An option to ignore sysctl CTLFLAG_ANYBODY

Alfonso Siciliano alfix86 at
Sun Jun 21 02:58:08 UTC 2020

On Sat, 20 Jun 2020 19:38:12 +0000
Teran McKinney <sega01 at> wrote:

> I have tried that and it does work. The problem is that even a
> simple read call like `sysctl hw.ncpu` will return an error for
> non-root users. Which, while not essential, would be nice to
> keep.

This new change to kern_sysctl.c should solve the problem:
	/* Is this sysctl writable by only privileged users? */
	if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
	 * Is this sysctl writable? Does it belong to the undocumented interface
	 * or sysctlinfo?
	if (req->newptr && !(SYSCTL_CHILDREN(&sysctl___sysctl) == oid->oid_parent)) {


	% uname -K
	% sysctl hw.ncpu
	hw.ncpu: 1
	% nsysctl -NatGv hw.snd.default_unit
	hw.snd.default_unit: integer:  RD WR RW ANYBODY TUN RDTUN RWTUN NOFETCH: 0
	% sysctl hw.snd.default_unit
	hw.snd.default_unit: 0
	% sysctl hw.snd.default_unit=1
	hw.snd.default_unit: 0
	sysctl: hw.snd.default_unit=1: Operation not permitted


Alfonso S. Siciliano

More information about the freebsd-hackers mailing list