Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/lib/libcasper/services/cap_sysctl/tests/sysctl_test.c
48383 views
1
/*-

2
 * SPDX-License-Identifier: BSD-2-Clause

3
 *

4
 * Copyright (c) 2013, 2018 The FreeBSD Foundation

5
 *

6
 * This software was developed by Pawel Jakub Dawidek under sponsorship from

7
 * the FreeBSD Foundation.

8
 *

9
 * Portions of this software were developed by Mark Johnston

10
 * under sponsorship from the FreeBSD Foundation.

11
 *

12
 * Redistribution and use in source and binary forms, with or without

13
 * modification, are permitted provided that the following conditions

14
 * are met:

15
 * 1. Redistributions of source code must retain the above copyright

16
 *    notice, this list of conditions and the following disclaimer.

17
 * 2. Redistributions in binary form must reproduce the above copyright

18
 *    notice, this list of conditions and the following disclaimer in the

19
 *    documentation and/or other materials provided with the distribution.

20
 *

21
 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND

22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE

25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

31
 * SUCH DAMAGE.

32
 */

33


34
#include <sys/types.h>

35
#include <sys/capsicum.h>

36
#include <sys/sysctl.h>

37
#include <sys/nv.h>

38


39
#include <assert.h>

40
#include <err.h>

41
#include <errno.h>

42
#include <netdb.h>

43
#include <stdio.h>

44
#include <stdlib.h>

45
#include <string.h>

46
#include <unistd.h>

47


48
#include <libcasper.h>

49
#include <casper/cap_sysctl.h>

50


51
#include <atf-c.h>

52


53
/*

54
 * We need some sysctls to perform the tests on.

55
 * We remember their values and restore them afer the test is done.

56
 */

57
#define	SYSCTL0_PARENT	"kern"

58
#define	SYSCTL0_NAME	"kern.sync_on_panic"

59
#define	SYSCTL0_FILE	"./sysctl0"

60
#define	SYSCTL1_PARENT	"debug"

61
#define	SYSCTL1_NAME	"debug.minidump"

62
#define	SYSCTL1_FILE	"./sysctl1"

63


64
#define	SYSCTL0_READ0		0x0001

65
#define	SYSCTL0_READ1		0x0002

66
#define	SYSCTL0_READ2		0x0004

67
#define	SYSCTL0_WRITE		0x0008

68
#define	SYSCTL0_READ_WRITE	0x0010

69
#define	SYSCTL1_READ0		0x0020

70
#define	SYSCTL1_READ1		0x0040

71
#define	SYSCTL1_READ2		0x0080

72
#define	SYSCTL1_WRITE		0x0100

73
#define	SYSCTL1_READ_WRITE	0x0200

74


75
static void

76
save_int_sysctl(const char *name, const char *file)

77
{

78
	ssize_t n;

79
	size_t sz;

80
	int error, fd, val;

81


82
	sz = sizeof(val);

83
	error = sysctlbyname(name, &val, &sz, NULL, 0);

84
	ATF_REQUIRE_MSG(error == 0,

85
	    "sysctlbyname(%s): %s", name, strerror(errno));

86


87
	fd = open(file, O_CREAT | O_WRONLY, 0600);

88
	ATF_REQUIRE_MSG(fd >= 0, "open(%s): %s", file, strerror(errno));

89
	n = write(fd, &val, sz);

90
	ATF_REQUIRE(n >= 0 && (size_t)n == sz);

91
	error = close(fd);

92
	ATF_REQUIRE(error == 0);

93
}

94


95
static void

96
restore_int_sysctl(const char *name, const char *file)

97
{

98
	ssize_t n;

99
	size_t sz;

100
	int error, fd, val;

101


102
	fd = open(file, O_RDONLY);

103
	ATF_REQUIRE(fd >= 0);

104
	sz = sizeof(val);

105
	n = read(fd, &val, sz);

106
	ATF_REQUIRE(n >= 0 && (size_t)n == sz);

107
	error = unlink(file);

108
	ATF_REQUIRE(error == 0);

109
	error = close(fd);

110
	ATF_REQUIRE(error == 0);

111


112
	error = sysctlbyname(name, NULL, NULL, &val, sz);

113
	ATF_REQUIRE_MSG(error == 0,

114
	    "sysctlbyname(%s): %s", name, strerror(errno));

115
}

116


117
static cap_channel_t *

118
initcap(void)

119
{

120
	cap_channel_t *capcas, *capsysctl;

121


122
	save_int_sysctl(SYSCTL0_NAME, SYSCTL0_FILE);

123
	save_int_sysctl(SYSCTL1_NAME, SYSCTL1_FILE);

124


125
	capcas = cap_init();

126
	ATF_REQUIRE(capcas != NULL);

127


128
	capsysctl = cap_service_open(capcas, "system.sysctl");

129
	ATF_REQUIRE(capsysctl != NULL);

130


131
	cap_close(capcas);

132


133
	return (capsysctl);

134
}

135


136
static void

137
cleanup(void)

138
{

139


140
	restore_int_sysctl(SYSCTL0_NAME, SYSCTL0_FILE);

141
	restore_int_sysctl(SYSCTL1_NAME, SYSCTL1_FILE);

142
}

143


144
static unsigned int

145
checkcaps(cap_channel_t *capsysctl)

146
{

147
	unsigned int result;

148
	size_t len0, len1, oldsize;

149
	int error, mib0[2], mib1[2], oldvalue, newvalue;

150


151
	result = 0;

152


153
	len0 = nitems(mib0);

154
	ATF_REQUIRE(sysctlnametomib(SYSCTL0_NAME, mib0, &len0) == 0);

155
	len1 = nitems(mib1);

156
	ATF_REQUIRE(sysctlnametomib(SYSCTL1_NAME, mib1, &len1) == 0);

157


158
	oldsize = sizeof(oldvalue);

159
	if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,

160
	    NULL, 0) == 0) {

161
		if (oldsize == sizeof(oldvalue))

162
			result |= SYSCTL0_READ0;

163
	}

164
	error = cap_sysctl(capsysctl, mib0, len0, &oldvalue, &oldsize, NULL, 0);

165
	if ((result & SYSCTL0_READ0) != 0)

166
		ATF_REQUIRE(error == 0);

167
	else

168
		ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);

169


170
	newvalue = 123;

171
	if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, NULL, NULL, &newvalue,

172
	    sizeof(newvalue)) == 0) {

173
		result |= SYSCTL0_WRITE;

174
	}

175


176
	if ((result & SYSCTL0_WRITE) != 0) {

177
		oldsize = sizeof(oldvalue);

178
		if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,

179
		    &oldsize, NULL, 0) == 0) {

180
			if (oldsize == sizeof(oldvalue) && oldvalue == 123)

181
				result |= SYSCTL0_READ1;

182
		}

183
	}

184
	newvalue = 123;

185
	error = cap_sysctl(capsysctl, mib0, len0, NULL, NULL,

186
	    &newvalue, sizeof(newvalue));

187
	if ((result & SYSCTL0_WRITE) != 0)

188
		ATF_REQUIRE(error == 0);

189
	else

190
		ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);

191


192
	oldsize = sizeof(oldvalue);

193
	newvalue = 4567;

194
	if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue, &oldsize,

195
	    &newvalue, sizeof(newvalue)) == 0) {

196
		if (oldsize == sizeof(oldvalue) && oldvalue == 123)

197
			result |= SYSCTL0_READ_WRITE;

198
	}

199


200
	if ((result & SYSCTL0_READ_WRITE) != 0) {

201
		oldsize = sizeof(oldvalue);

202
		if (cap_sysctlbyname(capsysctl, SYSCTL0_NAME, &oldvalue,

203
		    &oldsize, NULL, 0) == 0) {

204
			if (oldsize == sizeof(oldvalue) && oldvalue == 4567)

205
				result |= SYSCTL0_READ2;

206
		}

207
	}

208


209
	oldsize = sizeof(oldvalue);

210
	if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,

211
	    NULL, 0) == 0) {

212
		if (oldsize == sizeof(oldvalue))

213
			result |= SYSCTL1_READ0;

214
	}

215
	error = cap_sysctl(capsysctl, mib1, len1, &oldvalue, &oldsize, NULL, 0);

216
	if ((result & SYSCTL1_READ0) != 0)

217
		ATF_REQUIRE(error == 0);

218
	else

219
		ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);

220


221
	newvalue = 506;

222
	if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, NULL, NULL, &newvalue,

223
	    sizeof(newvalue)) == 0) {

224
		result |= SYSCTL1_WRITE;

225
	}

226


227
	if ((result & SYSCTL1_WRITE) != 0) {

228
		newvalue = 506;

229
		ATF_REQUIRE(cap_sysctl(capsysctl, mib1, len1, NULL, NULL,

230
		    &newvalue, sizeof(newvalue)) == 0);

231


232
		oldsize = sizeof(oldvalue);

233
		if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,

234
		    &oldsize, NULL, 0) == 0) {

235
			if (oldsize == sizeof(oldvalue) && oldvalue == 506)

236
				result |= SYSCTL1_READ1;

237
		}

238
	}

239
	newvalue = 506;

240
	error = cap_sysctl(capsysctl, mib1, len1, NULL, NULL,

241
	    &newvalue, sizeof(newvalue));

242
	if ((result & SYSCTL1_WRITE) != 0)

243
		ATF_REQUIRE(error == 0);

244
	else

245
		ATF_REQUIRE_ERRNO(ENOTCAPABLE, error != 0);

246


247
	oldsize = sizeof(oldvalue);

248
	newvalue = 7008;

249
	if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue, &oldsize,

250
	    &newvalue, sizeof(newvalue)) == 0) {

251
		if (oldsize == sizeof(oldvalue) && oldvalue == 506)

252
			result |= SYSCTL1_READ_WRITE;

253
	}

254


255
	if ((result & SYSCTL1_READ_WRITE) != 0) {

256
		oldsize = sizeof(oldvalue);

257
		if (cap_sysctlbyname(capsysctl, SYSCTL1_NAME, &oldvalue,

258
		    &oldsize, NULL, 0) == 0) {

259
			if (oldsize == sizeof(oldvalue) && oldvalue == 7008)

260
				result |= SYSCTL1_READ2;

261
		}

262
	}

263


264
	return (result);

265
}

266


267
ATF_TC_WITH_CLEANUP(cap_sysctl__operation);

268
ATF_TC_HEAD(cap_sysctl__operation, tc)

269
{

270
}

271
ATF_TC_BODY(cap_sysctl__operation, tc)

272
{

273
	cap_channel_t *capsysctl, *ocapsysctl;

274
	void *limit;

275


276
	ocapsysctl = initcap();

277


278
	/*

279
	 * Allow:

280
	 * SYSCTL0_PARENT/RDWR/RECURSIVE

281
	 * SYSCTL1_PARENT/RDWR/RECURSIVE

282
	 */

283


284
	capsysctl = cap_clone(ocapsysctl);

285
	ATF_REQUIRE(capsysctl != NULL);

286


287
	limit = cap_sysctl_limit_init(capsysctl);

288
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

289
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

290
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

291
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

292
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

293


294
	limit = cap_sysctl_limit_init(capsysctl);

295
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

296
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

297
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

298
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

299
	(void)cap_sysctl_limit_name(limit, "foo.bar",

300
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

301
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

302


303
	limit = cap_sysctl_limit_init(capsysctl);

304
	(void)cap_sysctl_limit_name(limit, "foo.bar",

305
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

306
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

307


308
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |

309
	    SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |

310
	    SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |

311
	    SYSCTL1_READ_WRITE));

312


313
	limit = cap_sysctl_limit_init(capsysctl);

314
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

315
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

316
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

317
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

318
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

319


320
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |

321
	    SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |

322
	    SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |

323
	    SYSCTL1_READ_WRITE));

324


325
	limit = cap_sysctl_limit_init(capsysctl);

326
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

327
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

328
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

329
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

330
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

331


332
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));

333


334
	limit = cap_sysctl_limit_init(capsysctl);

335
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

336
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);

337
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

338


339
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));

340


341
	limit = cap_sysctl_limit_init(capsysctl);

342
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

343
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

344


345
	ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL0_READ0);

346


347
	cap_close(capsysctl);

348


349
	/*

350
	 * Allow:

351
	 * SYSCTL0_NAME/RDWR/RECURSIVE

352
	 * SYSCTL1_NAME/RDWR/RECURSIVE

353
	 */

354


355
	capsysctl = cap_clone(ocapsysctl);

356
	ATF_REQUIRE(capsysctl != NULL);

357


358
	limit = cap_sysctl_limit_init(capsysctl);

359
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

360
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

361
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

362
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

363
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

364


365
	limit = cap_sysctl_limit_init(capsysctl);

366
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

367
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

368
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

369
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

370
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

371
	limit = cap_sysctl_limit_init(capsysctl);

372
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);

373
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

374
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

375
	limit = cap_sysctl_limit_init(capsysctl);

376
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

377
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);

378
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

379
	limit = cap_sysctl_limit_init(capsysctl);

380
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

381
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

382


383
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |

384
	    SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |

385
	    SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |

386
	    SYSCTL1_READ_WRITE));

387


388
	cap_close(capsysctl);

389


390
	/*

391
	 * Allow:

392
	 * SYSCTL0_PARENT/RDWR

393
	 * SYSCTL1_PARENT/RDWR

394
	 */

395


396
	capsysctl = cap_clone(ocapsysctl);

397
	ATF_REQUIRE(capsysctl != NULL);

398


399
	limit = cap_sysctl_limit_init(capsysctl);

400
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);

401
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

402
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

403
	limit = cap_sysctl_limit_init(capsysctl);

404
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

405
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

406
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

407
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

408
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

409
	limit = cap_sysctl_limit_init(capsysctl);

410
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

411
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

412
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

413
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

414
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

415
	limit = cap_sysctl_limit_init(capsysctl);

416
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

417
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

418
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

419


420
	ATF_REQUIRE(checkcaps(capsysctl) == 0);

421


422
	cap_close(capsysctl);

423


424
	/*

425
	 * Allow:

426
	 * SYSCTL0_NAME/RDWR

427
	 * SYSCTL1_NAME/RDWR

428
	 */

429


430
	capsysctl = cap_clone(ocapsysctl);

431
	ATF_REQUIRE(capsysctl != NULL);

432


433
	limit = cap_sysctl_limit_init(capsysctl);

434
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);

435
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);

436
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

437
	limit = cap_sysctl_limit_init(capsysctl);

438
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

439
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

440
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

441
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

442
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

443
	limit = cap_sysctl_limit_init(capsysctl);

444
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

445
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

446
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

447
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

448
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

449
	limit = cap_sysctl_limit_init(capsysctl);

450
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

451
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

452
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

453


454
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |

455
	    SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |

456
	    SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |

457
	    SYSCTL1_READ_WRITE));

458


459
	cap_close(capsysctl);

460


461
	/*

462
	 * Allow:

463
	 * SYSCTL0_PARENT/RDWR

464
	 * SYSCTL1_PARENT/RDWR/RECURSIVE

465
	 */

466


467
	capsysctl = cap_clone(ocapsysctl);

468
	ATF_REQUIRE(capsysctl != NULL);

469


470
	limit = cap_sysctl_limit_init(capsysctl);

471
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);

472
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

473
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

474
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

475
	limit = cap_sysctl_limit_init(capsysctl);

476
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

477
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

478
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

479
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

480
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

481
	limit = cap_sysctl_limit_init(capsysctl);

482
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

483
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

484
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

485
	limit = cap_sysctl_limit_init(capsysctl);

486
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

487
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

488
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

489
	limit = cap_sysctl_limit_init(capsysctl);

490
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

491
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

492
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

493


494
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |

495
	    SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));

496


497
	cap_close(capsysctl);

498


499
	/*

500
	 * Allow:

501
	 * SYSCTL0_NAME/RDWR

502
	 * SYSCTL1_NAME/RDWR/RECURSIVE

503
	 */

504


505
	capsysctl = cap_clone(ocapsysctl);

506
	ATF_REQUIRE(capsysctl != NULL);

507


508
	limit = cap_sysctl_limit_init(capsysctl);

509
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);

510
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

511
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

512
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

513
	limit = cap_sysctl_limit_init(capsysctl);

514
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

515
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

516
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

517
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

518
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

519
	limit = cap_sysctl_limit_init(capsysctl);

520
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

521
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

522
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

523
	limit = cap_sysctl_limit_init(capsysctl);

524
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

525
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

526
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

527


528
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |

529
	    SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |

530
	    SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |

531
	    SYSCTL1_READ_WRITE));

532


533
	cap_close(capsysctl);

534


535
	/*

536
	 * Allow:

537
	 * SYSCTL0_PARENT/READ/RECURSIVE

538
	 * SYSCTL1_PARENT/READ/RECURSIVE

539
	 */

540


541
	capsysctl = cap_clone(ocapsysctl);

542
	ATF_REQUIRE(capsysctl != NULL);

543


544
	limit = cap_sysctl_limit_init(capsysctl);

545
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

546
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

547
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

548
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

549
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

550
	limit = cap_sysctl_limit_init(capsysctl);

551
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

552
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

553
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

554
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

555
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

556
	limit = cap_sysctl_limit_init(capsysctl);

557
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

558
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

559
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

560
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

561
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

562
	limit = cap_sysctl_limit_init(capsysctl);

563
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);

564
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

565
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

566
	limit = cap_sysctl_limit_init(capsysctl);

567
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);

568
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);

569
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

570
	limit = cap_sysctl_limit_init(capsysctl);

571
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

572
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

573
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

574
	limit = cap_sysctl_limit_init(capsysctl);

575
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

576
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

577
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

578
	limit = cap_sysctl_limit_init(capsysctl);

579
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

580
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

581
	limit = cap_sysctl_limit_init(capsysctl);

582
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);

583
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

584


585
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));

586


587
	cap_close(capsysctl);

588


589
	/*

590
	 * Allow:

591
	 * SYSCTL0_NAME/READ/RECURSIVE

592
	 * SYSCTL1_NAME/READ/RECURSIVE

593
	 */

594


595
	capsysctl = cap_clone(ocapsysctl);

596
	ATF_REQUIRE(capsysctl != NULL);

597


598
	limit = cap_sysctl_limit_init(capsysctl);

599
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

600
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

601
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

602
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

603
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

604
	limit = cap_sysctl_limit_init(capsysctl);

605
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

606
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

607
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

608
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

609
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

610
	limit = cap_sysctl_limit_init(capsysctl);

611
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

612
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

613
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

614
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

615
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

616
	limit = cap_sysctl_limit_init(capsysctl);

617
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);

618
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);

619
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

620
	limit = cap_sysctl_limit_init(capsysctl);

621
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);

622
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);

623
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

624
	limit = cap_sysctl_limit_init(capsysctl);

625
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

626
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

627
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

628
	limit = cap_sysctl_limit_init(capsysctl);

629
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

630
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

631
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

632
	limit = cap_sysctl_limit_init(capsysctl);

633
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);

634
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

635
	limit = cap_sysctl_limit_init(capsysctl);

636
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);

637
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

638


639
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));

640


641
	cap_close(capsysctl);

642


643
	/*

644
	 * Allow:

645
	 * SYSCTL0_PARENT/READ

646
	 * SYSCTL1_PARENT/READ

647
	 */

648


649
	capsysctl = cap_clone(ocapsysctl);

650
	ATF_REQUIRE(capsysctl != NULL);

651


652
	limit = cap_sysctl_limit_init(capsysctl);

653
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

654
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);

655
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

656
	limit = cap_sysctl_limit_init(capsysctl);

657
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

658
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

659
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

660
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

661
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

662
	limit = cap_sysctl_limit_init(capsysctl);

663
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

664
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

665
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

666
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

667
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

668
	limit = cap_sysctl_limit_init(capsysctl);

669
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

670
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

671
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

672
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

673
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

674
	limit = cap_sysctl_limit_init(capsysctl);

675
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);

676
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

677
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

678
	limit = cap_sysctl_limit_init(capsysctl);

679
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);

680
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);

681
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

682
	limit = cap_sysctl_limit_init(capsysctl);

683
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

684
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

685
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

686
	limit = cap_sysctl_limit_init(capsysctl);

687
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

688
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

689
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

690
	limit = cap_sysctl_limit_init(capsysctl);

691
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

692
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

693
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

694
	limit = cap_sysctl_limit_init(capsysctl);

695
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

696
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

697
	limit = cap_sysctl_limit_init(capsysctl);

698
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);

699
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

700


701
	ATF_REQUIRE(checkcaps(capsysctl) == 0);

702


703
	cap_close(capsysctl);

704


705
	/*

706
	 * Allow:

707
	 * SYSCTL0_NAME/READ

708
	 * SYSCTL1_NAME/READ

709
	 */

710


711
	capsysctl = cap_clone(ocapsysctl);

712
	ATF_REQUIRE(capsysctl != NULL);

713


714
	limit = cap_sysctl_limit_init(capsysctl);

715
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

716
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);

717
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

718
	limit = cap_sysctl_limit_init(capsysctl);

719
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

720
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

721
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

722
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

723
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

724
	limit = cap_sysctl_limit_init(capsysctl);

725
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

726
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

727
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

728
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

729
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

730
	limit = cap_sysctl_limit_init(capsysctl);

731
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

732
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

733
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

734
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

735
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

736
	limit = cap_sysctl_limit_init(capsysctl);

737
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);

738
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);

739
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

740
	limit = cap_sysctl_limit_init(capsysctl);

741
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);

742
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);

743
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

744
	limit = cap_sysctl_limit_init(capsysctl);

745
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

746
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

747
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

748
	limit = cap_sysctl_limit_init(capsysctl);

749
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

750
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

751
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

752
	limit = cap_sysctl_limit_init(capsysctl);

753
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

754
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

755
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

756
	limit = cap_sysctl_limit_init(capsysctl);

757
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);

758
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

759
	limit = cap_sysctl_limit_init(capsysctl);

760
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);

761
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

762


763
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));

764


765
	cap_close(capsysctl);

766


767
	/*

768
	 * Allow:

769
	 * SYSCTL0_PARENT/READ

770
	 * SYSCTL1_PARENT/READ/RECURSIVE

771
	 */

772


773
	capsysctl = cap_clone(ocapsysctl);

774
	ATF_REQUIRE(capsysctl != NULL);

775


776
	limit = cap_sysctl_limit_init(capsysctl);

777
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

778
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

779
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

780
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

781
	limit = cap_sysctl_limit_init(capsysctl);

782
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

783
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

784
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);

785
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

786


787
	ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_READ0);

788


789
	cap_close(capsysctl);

790


791
	/*

792
	 * Allow:

793
	 * SYSCTL0_NAME/READ

794
	 * SYSCTL1_NAME/READ/RECURSIVE

795
	 */

796


797
	capsysctl = cap_clone(ocapsysctl);

798
	ATF_REQUIRE(capsysctl != NULL);

799


800
	limit = cap_sysctl_limit_init(capsysctl);

801
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

802
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

803
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

804
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

805
	limit = cap_sysctl_limit_init(capsysctl);

806
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

807
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

808
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);

809
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

810


811
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_READ0));

812


813
	cap_close(capsysctl);

814


815
	/*

816
	 * Allow:

817
	 * SYSCTL0_PARENT/WRITE/RECURSIVE

818
	 * SYSCTL1_PARENT/WRITE/RECURSIVE

819
	 */

820


821
	capsysctl = cap_clone(ocapsysctl);

822
	ATF_REQUIRE(capsysctl != NULL);

823


824
	limit = cap_sysctl_limit_init(capsysctl);

825
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

826
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

827
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

828
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

829
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

830
	limit = cap_sysctl_limit_init(capsysctl);

831
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

832
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

833
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

834
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

835
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

836
	limit = cap_sysctl_limit_init(capsysctl);

837
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

838
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

839
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

840
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

841
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

842
	limit = cap_sysctl_limit_init(capsysctl);

843
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);

844
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

845
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

846
	limit = cap_sysctl_limit_init(capsysctl);

847
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

848
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);

849
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

850
	limit = cap_sysctl_limit_init(capsysctl);

851
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

852
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

853
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

854
	limit = cap_sysctl_limit_init(capsysctl);

855
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

856
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

857
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

858
	limit = cap_sysctl_limit_init(capsysctl);

859
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

860
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

861
	limit = cap_sysctl_limit_init(capsysctl);

862
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

863
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

864


865
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));

866


867
	cap_close(capsysctl);

868


869
	/*

870
	 * Allow:

871
	 * SYSCTL0_NAME/WRITE/RECURSIVE

872
	 * SYSCTL1_NAME/WRITE/RECURSIVE

873
	 */

874


875
	capsysctl = cap_clone(ocapsysctl);

876
	ATF_REQUIRE(capsysctl != NULL);

877


878
	limit = cap_sysctl_limit_init(capsysctl);

879
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

880
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

881
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

882
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

883
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

884
	limit = cap_sysctl_limit_init(capsysctl);

885
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

886
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

887
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

888
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

889
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

890
	limit = cap_sysctl_limit_init(capsysctl);

891
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

892
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

893
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

894
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

895
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

896
	limit = cap_sysctl_limit_init(capsysctl);

897
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);

898
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);

899
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

900
	limit = cap_sysctl_limit_init(capsysctl);

901
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

902
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);

903
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

904
	limit = cap_sysctl_limit_init(capsysctl);

905
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

906
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

907
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

908
	limit = cap_sysctl_limit_init(capsysctl);

909
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

910
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

911
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

912
	limit = cap_sysctl_limit_init(capsysctl);

913
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);

914
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

915
	limit = cap_sysctl_limit_init(capsysctl);

916
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

917
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

918


919
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));

920


921
	cap_close(capsysctl);

922


923
	/*

924
	 * Allow:

925
	 * SYSCTL0_PARENT/WRITE

926
	 * SYSCTL1_PARENT/WRITE

927
	 */

928


929
	capsysctl = cap_clone(ocapsysctl);

930
	ATF_REQUIRE(capsysctl != NULL);

931


932
	limit = cap_sysctl_limit_init(capsysctl);

933
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);

934
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);

935
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

936
	limit = cap_sysctl_limit_init(capsysctl);

937
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

938
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

939
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

940
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

941
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

942
	limit = cap_sysctl_limit_init(capsysctl);

943
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

944
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

945
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

946
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

947
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

948
	limit = cap_sysctl_limit_init(capsysctl);

949
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

950
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

951
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

952
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

953
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

954
	limit = cap_sysctl_limit_init(capsysctl);

955
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);

956
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

957
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

958
	limit = cap_sysctl_limit_init(capsysctl);

959
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

960
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);

961
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

962
	limit = cap_sysctl_limit_init(capsysctl);

963
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

964
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

965
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

966
	limit = cap_sysctl_limit_init(capsysctl);

967
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

968
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

969
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

970
	limit = cap_sysctl_limit_init(capsysctl);

971
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

972
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

973
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

974
	limit = cap_sysctl_limit_init(capsysctl);

975
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

976
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

977
	limit = cap_sysctl_limit_init(capsysctl);

978
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

979
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

980


981
	ATF_REQUIRE(checkcaps(capsysctl) == 0);

982


983
	cap_close(capsysctl);

984


985
	/*

986
	 * Allow:

987
	 * SYSCTL0_NAME/WRITE

988
	 * SYSCTL1_NAME/WRITE

989
	 */

990


991
	capsysctl = cap_clone(ocapsysctl);

992
	ATF_REQUIRE(capsysctl != NULL);

993


994
	limit = cap_sysctl_limit_init(capsysctl);

995
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);

996
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);

997
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

998
	limit = cap_sysctl_limit_init(capsysctl);

999
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1000
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1001
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1002
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1003
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1004
	limit = cap_sysctl_limit_init(capsysctl);

1005
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1006
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1007
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1008
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1009
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1010
	limit = cap_sysctl_limit_init(capsysctl);

1011
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1012
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1013
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1014
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1015
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1016
	limit = cap_sysctl_limit_init(capsysctl);

1017
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);

1018
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);

1019
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1020
	limit = cap_sysctl_limit_init(capsysctl);

1021
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

1022
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);

1023
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1024
	limit = cap_sysctl_limit_init(capsysctl);

1025
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1026
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1027
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1028
	limit = cap_sysctl_limit_init(capsysctl);

1029
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1030
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1031
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1032
	limit = cap_sysctl_limit_init(capsysctl);

1033
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1034
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1035
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1036
	limit = cap_sysctl_limit_init(capsysctl);

1037
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);

1038
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1039
	limit = cap_sysctl_limit_init(capsysctl);

1040
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

1041
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1042


1043
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));

1044


1045
	cap_close(capsysctl);

1046


1047
	/*

1048
	 * Allow:

1049
	 * SYSCTL0_PARENT/WRITE

1050
	 * SYSCTL1_PARENT/WRITE/RECURSIVE

1051
	 */

1052


1053
	capsysctl = cap_clone(ocapsysctl);

1054
	ATF_REQUIRE(capsysctl != NULL);

1055


1056
	limit = cap_sysctl_limit_init(capsysctl);

1057
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);

1058
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

1059
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1060
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1061
	limit = cap_sysctl_limit_init(capsysctl);

1062
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

1063
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1064
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);

1065
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1066


1067
	ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);

1068


1069
	cap_close(capsysctl);

1070


1071
	/*

1072
	 * Allow:

1073
	 * SYSCTL0_NAME/WRITE

1074
	 * SYSCTL1_NAME/WRITE/RECURSIVE

1075
	 */

1076


1077
	capsysctl = cap_clone(ocapsysctl);

1078
	ATF_REQUIRE(capsysctl != NULL);

1079


1080
	limit = cap_sysctl_limit_init(capsysctl);

1081
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);

1082
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1083
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1084
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1085
	limit = cap_sysctl_limit_init(capsysctl);

1086
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1087
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1088
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);

1089
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1090


1091
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_WRITE | SYSCTL1_WRITE));

1092


1093
	cap_close(capsysctl);

1094


1095
	/*

1096
	 * Allow:

1097
	 * SYSCTL0_PARENT/READ/RECURSIVE

1098
	 * SYSCTL1_PARENT/WRITE/RECURSIVE

1099
	 */

1100


1101
	capsysctl = cap_clone(ocapsysctl);

1102
	ATF_REQUIRE(capsysctl != NULL);

1103


1104
	limit = cap_sysctl_limit_init(capsysctl);

1105
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

1106
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1107
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

1108
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1109
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1110


1111
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));

1112


1113
	cap_close(capsysctl);

1114


1115
	/*

1116
	 * Allow:

1117
	 * SYSCTL0_NAME/READ/RECURSIVE

1118
	 * SYSCTL1_NAME/WRITE/RECURSIVE

1119
	 */

1120


1121
	capsysctl = cap_clone(ocapsysctl);

1122
	ATF_REQUIRE(capsysctl != NULL);

1123


1124
	limit = cap_sysctl_limit_init(capsysctl);

1125
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1126
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1127
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1128
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1129
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1130


1131
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));

1132


1133
	cap_close(capsysctl);

1134


1135
	/*

1136
	 * Allow:

1137
	 * SYSCTL0_PARENT/READ

1138
	 * SYSCTL1_PARENT/WRITE

1139
	 */

1140


1141
	capsysctl = cap_clone(ocapsysctl);

1142
	ATF_REQUIRE(capsysctl != NULL);

1143


1144
	limit = cap_sysctl_limit_init(capsysctl);

1145
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

1146
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);

1147
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1148


1149
	ATF_REQUIRE(checkcaps(capsysctl) == 0);

1150


1151
	cap_close(capsysctl);

1152


1153
	/*

1154
	 * Allow:

1155
	 * SYSCTL0_NAME/READ

1156
	 * SYSCTL1_NAME/WRITE

1157
	 */

1158


1159
	capsysctl = cap_clone(ocapsysctl);

1160
	ATF_REQUIRE(capsysctl != NULL);

1161


1162
	limit = cap_sysctl_limit_init(capsysctl);

1163
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

1164
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);

1165
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1166


1167
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));

1168


1169
	cap_close(capsysctl);

1170


1171
	/*

1172
	 * Allow:

1173
	 * SYSCTL0_PARENT/READ

1174
	 * SYSCTL1_PARENT/WRITE/RECURSIVE

1175
	 */

1176


1177
	capsysctl = cap_clone(ocapsysctl);

1178
	ATF_REQUIRE(capsysctl != NULL);

1179


1180
	limit = cap_sysctl_limit_init(capsysctl);

1181
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

1182
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

1183
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1184
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1185


1186
	ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);

1187


1188
	cap_close(capsysctl);

1189


1190
	/*

1191
	 * Allow:

1192
	 * SYSCTL0_NAME/READ

1193
	 * SYSCTL1_NAME/WRITE/RECURSIVE

1194
	 */

1195


1196
	capsysctl = cap_clone(ocapsysctl);

1197
	ATF_REQUIRE(capsysctl != NULL);

1198


1199
	limit = cap_sysctl_limit_init(capsysctl);

1200
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

1201
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1202
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1203
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1204


1205
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL1_WRITE));

1206


1207
	cap_close(capsysctl);

1208
}

1209
ATF_TC_CLEANUP(cap_sysctl__operation, tc)

1210
{

1211
	cleanup();

1212
}

1213


1214
ATF_TC_WITH_CLEANUP(cap_sysctl__names);

1215
ATF_TC_HEAD(cap_sysctl__names, tc)

1216
{

1217
}

1218
ATF_TC_BODY(cap_sysctl__names, tc)

1219
{

1220
	cap_channel_t *capsysctl, *ocapsysctl;

1221
	void *limit;

1222


1223
	ocapsysctl = initcap();

1224


1225
	/*

1226
	 * Allow:

1227
	 * SYSCTL0_PARENT/READ/RECURSIVE

1228
	 */

1229


1230
	capsysctl = cap_clone(ocapsysctl);

1231
	ATF_REQUIRE(capsysctl != NULL);

1232


1233
	limit = cap_sysctl_limit_init(capsysctl);

1234
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

1235
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1236
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1237
	limit = cap_sysctl_limit_init(capsysctl);

1238
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

1239
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1240
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

1241
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1242
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1243
	limit = cap_sysctl_limit_init(capsysctl);

1244
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

1245
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1246
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1247
	limit = cap_sysctl_limit_init(capsysctl);

1248
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

1249
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);

1250
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1251
	limit = cap_sysctl_limit_init(capsysctl);

1252
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);

1253
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1254


1255
	ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL0_READ0);

1256


1257
	cap_close(capsysctl);

1258


1259
	/*

1260
	 * Allow:

1261
	 * SYSCTL1_NAME/READ/RECURSIVE

1262
	 */

1263


1264
	capsysctl = cap_clone(ocapsysctl);

1265
	ATF_REQUIRE(capsysctl != NULL);

1266


1267
	limit = cap_sysctl_limit_init(capsysctl);

1268
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1269
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1270
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1271
	limit = cap_sysctl_limit_init(capsysctl);

1272
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1273
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1274
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1275
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1276
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1277
	limit = cap_sysctl_limit_init(capsysctl);

1278
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1279
	    CAP_SYSCTL_READ | CAP_SYSCTL_RECURSIVE);

1280
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1281
	limit = cap_sysctl_limit_init(capsysctl);

1282
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

1283
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);

1284
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1285
	limit = cap_sysctl_limit_init(capsysctl);

1286
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

1287
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1288


1289
	ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_READ0);

1290


1291
	cap_close(capsysctl);

1292


1293
	/*

1294
	 * Allow:

1295
	 * SYSCTL0_PARENT/WRITE/RECURSIVE

1296
	 */

1297


1298
	capsysctl = cap_clone(ocapsysctl);

1299
	ATF_REQUIRE(capsysctl != NULL);

1300


1301
	limit = cap_sysctl_limit_init(capsysctl);

1302
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

1303
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1304
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1305
	limit = cap_sysctl_limit_init(capsysctl);

1306
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

1307
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1308
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

1309
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1310
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1311
	limit = cap_sysctl_limit_init(capsysctl);

1312
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

1313
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1314
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1315
	limit = cap_sysctl_limit_init(capsysctl);

1316
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);

1317
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);

1318
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1319
	limit = cap_sysctl_limit_init(capsysctl);

1320
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);

1321
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1322


1323
	ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL0_WRITE);

1324


1325
	cap_close(capsysctl);

1326


1327
	/*

1328
	 * Allow:

1329
	 * SYSCTL1_NAME/WRITE/RECURSIVE

1330
	 */

1331


1332
	capsysctl = cap_clone(ocapsysctl);

1333
	ATF_REQUIRE(capsysctl != NULL);

1334


1335
	limit = cap_sysctl_limit_init(capsysctl);

1336
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1337
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1338
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1339
	limit = cap_sysctl_limit_init(capsysctl);

1340
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1341
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1342
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1343
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1344
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1345
	limit = cap_sysctl_limit_init(capsysctl);

1346
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1347
	    CAP_SYSCTL_WRITE | CAP_SYSCTL_RECURSIVE);

1348
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1349
	limit = cap_sysctl_limit_init(capsysctl);

1350
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);

1351
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);

1352
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1353
	limit = cap_sysctl_limit_init(capsysctl);

1354
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);

1355
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1356


1357
	ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);

1358


1359
	cap_close(capsysctl);

1360


1361
	/*

1362
	 * Allow:

1363
	 * SYSCTL0_PARENT/RDWR/RECURSIVE

1364
	 */

1365


1366
	capsysctl = cap_clone(ocapsysctl);

1367
	ATF_REQUIRE(capsysctl != NULL);

1368


1369
	limit = cap_sysctl_limit_init(capsysctl);

1370
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

1371
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1372
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1373
	limit = cap_sysctl_limit_init(capsysctl);

1374
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT,

1375
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1376
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

1377
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1378
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1379
	limit = cap_sysctl_limit_init(capsysctl);

1380
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT,

1381
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1382
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1383
	limit = cap_sysctl_limit_init(capsysctl);

1384
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

1385
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);

1386
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1387
	limit = cap_sysctl_limit_init(capsysctl);

1388
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);

1389
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1390


1391
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL0_READ0 | SYSCTL0_READ1 |

1392
	    SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE));

1393


1394
	cap_close(capsysctl);

1395


1396
	/*

1397
	 * Allow:

1398
	 * SYSCTL1_NAME/RDWR/RECURSIVE

1399
	 */

1400


1401
	capsysctl = cap_clone(ocapsysctl);

1402
	ATF_REQUIRE(capsysctl != NULL);

1403


1404
	limit = cap_sysctl_limit_init(capsysctl);

1405
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1406
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1407
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1408
	limit = cap_sysctl_limit_init(capsysctl);

1409
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1410
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1411
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME,

1412
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1413
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1414
	limit = cap_sysctl_limit_init(capsysctl);

1415
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME,

1416
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1417
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1418
	limit = cap_sysctl_limit_init(capsysctl);

1419
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

1420
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);

1421
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1422
	limit = cap_sysctl_limit_init(capsysctl);

1423
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

1424
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1425


1426
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |

1427
	    SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));

1428


1429
	cap_close(capsysctl);

1430


1431
	/*

1432
	 * Allow:

1433
	 * SYSCTL0_PARENT/READ

1434
	 */

1435


1436
	capsysctl = cap_clone(ocapsysctl);

1437
	ATF_REQUIRE(capsysctl != NULL);

1438


1439
	limit = cap_sysctl_limit_init(capsysctl);

1440
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

1441
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1442
	limit = cap_sysctl_limit_init(capsysctl);

1443
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_READ);

1444
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);

1445
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1446
	limit = cap_sysctl_limit_init(capsysctl);

1447
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_READ);

1448
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1449


1450
	ATF_REQUIRE(checkcaps(capsysctl) == 0);

1451


1452
	cap_close(capsysctl);

1453


1454
	/*

1455
	 * Allow:

1456
	 * SYSCTL1_NAME/READ

1457
	 */

1458


1459
	capsysctl = cap_clone(ocapsysctl);

1460
	ATF_REQUIRE(capsysctl != NULL);

1461


1462
	limit = cap_sysctl_limit_init(capsysctl);

1463
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);

1464
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1465
	limit = cap_sysctl_limit_init(capsysctl);

1466
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

1467
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_READ);

1468
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1469
	limit = cap_sysctl_limit_init(capsysctl);

1470
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_READ);

1471
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1472


1473
	ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_READ0);

1474


1475
	cap_close(capsysctl);

1476


1477
	/*

1478
	 * Allow:

1479
	 * SYSCTL0_PARENT/WRITE

1480
	 */

1481


1482
	capsysctl = cap_clone(ocapsysctl);

1483
	ATF_REQUIRE(capsysctl != NULL);

1484


1485
	limit = cap_sysctl_limit_init(capsysctl);

1486
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);

1487
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1488
	limit = cap_sysctl_limit_init(capsysctl);

1489
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_WRITE);

1490
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);

1491
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1492
	limit = cap_sysctl_limit_init(capsysctl);

1493
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_WRITE);

1494
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1495


1496
	ATF_REQUIRE(checkcaps(capsysctl) == 0);

1497


1498
	cap_close(capsysctl);

1499


1500
	/*

1501
	 * Allow:

1502
	 * SYSCTL1_NAME/WRITE

1503
	 */

1504


1505
	capsysctl = cap_clone(ocapsysctl);

1506
	ATF_REQUIRE(capsysctl != NULL);

1507


1508
	limit = cap_sysctl_limit_init(capsysctl);

1509
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);

1510
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1511
	limit = cap_sysctl_limit_init(capsysctl);

1512
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);

1513
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_WRITE);

1514
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1515
	limit = cap_sysctl_limit_init(capsysctl);

1516
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_WRITE);

1517
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1518


1519
	ATF_REQUIRE(checkcaps(capsysctl) == SYSCTL1_WRITE);

1520


1521
	cap_close(capsysctl);

1522


1523
	/*

1524
	 * Allow:

1525
	 * SYSCTL0_PARENT/RDWR

1526
	 */

1527


1528
	capsysctl = cap_clone(ocapsysctl);

1529
	ATF_REQUIRE(capsysctl != NULL);

1530


1531
	limit = cap_sysctl_limit_init(capsysctl);

1532
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);

1533
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1534
	limit = cap_sysctl_limit_init(capsysctl);

1535
	(void)cap_sysctl_limit_name(limit, SYSCTL0_PARENT, CAP_SYSCTL_RDWR);

1536
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

1537
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1538
	limit = cap_sysctl_limit_init(capsysctl);

1539
	(void)cap_sysctl_limit_name(limit, SYSCTL1_PARENT, CAP_SYSCTL_RDWR);

1540
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1541


1542
	ATF_REQUIRE(checkcaps(capsysctl) == 0);

1543


1544
	cap_close(capsysctl);

1545


1546
	/*

1547
	 * Allow:

1548
	 * SYSCTL1_NAME/RDWR

1549
	 */

1550


1551
	capsysctl = cap_clone(ocapsysctl);

1552
	ATF_REQUIRE(capsysctl != NULL);

1553


1554
	limit = cap_sysctl_limit_init(capsysctl);

1555
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);

1556
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1557
	limit = cap_sysctl_limit_init(capsysctl);

1558
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);

1559
	(void)cap_sysctl_limit_name(limit, SYSCTL1_NAME, CAP_SYSCTL_RDWR);

1560
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1561
	limit = cap_sysctl_limit_init(capsysctl);

1562
	(void)cap_sysctl_limit_name(limit, SYSCTL0_NAME, CAP_SYSCTL_RDWR);

1563
	ATF_REQUIRE(cap_sysctl_limit(limit) == -1 && errno == ENOTCAPABLE);

1564


1565
	ATF_REQUIRE(checkcaps(capsysctl) == (SYSCTL1_READ0 | SYSCTL1_READ1 |

1566
	    SYSCTL1_READ2 | SYSCTL1_WRITE | SYSCTL1_READ_WRITE));

1567


1568
	cap_close(capsysctl);

1569
}

1570
ATF_TC_CLEANUP(cap_sysctl__names, tc)

1571
{

1572
	cleanup();

1573
}

1574


1575
ATF_TC_WITH_CLEANUP(cap_sysctl__no_limits);

1576
ATF_TC_HEAD(cap_sysctl__no_limits, tc)

1577
{

1578
}

1579
ATF_TC_BODY(cap_sysctl__no_limits, tc)

1580
{

1581
	cap_channel_t *capsysctl;

1582


1583
	capsysctl = initcap();

1584


1585
	ATF_REQUIRE_EQ(checkcaps(capsysctl), (SYSCTL0_READ0 | SYSCTL0_READ1 |

1586
	    SYSCTL0_READ2 | SYSCTL0_WRITE | SYSCTL0_READ_WRITE |

1587
	    SYSCTL1_READ0 | SYSCTL1_READ1 | SYSCTL1_READ2 | SYSCTL1_WRITE |

1588
	    SYSCTL1_READ_WRITE));

1589
}

1590
ATF_TC_CLEANUP(cap_sysctl__no_limits, tc)

1591
{

1592
	cleanup();

1593
}

1594


1595
ATF_TC_WITH_CLEANUP(cap_sysctl__recursive_limits);

1596
ATF_TC_HEAD(cap_sysctl__recursive_limits, tc)

1597
{

1598
}

1599
ATF_TC_BODY(cap_sysctl__recursive_limits, tc)

1600
{

1601
	cap_channel_t *capsysctl, *ocapsysctl;

1602
	void *limit;

1603
	size_t len;

1604
	int mib[2], val = 420;

1605


1606
	len = nitems(mib);

1607
	ATF_REQUIRE(sysctlnametomib(SYSCTL0_NAME, mib, &len) == 0);

1608


1609
	ocapsysctl = initcap();

1610


1611
	/*

1612
	 * Make sure that we match entire components.

1613
	 */

1614
	capsysctl = cap_clone(ocapsysctl);

1615
	ATF_REQUIRE(capsysctl != NULL);

1616


1617
	limit = cap_sysctl_limit_init(capsysctl);

1618
	(void)cap_sysctl_limit_name(limit, "ker",

1619
	    CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE);

1620
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1621


1622
	ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctlbyname(capsysctl, SYSCTL0_NAME,

1623
	    NULL, NULL, &val, sizeof(val)));

1624
	ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctl(capsysctl, mib, len,

1625
	    NULL, NULL, &val, sizeof(val)));

1626


1627
	cap_close(capsysctl);

1628


1629
	/*

1630
	 * Verify that we check for CAP_SYSCTL_RECURSIVE.

1631
	 */

1632
	capsysctl = cap_clone(ocapsysctl);

1633
	ATF_REQUIRE(capsysctl != NULL);

1634


1635
	limit = cap_sysctl_limit_init(capsysctl);

1636
	(void)cap_sysctl_limit_name(limit, "kern", CAP_SYSCTL_RDWR);

1637
	ATF_REQUIRE(cap_sysctl_limit(limit) == 0);

1638


1639
	ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctlbyname(capsysctl, SYSCTL0_NAME,

1640
	    NULL, NULL, &val, sizeof(val)));

1641
	ATF_REQUIRE_ERRNO(ENOTCAPABLE, cap_sysctl(capsysctl, mib, len,

1642
	    NULL, NULL, &val, sizeof(val)));

1643


1644
	cap_close(capsysctl);

1645
}

1646
ATF_TC_CLEANUP(cap_sysctl__recursive_limits, tc)

1647
{

1648
	cleanup();

1649
}

1650


1651
ATF_TC_WITH_CLEANUP(cap_sysctl__just_size);

1652
ATF_TC_HEAD(cap_sysctl__just_size, tc)

1653
{

1654
}

1655
ATF_TC_BODY(cap_sysctl__just_size, tc)

1656
{

1657
	cap_channel_t *capsysctl;

1658
	size_t len;

1659
	int mib0[2];

1660


1661
	capsysctl = initcap();

1662


1663
	len = nitems(mib0);

1664
	ATF_REQUIRE(sysctlnametomib(SYSCTL0_NAME, mib0, &len) == 0);

1665


1666
	ATF_REQUIRE(cap_sysctlbyname(capsysctl, SYSCTL0_NAME,

1667
	    NULL, &len, NULL, 0) == 0);

1668
	ATF_REQUIRE(len == sizeof(int));

1669
	ATF_REQUIRE(cap_sysctl(capsysctl, mib0, nitems(mib0),

1670
	    NULL, &len, NULL, 0) == 0);

1671
	ATF_REQUIRE(len == sizeof(int));

1672


1673
	cap_close(capsysctl);

1674
}

1675
ATF_TC_CLEANUP(cap_sysctl__just_size, tc)

1676
{

1677
	cleanup();

1678
}

1679


1680
ATF_TP_ADD_TCS(tp)

1681
{

1682
	ATF_TP_ADD_TC(tp, cap_sysctl__operation);

1683
	ATF_TP_ADD_TC(tp, cap_sysctl__names);

1684
	ATF_TP_ADD_TC(tp, cap_sysctl__no_limits);

1685
	ATF_TP_ADD_TC(tp, cap_sysctl__recursive_limits);

1686
	ATF_TP_ADD_TC(tp, cap_sysctl__just_size);

1687


1688
	return (atf_no_error());

1689
}

1690


1691