvlist_create(0);
1359 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1360 CHECK(cap_limit_set(capsysctl, limits) == 0);
1361 limits = nvlist_create(0);
1362 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1363 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_READ);
1364 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1365 limits = nvlist_create(0);
1366 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_READ);
1367 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1369 CHECK(runtest(capsysctl) == SYSCTL1_READ0);
1371 cap_close(capsysctl);
1375 * SYSCTL0_PARENT/WRITE
1378 capsysctl = cap_clone(origcapsysctl);
1379 CHECK(capsysctl != NULL);
1381 limits = nvlist_create(0);
1382 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1383 CHECK(cap_limit_set(capsysctl, limits) == 0);
1384 limits = nvlist_create(0);
1385 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);
1386 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1387 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1388 limits = nvlist_create(0);
1389 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);
1390 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1392 CHECK(runtest(capsysctl) == 0);
1394 cap_close(capsysctl);
1398 * SYSCTL1_NAME/WRITE
1401 capsysctl = cap_clone(origcapsysctl);
1402 CHECK(capsysctl != NULL);
1404 limits = nvlist_create(0);
1405 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1406 CHECK(cap_limit_set(capsysctl, limits) == 0);
1407 limits = nvlist_create(0);
1408 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1409 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_WRITE);
1410 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1411 limits = nvlist_create(0);
1412 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_WRITE);
1413 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1415 CHECK(runtest(capsysctl) == SYSCTL1_WRITE);
1417 cap_close(capsysctl);
1421 * SYSCTL0_PARENT/RDWR
1424 capsysctl = cap_clone(origcapsysctl);
1425 CHECK(capsysctl != NULL);
1427 limits = nvlist_create(0);
1428 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
1429 CHECK(cap_limit_set(capsysctl, limits) == 0);
1430 limits = nvlist_create(0);
1431 nvlist_add_number(limits, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);
1432 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
1433 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1434 limits = nvlist_create(0);
1435 nvlist_add_number(limits, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);
1436 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1438 CHECK(runtest(capsysctl) == 0);
1440 cap_close(capsysctl);
1447 capsysctl = cap_clone(origcapsysctl);
1448 CHECK(capsysctl != NULL);
1450 limits = nvlist_create(0);
1451 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1452 CHECK(cap_limit_set(capsysctl, limits) == 0);
1453 limits = nvlist_create(0);
1454 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1455 nvlist_add_number(limits, SYSCTL1_NAME, CAP_SYSCTL_RDWR);
1456 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1457 limits = nvlist_create(0);
1458 nvlist_add_number(limits, SYSCTL0_NAME, CAP_SYSCTL_RDWR);
1459 CHECK(cap_limit_set(capsysctl, limits) == -1 && errno == ENOTCAPABLE);
1461 CHECK(runtest(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |
1462 SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));
1464 cap_close(capsysctl);
1470 cap_channel_t *capcas, *capsysctl;
1471 int scvalue0, scvalue1;
1476 scsize = sizeof(scvalue0);
1477 CHECKX(sysctlbyname(SYSCTL0_NAME, &scvalue0, &scsize, NULL, 0) == 0);
1478 CHECKX(scsize == sizeof(scvalue0));
1479 scsize = sizeof(scvalue1);
1480 CHECKX(sysctlbyname(SYSCTL1_NAME, &scvalue1, &scsize, NULL, 0) == 0);
1481 CHECKX(scsize == sizeof(scvalue1));
1483 capcas = cap_init();
1484 CHECKX(capcas != NULL);
1486 capsysctl = cap_service_open(capcas, "system.sysctl");
1487 CHECKX(capsysctl != NULL);
1491 /* No limits set. */
1493 CHECK(runtest(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |
1494 SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |
1495 SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |
1496 SYSCTL1_READ_WRITE));
1498 test_operation(capsysctl);
1500 test_names(capsysctl);
1502 cap_close(capsysctl);
1504 CHECK(sysctlbyname(SYSCTL0_NAME, NULL, NULL, &scvalue0,
1505 sizeof(scvalue0)) == 0);
1506 CHECK(sysctlbyname(SYSCTL1_NAME, NULL, NULL, &scvalue1,
1507 sizeof(scvalue1)) == 0);
projects / FreeBSD / FreeBSD.git / blob