Make sysctl user.local a tunable that can be written at run-time

This sysctl value had been provided as a read-only variable that is compiled into the C library based on the value of _PATH_LOCALBASE in paths.h. After this change, the value is compiled into the kernel as an empty string, which is translated to _PATH_LOCALBASE by the C library. This empty string can be overridden at boot time or by a privileged user at run time and will then be returned by sysctl. When set to an empty string, the value returned by sysctl reverts to _PATH_LOCALBASE. This update does not change the behavior on any system that does not modify the default value of user.localbase. I consider this change as experimental and would prefer if the run-time write permission was reconsidered and the sysctl variable defined with CLFLAG_RDTUN instead to restrict it to be set at boot time. MFC after: 1 month
2026-04-04 17:05:14 -04:00 · 2020-10-31 23:48:41 +00:00 · 2020-10-31 23:48:41 +00:00 · 1ebef47735
commit 1ebef47735
parent 113ec54c58
2 changed files with 23 additions and 12 deletions
--- a/lib/libc/gen/sysctl.c
+++ b/lib/libc/gen/sysctl.c
@ -68,14 +68,14 @@ sysctl(const int *name, u_int namelen, void *oldp, size_t *oldlenp,
 	if (retval || name[0] != CTL_USER)
 		return (retval);

-	if (newp != NULL) {
-		errno = EPERM;
-		return (-1);
-	}
 	if (namelen != 2) {
 		errno = EINVAL;
 		return (-1);
 	}
+	if (newp != NULL && name[1] != USER_LOCALBASE) {
+		errno = EPERM;
+		return (-1);
+	}

 	switch (name[1]) {
 	case USER_CS_PATH:
@ -88,13 +88,21 @@ sysctl(const int *name, u_int namelen, void *oldp, size_t *oldlenp,
 			memmove(oldp, _PATH_STDPATH, sizeof(_PATH_STDPATH));
 		return (0);
 	case USER_LOCALBASE:
-		if (oldp != NULL && orig_oldlen < sizeof(_PATH_LOCALBASE)) {
-			errno = ENOMEM;
-			return (-1);
+		if (oldlenp != NULL) {
+			if (oldp == NULL) {
+				if (*oldlenp == 1)
+					*oldlenp = sizeof(_PATH_LOCALBASE);
+			} else {
+				if (*oldlenp != 1)
+					return (retval);
+				if (orig_oldlen < sizeof(_PATH_LOCALBASE)) {
+					errno = ENOMEM;
+					return (-1);
+				}
+				*oldlenp = sizeof(_PATH_LOCALBASE);
+				memmove(oldp, _PATH_LOCALBASE, sizeof(_PATH_LOCALBASE));
+			}
 		}
-		*oldlenp = sizeof(_PATH_LOCALBASE);
-		if (oldp != NULL)
-			memmove(oldp, _PATH_LOCALBASE, sizeof(_PATH_LOCALBASE));
 		return (0);
 	}

--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@ -652,8 +652,11 @@ SYSCTL_INT(_user, USER_STREAM_MAX, stream_max, CTLFLAG_RD,
    SYSCTL_NULL_INT_PTR, 0, "Min Maximum number of streams a process may have open at one time");
 SYSCTL_INT(_user, USER_TZNAME_MAX, tzname_max, CTLFLAG_RD,
    SYSCTL_NULL_INT_PTR, 0, "Min Maximum number of types supported for timezone names");
-SYSCTL_STRING(_user, USER_LOCALBASE, localbase, CTLFLAG_RD,
-    "", 0, "Prefix used to install and locate add-on packages");
+
+static char localbase[MAXPATHLEN] = "";
+
+SYSCTL_STRING(_user, USER_LOCALBASE, localbase, CTLFLAG_RWTUN,
+    localbase, sizeof(localbase), "Prefix used to install and locate add-on packages");

 #include <sys/vnode.h>
 SYSCTL_INT(_debug_sizeof, OID_AUTO, vnode, CTLFLAG_RD,