An option to ignore sysctl CTLFLAG_ANYBODY

[Teran McKinney]

Dear freebsd-hackers,

I apologize if I am using the wrong list for this.

I am wondering what the best way is to remove CTLFLAG_ANYBODY
behavior on my systems. For my purposes, it's not desirable for any
user to be able to adjust certain sysctls. I'd prefer root to be
the only one able to adjust sysctl.

I've made some attempts at a patch, but so far have managed to block
users from doing almost anything in sysctl (sysctl -a will list
keys, but sysctl hw.ncpu will say the oid was not found or something
like that), or by mistake allow users to set any sysctl under the
sun.

I generally don't know what I'm doing as it's my first time hacking
on the FreeBSD kernel, or any kernel in general for that matter. I
was hoping that someone with more experience than myself would take
pity or have some kind of zealous hatred to CTRLFLAG_ANYBODY as I
do, and join me on my mission to relegate sysctl soley to the God
powers of the mighty Root.

Perhaps this could be a simple one off patch I apply, a compile
time configuration, or a sysctl itself that controls the fate of
CTLFLAG_ANYBODY. I'm not sure if that would be sacreligious or not.

Thank you for your time. Hopefully as well for your thoughtful
advice.

Sincerely,

Teran