Bug 15446 - sysctl(2) can return EACCES without sufficient permissions
sysctl(2) can return EACCES without sufficient permissions
Product: Documentation
Classification: Unclassified
Component: man-pages
All Linux
: P1 low
Assigned To: documentation_man-pages@kernel-bugs.osdl.org
Depends on:
  Show dependency treegraph
Reported: 2010-03-05 07:37 UTC by Garrett Cooper
Modified: 2012-12-21 20:31 UTC (History)
2 users (show)

See Also:
Kernel Version:
Tree: Mainline
Regression: No


Description Garrett Cooper 2010-03-05 07:37:34 UTC
After a semi-lengthy discussion, it turns out that EACCES can and would be set in cases where a sysctl(2) isn't available [in the old model, pending a bug in test_perm] or the file isn't accessible [in the new model].

This currently isn't documented as such in the manpage.

It would probably be prudent to add the following to the manpage:

    EACCES The requested access to the sysctl is not allowed.

More testing will need to be performed to ensure that other unexpected errors don't pop up with sysctl(2), if possible time-wise.

Credit goes to Shi Weihua for finding the documentation bug, and Eric W. Biederman for noting the bug in the original sysctl(2) implementation.
Comment 1 Garrett Cooper 2010-08-17 06:57:57 UTC
Would someone please look into patching the manpage for this requirement?
Comment 2 Michael Kerrisk 2010-08-31 04:52:32 UTC
(In reply to comment #1)
> Would someone please look into patching the manpage for this requirement?

Garret, could you provide a pointer to the discussion that you mentioned in the report?
Comment 3 Garrett Cooper 2011-01-14 23:18:44 UTC
Sorry -- I canceled my Yahoo email account. Here's a link to this discussion: https://lkml.org/lkml/2010/3/4/309 .
Comment 4 Michael Kerrisk 2012-12-21 18:23:21 UTC
Garrett, I've applied a different patch from what you suggest, essentially just
making EACCES a synonym of EPERM.

index bb2d9a5..b1772d5 100644
--- a/man2/sysctl.2
+++ b/man2/sysctl.2
@@ -78,6 +78,7 @@ Otherwise, a value of \-1 is returned and
 is set to indicate the error.
 The invocation asked for the previous value by setting
 .I oldval
@@ -88,7 +89,7 @@ non-NULL, but allowed zero room in
 .I name
 was not found.
 No search permission for one of the encountered "directories",
 or no read permission where
 .I oldval
lines 1-21/21 (END)
Comment 5 Garrett Cooper 2012-12-21 20:31:19 UTC
LGTM. Thanks!

Note You need to log in before you can comment on or make changes to this bug.