Bug 15446

Summary: sysctl(2) can return EACCES without sufficient permissions
Product: Documentation Reporter: Garrett Cooper (yaneurabeya)
Component: man-pagesAssignee: documentation_man-pages (documentation_man-pages)
Status: RESOLVED CODE_FIX    
Severity: low CC: mtk.manpages, yanegomi
Priority: P1    
Hardware: All   
OS: Linux   
URL: http://sourceforge.net/mailarchive/forum.php?thread_name=364299f41003042320n7437e4a2j219b32a0a5f8dc50%40mail.gmail.com&forum_name=ltp-list
Kernel Version: Subsystem:
Regression: No Bisected commit-id:

Description Garrett Cooper 2010-03-05 07:37:34 UTC
After a semi-lengthy discussion, it turns out that EACCES can and would be set in cases where a sysctl(2) isn't available [in the old model, pending a bug in test_perm] or the file isn't accessible [in the new model].

This currently isn't documented as such in the manpage.

It would probably be prudent to add the following to the manpage:

    EACCES The requested access to the sysctl is not allowed.

More testing will need to be performed to ensure that other unexpected errors don't pop up with sysctl(2), if possible time-wise.

Credit goes to Shi Weihua for finding the documentation bug, and Eric W. Biederman for noting the bug in the original sysctl(2) implementation.
Comment 1 Garrett Cooper 2010-08-17 06:57:57 UTC
Would someone please look into patching the manpage for this requirement?
Comment 2 Michael Kerrisk 2010-08-31 04:52:32 UTC
(In reply to comment #1)
> Would someone please look into patching the manpage for this requirement?

Garret, could you provide a pointer to the discussion that you mentioned in the report?
Comment 3 Garrett Cooper 2011-01-14 23:18:44 UTC
Sorry -- I canceled my Yahoo email account. Here's a link to this discussion: https://lkml.org/lkml/2010/3/4/309 .
Comment 4 Michael Kerrisk 2012-12-21 18:23:21 UTC
Garrett, I've applied a different patch from what you suggest, essentially just
making EACCES a synonym of EPERM.

index bb2d9a5..b1772d5 100644
--- a/man2/sysctl.2
+++ b/man2/sysctl.2
@@ -78,6 +78,7 @@ Otherwise, a value of \-1 is returned and
 is set to indicate the error.
 .SH ERRORS
 .TP
+.TP
 .B EFAULT
 The invocation asked for the previous value by setting
 .I oldval
@@ -88,7 +89,7 @@ non-NULL, but allowed zero room in
 .I name
 was not found.
 .TP
-.B EPERM
+.BR EACCES ", " EPERM
 No search permission for one of the encountered "directories",
 or no read permission where
 .I oldval
lines 1-21/21 (END)
Comment 5 Garrett Cooper 2012-12-21 20:31:19 UTC
LGTM. Thanks!