Define two new sysctl node flags: CTLFLAG_CAPRD and CTLFLAG_CAPRW, which

may be jointly referenced via the mask CTLFLAG_CAPRW.  Sysctls with these
flags are available in Capsicum's capability mode; other sysctl nodes are
not.

Flag several useful sysctls as available in capability mode, such as memory
layout sysctls required by the run-time linker and malloc(3).  Also expose
access to randomness and available kernel features.

A few sysctls are enabled to support name->MIB conversion; these may leak
information to capability mode by virtue of providing resolution on names
not flagged for access in capability mode.  This is, generally, not a huge
problem, but might be something to resolve in the future.  Flag these cases
with XXX comments.

Submitted by:	jonathan
Sponsored by:	Google, Inc.

1 files changed, 3 insertions, 2 deletions

diff --git a/sys/kern/posix4_mib.c b/sys/kern/posix4_mib.c
index 2fb926b..e299787 100644
--- a/sys/kern/posix4_mib.c
+++ b/sys/kern/posix4_mib.c
@@ -57,7 +57,8 @@ static int p31b_sysctl_proc(SYSCTL_HANDLER_ARGS);
 SYSCTL_DECL(_p1003_1b);
 
 #define P1B_SYSCTL(num, name)  \
-	SYSCTL_INT(_p1003_1b, num, name, CTLFLAG_RD, facility + num - 1, 0, "");
+	SYSCTL_INT(_p1003_1b, num, name, CTLFLAG_RD | CTLFLAG_CAPRD, \
+	facility + num - 1, 0, "");
 #define P1B_SYSCTL_RW(num, name)  \
 	SYSCTL_PROC(_p1003_1b, num, name, CTLTYPE_INT | CTLFLAG_RW, NULL, num, \
 	    p31b_sysctl_proc, "I", "");
@@ -67,7 +68,7 @@ SYSCTL_DECL(_p1003_1b);
 SYSCTL_DECL(_kern_p1003_1b);
 
 #define P1B_SYSCTL(num, name)  \
-	SYSCTL_INT(_kern_p1003_1b, OID_AUTO, name, CTLFLAG_RD, \
+	SYSCTL_INT(_kern_p1003_1b, OID_AUTO, name, CTLFLAG_RD | CTLFLAG_CAPRD, \
 	    facility + num - 1, 0, "");
 #define P1B_SYSCTL_RW(num, name)  \
 	SYSCTL_PROC(_p1003_1b, OID_AUTO, name, CTLTYPE_INT | CTLFLAG_RW, NULL, \