1edd09a25SMariusz Zaborski.\" Copyright (c) 2018 Mariusz Zaborski <oshogbo@FreeBSD.org> 2edd09a25SMariusz Zaborski.\" All rights reserved. 3edd09a25SMariusz Zaborski.\" 4edd09a25SMariusz Zaborski.\" Redistribution and use in source and binary forms, with or without 5edd09a25SMariusz Zaborski.\" modification, are permitted provided that the following conditions 6edd09a25SMariusz Zaborski.\" are met: 7edd09a25SMariusz Zaborski.\" 1. Redistributions of source code must retain the above copyright 8edd09a25SMariusz Zaborski.\" notice, this list of conditions and the following disclaimer. 9edd09a25SMariusz Zaborski.\" 2. Redistributions in binary form must reproduce the above copyright 10edd09a25SMariusz Zaborski.\" notice, this list of conditions and the following disclaimer in the 11edd09a25SMariusz Zaborski.\" documentation and/or other materials provided with the distribution. 12edd09a25SMariusz Zaborski.\" 13edd09a25SMariusz Zaborski.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 14edd09a25SMariusz Zaborski.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15edd09a25SMariusz Zaborski.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16edd09a25SMariusz Zaborski.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 17edd09a25SMariusz Zaborski.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18edd09a25SMariusz Zaborski.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19edd09a25SMariusz Zaborski.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20edd09a25SMariusz Zaborski.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21edd09a25SMariusz Zaborski.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22edd09a25SMariusz Zaborski.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23edd09a25SMariusz Zaborski.\" SUCH DAMAGE. 24edd09a25SMariusz Zaborski.\" 25edd09a25SMariusz Zaborski.\" $FreeBSD$ 26edd09a25SMariusz Zaborski.\" 27*6c93a2d0SAlan Somers.Dd December 1, 2022 28edd09a25SMariusz Zaborski.Dt CAP_SYSCTL 3 29edd09a25SMariusz Zaborski.Os 30edd09a25SMariusz Zaborski.Sh NAME 311608c46eSMark Johnston.Nm cap_sysctl 32edd09a25SMariusz Zaborski.Nd "library for getting or setting system information in capability mode" 33edd09a25SMariusz Zaborski.Sh LIBRARY 34edd09a25SMariusz Zaborski.Lb libcap_sysctl 35edd09a25SMariusz Zaborski.Sh SYNOPSIS 36edd09a25SMariusz Zaborski.In libcasper.h 37edd09a25SMariusz Zaborski.In casper/cap_sysctl.h 38edd09a25SMariusz Zaborski.Ft int 391608c46eSMark Johnston.Fn cap_sysctl "cap_channel_t *chan" "const int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" "const void *newp" "size_t newlen" 401608c46eSMark Johnston.Ft int 41edd09a25SMariusz Zaborski.Fn cap_sysctlbyname "cap_channel_t *chan" "const char *name" "void *oldp" "size_t *oldlenp" "const void *newp" "size_t newlen" 421608c46eSMark Johnston.Ft int 431608c46eSMark Johnston.Fn cap_sysctlnametomib "cap_channel_t *chan" "const char *name" "int *mibp" "size_t *sizep" 44*6c93a2d0SAlan Somers.Ft cap_sysctl_limit_t * 451608c46eSMark Johnston.Fn cap_sysctl_limit_init "cap_channel_t *chan" 46*6c93a2d0SAlan Somers.Ft cap_sysctl_limit_t * 47*6c93a2d0SAlan Somers.Fn cap_sysctl_limit_name "cap_sysctl_limit_t *limit" "const char *name" "int flags" 48*6c93a2d0SAlan Somers.Ft cap_sysctl_limit_t * 49*6c93a2d0SAlan Somers.Fn cap_sysctl_limit_mib "cap_sysctl_limit_t *limit" "const int *mibp" "u_int miblen" "int flags" 501608c46eSMark Johnston.Ft int 51*6c93a2d0SAlan Somers.Fn cap_sysctl_limit "cap_sysctl_limit_t *limit" 52edd09a25SMariusz Zaborski.Sh DESCRIPTION 531608c46eSMark JohnstonThe 541608c46eSMark Johnston.Fn cap_sysctl , 55edd09a25SMariusz Zaborski.Fn cap_sysctlbyname 561608c46eSMark Johnstonand 571608c46eSMark Johnston.Fn cap_sysctlnametomib 581608c46eSMark Johnstonfunctions are equivalent to 591608c46eSMark Johnston.Xr sysctl 3 , 60edd09a25SMariusz Zaborski.Xr sysctlbyname 3 611608c46eSMark Johnstonand 621608c46eSMark Johnston.Xr sysctlnametomib 3 , 631608c46eSMark Johnstonexcept that they are implemented by the 641608c46eSMark Johnston.Ql system.sysctl 651608c46eSMark Johnston.Xr libcasper 3 661608c46eSMark Johnstonservice and require a corresponding 671608c46eSMark Johnston.Xr libcasper 3 681608c46eSMark Johnstoncapability. 69edd09a25SMariusz Zaborski.Sh LIMITS 701608c46eSMark JohnstonBy default, the 711608c46eSMark Johnston.Nm 721608c46eSMark Johnstoncapability provides unrestricted access to the sysctl namespace. 731608c46eSMark JohnstonApplications typically only require access to a small number of sysctl 741608c46eSMark Johnstonvariables; the 751608c46eSMark Johnston.Fn cap_sysctl_limit 761608c46eSMark Johnstoninterface can be used to restrict the sysctls that can be accessed using 771608c46eSMark Johnstonthe 781608c46eSMark Johnston.Nm 791608c46eSMark Johnstoncapability. 801608c46eSMark Johnston.Fn cap_sysctl_limit_init 811608c46eSMark Johnstonreturns an opaque limit handle used to store a list of permitted sysctls 821608c46eSMark Johnstonand access rights. 831608c46eSMark JohnstonRights are encoded using the following flags: 841608c46eSMark Johnston.Pp 851608c46eSMark Johnston.Bd -literal -offset indent -compact 861608c46eSMark JohnstonCAP_SYSCTL_READ allow reads of the sysctl variable 871608c46eSMark JohnstonCAP_SYSCTL_WRITE allow writes of the sysctl variable 881608c46eSMark JohnstonCAP_SYSCTL_RDWR allow reads and writes of the sysctl variable 891608c46eSMark JohnstonCAP_RECURSIVE permit access to any child of the sysctl variable 901608c46eSMark Johnston.Ed 911608c46eSMark Johnston.Pp 92edd09a25SMariusz ZaborskiThe 931608c46eSMark Johnston.Fn cap_sysctl_limit_name 941608c46eSMark Johnstonfunction adds the sysctl identified by 951608c46eSMark Johnston.Ar name 961608c46eSMark Johnstonto the limit list, and 971608c46eSMark Johnston.Fn cap_sysctl_limit_mib 981608c46eSMark Johnstonfunction adds the sysctl identified by 991608c46eSMark Johnston.Ar mibp 1001608c46eSMark Johnstonto the limit list. 1011608c46eSMark JohnstonThe access rights for the sysctl are specified in the 1021608c46eSMark Johnston.Ar flags 1031608c46eSMark Johnstonparameter; at least one of 104edd09a25SMariusz Zaborski.Dv CAP_SYSCTL_READ , 1051608c46eSMark Johnston.Dv CAP_SYSCTL_WRITE 106edd09a25SMariusz Zaborskiand 107edd09a25SMariusz Zaborski.Dv CAP_SYSCTL_RDWR 1081608c46eSMark Johnstonmust be specified. 1091608c46eSMark Johnston.Fn cap_sysctl_limit 1101608c46eSMark Johnstonapplies a set of sysctl limits to the capability, denying access to sysctl 1111608c46eSMark Johnstonvariables not belonging to the set. 112*6c93a2d0SAlan SomersIt consumes the limit handle. 113*6c93a2d0SAlan SomersAfter either success or failure, the user must not access the handle again. 1141608c46eSMark Johnston.Pp 1151608c46eSMark JohnstonOnce a set of limits is applied, subsequent calls to 1161608c46eSMark Johnston.Fn cap_sysctl_limit 1171608c46eSMark Johnstonwill fail unless the new set is a subset of the current set. 1181608c46eSMark Johnston.Pp 1191608c46eSMark Johnston.Fn cap_sysctlnametomib 1201608c46eSMark Johnstonwill succeed so long as the named sysctl variable is present in the limit set, 1211608c46eSMark Johnstonregardless of its access rights. 1221608c46eSMark JohnstonWhen a sysctl variable name is added to a limit set, its MIB identifier is 1231608c46eSMark Johnstonautomatically added to the set. 124edd09a25SMariusz Zaborski.Sh EXAMPLES 1251608c46eSMark JohnstonThe following example first opens a capability to casper, uses this 126edd09a25SMariusz Zaborskicapability to create the 127edd09a25SMariusz Zaborski.Nm system.sysctl 1281608c46eSMark Johnstoncasper service, and then uses the 1291608c46eSMark Johnston.Nm 1301608c46eSMark Johnstoncapability to get the value of 131edd09a25SMariusz Zaborski.Dv kern.trap_enotcap . 132edd09a25SMariusz Zaborski.Bd -literal 133edd09a25SMariusz Zaborskicap_channel_t *capcas, *capsysctl; 134edd09a25SMariusz Zaborskiconst char *name = "kern.trap_enotcap"; 1351608c46eSMark Johnstonvoid *limit; 136edd09a25SMariusz Zaborskisize_t size; 13744bbda64SMark Johnstonbool value; 138edd09a25SMariusz Zaborski 139edd09a25SMariusz Zaborski/* Open capability to Casper. */ 140edd09a25SMariusz Zaborskicapcas = cap_init(); 141edd09a25SMariusz Zaborskiif (capcas == NULL) 142edd09a25SMariusz Zaborski err(1, "Unable to contact Casper"); 143edd09a25SMariusz Zaborski 144edd09a25SMariusz Zaborski/* Enter capability mode sandbox. */ 145edd09a25SMariusz Zaborskiif (cap_enter() < 0 && errno != ENOSYS) 146edd09a25SMariusz Zaborski err(1, "Unable to enter capability mode"); 147edd09a25SMariusz Zaborski 148edd09a25SMariusz Zaborski/* Use Casper capability to create capability to the system.sysctl service. */ 149edd09a25SMariusz Zaborskicapsysctl = cap_service_open(capcas, "system.sysctl"); 150edd09a25SMariusz Zaborskiif (capsysctl == NULL) 151edd09a25SMariusz Zaborski err(1, "Unable to open system.sysctl service"); 152edd09a25SMariusz Zaborski 153edd09a25SMariusz Zaborski/* Close Casper capability, we don't need it anymore. */ 154edd09a25SMariusz Zaborskicap_close(capcas); 155edd09a25SMariusz Zaborski 156edd09a25SMariusz Zaborski/* Create limit for one MIB with read access only. */ 1571608c46eSMark Johnstonlimit = cap_sysctl_limit_init(capsysctl); 1581608c46eSMark Johnston(void)cap_sysctl_limit_name(limit, name, CAP_SYSCTL_READ); 159edd09a25SMariusz Zaborski 160edd09a25SMariusz Zaborski/* Limit system.sysctl. */ 1611608c46eSMark Johnstonif (cap_sysctl_limit(limit) < 0) 162edd09a25SMariusz Zaborski err(1, "Unable to set limits"); 163edd09a25SMariusz Zaborski 164edd09a25SMariusz Zaborski/* Fetch value. */ 16544bbda64SMark Johnstonsize = sizeof(value); 166edd09a25SMariusz Zaborskiif (cap_sysctlbyname(capsysctl, name, &value, &size, NULL, 0) < 0) 167edd09a25SMariusz Zaborski err(1, "Unable to get value of sysctl"); 168edd09a25SMariusz Zaborski 169edd09a25SMariusz Zaborskiprintf("The value of %s is %d.\\n", name, value); 170edd09a25SMariusz Zaborski 171edd09a25SMariusz Zaborskicap_close(capsysctl); 172edd09a25SMariusz Zaborski.Ed 173*6c93a2d0SAlan Somers.Sh RETURN VALUES 174*6c93a2d0SAlan Somers.Fn cap_sysctl_limit_init 175*6c93a2d0SAlan Somerswill return a new limit handle on success or 176*6c93a2d0SAlan Somers.Dv NULL 177*6c93a2d0SAlan Somerson failure, and set 178*6c93a2d0SAlan Somers.Va errno . 179*6c93a2d0SAlan Somers.Fn cap_sysctl_limit_mib 180*6c93a2d0SAlan Somersand 181*6c93a2d0SAlan Somers.Fn cap_sysctl_limit_name 182*6c93a2d0SAlan Somerswill return the modified limit handle on success or 183*6c93a2d0SAlan Somers.Dv NULL 184*6c93a2d0SAlan Somerson failure and set 185*6c93a2d0SAlan Somers.Va errno . 186*6c93a2d0SAlan SomersAfter failure, the caller must not access the limit handle again. 187*6c93a2d0SAlan Somers.Fn cap_sysctl_limit 188*6c93a2d0SAlan Somerswill return 189*6c93a2d0SAlan Somers.Dv -1 190*6c93a2d0SAlan Somerson failure and set 191*6c93a2d0SAlan Somers.Va errno . 192*6c93a2d0SAlan Somers.Fn cap_sysctl , 193*6c93a2d0SAlan Somers.Fn cap_sysctlbyname , 194*6c93a2d0SAlan Somersand 195*6c93a2d0SAlan Somers.Fn cap_sysctlnametomib 196*6c93a2d0SAlan Somershave the same return values as their non-capability-mode equivalents as 197*6c93a2d0SAlan Somersdocumented in 198*6c93a2d0SAlan Somers.Xr sysctl 3 . 199edd09a25SMariusz Zaborski.Sh SEE ALSO 200edd09a25SMariusz Zaborski.Xr cap_enter 2 , 201edd09a25SMariusz Zaborski.Xr err 3 , 2021608c46eSMark Johnston.Xr sysctl 3 , 203edd09a25SMariusz Zaborski.Xr sysctlbyname 3 , 2041608c46eSMark Johnston.Xr sysctlnametomib 3 , 205edd09a25SMariusz Zaborski.Xr capsicum 4 , 206edd09a25SMariusz Zaborski.Xr nv 9 207421f325eSGordon Bergling.Sh HISTORY 208421f325eSGordon BerglingThe 209421f325eSGordon Bergling.Nm cap_sysctl 210421f325eSGordon Berglingservice first appeared in 211421f325eSGordon Bergling.Fx 10.3 . 212edd09a25SMariusz Zaborski.Sh AUTHORS 213edd09a25SMariusz ZaborskiThe 214edd09a25SMariusz Zaborski.Nm cap_sysctl 215edd09a25SMariusz Zaborskiservice was implemented by 216edd09a25SMariusz Zaborski.An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net 217edd09a25SMariusz Zaborskiunder sponsorship from the FreeBSD Foundation. 218edd09a25SMariusz Zaborski.Pp 219edd09a25SMariusz ZaborskiThis manual page was written by 220edd09a25SMariusz Zaborski.An Mariusz Zaborski Aq Mt oshogbo@FreeBSD.org . 221