8 files changed, 52 insertions, 33 deletions

diff --git a/lib/libcasper/services/cap_sysctl/Makefile b/lib/libcasper/services/cap_sysctl/Makefile
index afb7b4374370..4408bad4efb4 100644
--- a/lib/libcasper/services/cap_sysctl/Makefile
+++ b/lib/libcasper/services/cap_sysctl/Makefile
@@ -1,11 +1,7 @@
-# $FreeBSD$
-
-SHLIBDIR?=	/lib/casper
+SHLIBDIR?=	/lib
 
 .include <src.opts.mk>
 
-PACKAGE=	runtime
-
 SHLIB_MAJOR=	2
 INCSDIR?=	${INCLUDEDIR}/casper
 
diff --git a/lib/libcasper/services/cap_sysctl/Makefile.depend b/lib/libcasper/services/cap_sysctl/Makefile.depend
index 76ff626255b2..02bae00eb04d 100644
--- a/lib/libcasper/services/cap_sysctl/Makefile.depend
+++ b/lib/libcasper/services/cap_sysctl/Makefile.depend
@@ -1,4 +1,3 @@
-# $FreeBSD$
 # Autogenerated - do NOT edit!
 
 DIRDEPS = \
diff --git a/lib/libcasper/services/cap_sysctl/cap_sysctl.3 b/lib/libcasper/services/cap_sysctl/cap_sysctl.3
index 0a7d009e1c3c..2c7a491a1f8b 100644
--- a/lib/libcasper/services/cap_sysctl/cap_sysctl.3
+++ b/lib/libcasper/services/cap_sysctl/cap_sysctl.3
@@ -22,9 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $FreeBSD$
-.\"
-.Dd May 5, 2020
+.Dd December 6, 2023
 .Dt CAP_SYSCTL 3
 .Os
 .Sh NAME
@@ -41,14 +39,14 @@
 .Fn cap_sysctlbyname "cap_channel_t *chan" "const char *name" "void *oldp" "size_t *oldlenp" "const void *newp" "size_t newlen"
 .Ft int
 .Fn cap_sysctlnametomib "cap_channel_t *chan" "const char *name" "int *mibp" "size_t *sizep"
-.Ft void *
+.Ft cap_sysctl_limit_t *
 .Fn cap_sysctl_limit_init "cap_channel_t *chan"
-.Ft void *
-.Fn cap_sysctl_limit_name "void *limit" "const char *name" "int flags"
-.Ft void *
-.Fn cap_sysctl_limit_mib "void *limit" "const int *mibp" "u_int miblen" "int flags"
+.Ft cap_sysctl_limit_t *
+.Fn cap_sysctl_limit_name "cap_sysctl_limit_t *limit" "const char *name" "int flags"
+.Ft cap_sysctl_limit_t *
+.Fn cap_sysctl_limit_mib "cap_sysctl_limit_t *limit" "const int *mibp" "u_int miblen" "int flags"
 .Ft int
-.Fn cap_sysctl_limit "void *limit"
+.Fn cap_sysctl_limit "cap_sysctl_limit_t *limit"
 .Sh DESCRIPTION
 The
 .Fn cap_sysctl ,
@@ -66,6 +64,15 @@ except that they are implemented by the
 service and require a corresponding
 .Xr libcasper 3
 capability.
+.Pp
+All of these functions, with the exceptions of
+.Fn cap_sysctl_limit_init
+and
+.Fn cap_sysctl_limit_mib ,
+are reentrant but not thread-safe.
+That is, they may be called from separate threads only with different
+.Vt cap_channel_t
+arguments or with synchronization.
 .Sh LIMITS
 By default, the
 .Nm
@@ -109,6 +116,8 @@ must be specified.
 .Fn cap_sysctl_limit
 applies a set of sysctl limits to the capability, denying access to sysctl
 variables not belonging to the set.
+It consumes the limit handle.
+After either success or failure, the user must not access the handle again.
 .Pp
 Once a set of limits is applied, subsequent calls to
 .Fn cap_sysctl_limit
@@ -168,6 +177,32 @@ printf("The value of %s is %d.\\n", name, value);
 
 cap_close(capsysctl);
 .Ed
+.Sh RETURN VALUES
+.Fn cap_sysctl_limit_init
+will return a new limit handle on success or
+.Dv NULL
+on failure, and set
+.Va errno .
+.Fn cap_sysctl_limit_mib
+and
+.Fn cap_sysctl_limit_name
+will return the modified limit handle on success or
+.Dv NULL
+on failure and set
+.Va errno .
+After failure, the caller must not access the limit handle again.
+.Fn cap_sysctl_limit
+will return
+.Dv -1
+on failure and set
+.Va errno .
+.Fn cap_sysctl ,
+.Fn cap_sysctlbyname ,
+and
+.Fn cap_sysctlnametomib
+have the same return values as their non-capability-mode equivalents as
+documented in
+.Xr sysctl 3 .
 .Sh SEE ALSO
 .Xr cap_enter 2 ,
 .Xr err 3 ,
diff --git a/lib/libcasper/services/cap_sysctl/cap_sysctl.c b/lib/libcasper/services/cap_sysctl/cap_sysctl.c
index 3f9631d7faca..c99fd74cb169 100644
--- a/lib/libcasper/services/cap_sysctl/cap_sysctl.c
+++ b/lib/libcasper/services/cap_sysctl/cap_sysctl.c
@@ -1,8 +1,7 @@
 /*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ * SPDX-License-Identifier: BSD-2-Clause
  *
  * Copyright (c) 2013, 2018 The FreeBSD Foundation
- * All rights reserved.
  *
  * This software was developed by Pawel Jakub Dawidek under sponsorship from
  * the FreeBSD Foundation.
@@ -32,9 +31,6 @@
  * SUCH DAMAGE.
  */
 
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
 #include <sys/param.h>
 #include <sys/cnv.h>
 #include <sys/dnv.h>
diff --git a/lib/libcasper/services/cap_sysctl/cap_sysctl.h b/lib/libcasper/services/cap_sysctl/cap_sysctl.h
index 5a338d672a84..51243128a683 100644
--- a/lib/libcasper/services/cap_sysctl/cap_sysctl.h
+++ b/lib/libcasper/services/cap_sysctl/cap_sysctl.h
@@ -1,6 +1,5 @@
 /*-
  * Copyright (c) 2013 The FreeBSD Foundation
- * All rights reserved.
  *
  * This software was developed by Pawel Jakub Dawidek under sponsorship from
  * the FreeBSD Foundation.
@@ -25,8 +24,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $FreeBSD$
  */
 
 #ifndef _CAP_SYSCTL_H_
diff --git a/lib/libcasper/services/cap_sysctl/tests/Makefile b/lib/libcasper/services/cap_sysctl/tests/Makefile
index d0d9f9bd7a0d..85bb0d28c389 100644
--- a/lib/libcasper/services/cap_sysctl/tests/Makefile
+++ b/lib/libcasper/services/cap_sysctl/tests/Makefile
@@ -1,5 +1,3 @@
-# $FreeBSD$
-
 .include <src.opts.mk>
 
 ATF_TESTS_C=	sysctl_test
@@ -11,6 +9,9 @@ CFLAGS+=-DWITH_CASPER
 .endif
 LIBADD+=	nv
 
-TEST_METADATA.sysctl_test+=	required_user="root"
+# cap_sysctl tests modify global sysctl values and read them back, so
+# cannot be run in parallel.
+TEST_METADATA.sysctl_test+=	required_user="root" \
+				is_exclusive=true
 
 .include <bsd.test.mk>
diff --git a/lib/libcasper/services/cap_sysctl/tests/Makefile.depend b/lib/libcasper/services/cap_sysctl/tests/Makefile.depend
index 81ebff999213..1938a0318d2c 100644
--- a/lib/libcasper/services/cap_sysctl/tests/Makefile.depend
+++ b/lib/libcasper/services/cap_sysctl/tests/Makefile.depend
@@ -1,11 +1,10 @@
-# $FreeBSD$
 # Autogenerated - do NOT edit!
 
 DIRDEPS = \
-	gnu/lib/csu \
 	include \
 	include/xlocale \
 	lib/${CSU_DIR} \
+	lib/atf/libatf-c \
 	lib/libc \
 	lib/libcasper/libcasper \
 	lib/libcasper/services/cap_sysctl \
diff --git a/lib/libcasper/services/cap_sysctl/tests/sysctl_test.c b/lib/libcasper/services/cap_sysctl/tests/sysctl_test.c
index cbe5c3c57724..300333f11790 100644
--- a/lib/libcasper/services/cap_sysctl/tests/sysctl_test.c
+++ b/lib/libcasper/services/cap_sysctl/tests/sysctl_test.c
@@ -1,8 +1,7 @@
 /*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ * SPDX-License-Identifier: BSD-2-Clause
  *
  * Copyright (c) 2013, 2018 The FreeBSD Foundation
- * All rights reserved.
  *
  * This software was developed by Pawel Jakub Dawidek under sponsorship from
  * the FreeBSD Foundation.
@@ -32,9 +31,6 @@
  * SUCH DAMAGE.
  */
 
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
 #include <sys/types.h>
 #include <sys/capsicum.h>
 #include <sys/sysctl.h>