On Tue, Apr 27, 2021 at 10:37:25AM -0600, Theo de Raadt wrote: > > Would 0, 0 min, max be a simple and obvious way to say "read only" ? > > That is not as terrible.
Yes. But it has another undocumented side effect. I think sysctl_bounded_arr() inherits the minimum == maximum check from sysctl_int_bounded() which means unbounded. The latter is only used in sysctl_int(). > Or maybe a define like: > + #define SYSCTL_BOUNDED_ARR_READONLY 0,0 > Which can then be used in-place without confusion. I thought of that, too. Then reading the code would be easy. To cover all features we would need #define SYSCTL_INT_UNBOUNDED 0,0 #define SYSCTL_INT_READONLY 1,0 Both work for sysctl_bounded_arr(), sysctl_int_bounded(SYSCTL_INT_READONLY) could be implemented. Maybe that is too complex. > But whatever we do, it must be documented clearly. Yes, please. bluhm
