Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CAP_SYSCTL(3)		 BSD Library Functions Manual		 CAP_SYSCTL(3)

NAME
     cap_sysctlbyname -- library for getting or	setting	system information in
     capability	mode

LIBRARY
     library "libcap_sysctl"

SYNOPSIS
     #include <sys/nv.h>
     #include <libcasper.h>
     #include <casper/cap_sysctl.h>

     int
     cap_sysctlbyname(cap_channel_t *chan, const char *name, void *oldp,
	 size_t	*oldlenp, const	void *newp, size_t newlen);

DESCRIPTION
     The function cap_sysctlbyname() is	equivalent to sysctlbyname(3) except
     that the connection to the	system.sysctl service needs to be provided.

LIMITS
     The service can be	limited	using cap_limit_set(3) function.  The
     nvlist(9) for that	function can contain the following values and types:

	   (NV_TYPE_NUMBER)
	   The name of the element with	type number will be treated as the
	   limited sysctl.  The	value of the element will describe the access
	   rights for given sysctl.  There are four different rights
	   CAP_SYSCTL_READ, CAP_SYSCTL_WRITE, CAP_SYSCTL_RDWR, and
	   CAP_SYSCTL_RECURSIVE.  The CAP_SYSCTL_READ flag allows to fetch the
	   value of a given sysctl.  The CAP_SYSCTL_WIRTE flag allows to over-
	   ride	the value of a given sysctl.  The CAP_SYSCTL_RDWR is combina-
	   tion	of the CAP_SYSCTL_WIRTE	and CAP_SYSCTL_READ and	allows to read
	   and write the value of a given sysctl.  The CAP_SYSCTL_RECURSIVE
	   allows access to all	children of a given sysctl.  This right	must
	   be combined with at least one other right.

EXAMPLES
     The following example first opens a capability to casper and then uses
     this capability to	create the system.sysctl casper	service	and uses it to
     get the value of kern.trap_enotcap.

     cap_channel_t *capcas, *capsysctl;
     const char	*name =	"kern.trap_enotcap";
     nvlist_t *limits;
     int value;
     size_t size;

     /*	Open capability	to Casper. */
     capcas = cap_init();
     if	(capcas	== NULL)
	     err(1, "Unable to contact Casper");

     /*	Enter capability mode sandbox. */
     if	(cap_enter() < 0 && errno != ENOSYS)
	     err(1, "Unable to enter capability	mode");

     /*	Use Casper capability to create	capability to the system.sysctl	service. */
     capsysctl = cap_service_open(capcas, "system.sysctl");
     if	(capsysctl == NULL)
	     err(1, "Unable to open system.sysctl service");

     /*	Close Casper capability, we don't need it anymore. */
     cap_close(capcas);

     /*	Create limit for one MIB with read access only.	*/
     limits = nvlist_create(0);
     nvlist_add_number(limits, name, CAP_SYSCTL_READ);

     /*	Limit system.sysctl. */
     if	(cap_limit_set(capsysctl, limits) < 0)
	     err(1, "Unable to set limits");

     /*	Fetch value. */
     if	(cap_sysctlbyname(capsysctl, name, &value, &size, NULL,	0) < 0)
	     err(1, "Unable to get value of sysctl");

     printf("The value of %s is	%d.\n",	name, value);

     cap_close(capsysctl);

SEE ALSO
     cap_enter(2), err(3), sysctlbyname(3), capsicum(4), nv(9)

AUTHORS
     The cap_sysctl service was	implemented by Pawel Jakub Dawidek
     <pawel@dawidek.net> under sponsorship from	the FreeBSD Foundation.

     This manual page was written by
     Mariusz Zaborski <oshogbo@FreeBSD.org>.

BSD				March 18, 2018				   BSD

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | LIMITS | EXAMPLES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=cap_sysctlbyname&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help