From: Jack Baldry <jack.baldry@grafana.com>
Date: Wed, 16 Nov 2022 22:00:06 -0400
Subject: [PATCH] Remove system controls table

Relies on <sys/sysctl.h> which is not present in glibc since 2.32.

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---
 osquery/tables/system/CMakeLists.txt         |  4 --
 specs/CMakeLists.txt                         |  1 -
 specs/posix/system_controls.table            | 21 -------
 tests/integration/tables/system_controls.cpp | 61 --------------------
 4 files changed, 87 deletions(-)
 delete mode 100644 specs/posix/system_controls.table
 delete mode 100644 tests/integration/tables/system_controls.cpp

diff --git a/osquery/tables/system/CMakeLists.txt b/osquery/tables/system/CMakeLists.txt
--- a/osquery/tables/system/CMakeLists.txt
+++ b/osquery/tables/system/CMakeLists.txt
@@ -43,7 +43,6 @@ function(generateOsqueryTablesSystemSystemtable)
       posix/smbios_utils.cpp
       posix/sudoers.cpp
       posix/suid_bin.cpp
-      posix/system_controls.cpp
       posix/ulimit_info.cpp
     )
   endif()
@@ -82,7 +81,6 @@ function(generateOsqueryTablesSystemSystemtable)
       linux/shared_memory.cpp
       linux/smbios_tables.cpp
       linux/startup_items.cpp
-      linux/sysctl_utils.cpp
       linux/system_info.cpp
       linux/usb_devices.cpp
       linux/user_groups.cpp
@@ -156,7 +154,6 @@ function(generateOsqueryTablesSystemSystemtable)
       darwin/smbios_tables.cpp
       darwin/smc_keys.cpp
       darwin/startup_items.cpp
-      darwin/sysctl_utils.cpp
       darwin/system_extensions.mm
       darwin/system_info.cpp
       darwin/time_machine.cpp
@@ -326,7 +323,6 @@ function(generateOsqueryTablesSystemSystemtable)
       posix/shell_history.h
       posix/ssh_keys.h
       posix/sudoers.h
-      posix/sysctl_utils.h
       posix/last.h
       posix/openssl_utils.h
       posix/authorized_keys.h
diff --git a/specs/CMakeLists.txt b/specs/CMakeLists.txt
--- a/specs/CMakeLists.txt
+++ b/specs/CMakeLists.txt
@@ -246,7 +246,6 @@ function(generateNativeTables)
     "posix/socket_events.table:linux,macos"
     "posix/sudoers.table:linux,macos,freebsd"
     "posix/suid_bin.table:linux,macos,freebsd"
-    "posix/system_controls.table:linux,macos,freebsd"
     "posix/ulimit_info.table:linux,macos,freebsd"
     "posix/usb_devices.table:linux,macos"
     "posix/user_events.table:linux,macos,freebsd"
diff --git a/specs/posix/system_controls.table b/specs/posix/system_controls.table
deleted file mode 100644
--- a/specs/posix/system_controls.table
+++ /dev/null
@@ -1,21 +0,0 @@
-table_name("system_controls")
-description("sysctl names, values, and settings information.")
-schema([
-    Column("name", TEXT, "Full sysctl MIB name", index=True),
-    Column("oid", TEXT, "Control MIB", additional=True),
-    Column("subsystem", TEXT, "Subsystem ID, control type", additional=True),
-    Column("current_value", TEXT, "Value of setting"),
-    Column("config_value", TEXT, "The MIB value set in /etc/sysctl.conf"),
-    Column("type", TEXT, "Data type"),
-])
-extended_schema(DARWIN, [
-    Column("field_name", TEXT, "Specific attribute of opaque type"),
-])
-
-implementation("system_controls@genSystemControls")
-fuzz_paths([
-    "/run/sysctl.d/",
-    "/usr/lib/sysctl.d/",
-    "/lib/sysctl.d/",
-    "/sys"
-])
diff --git a/tests/integration/tables/system_controls.cpp b/tests/integration/tables/system_controls.cpp
deleted file mode 100644
--- a/tests/integration/tables/system_controls.cpp
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Copyright (c) 2014-present, The osquery authors
- *
- * This source code is licensed as defined by the LICENSE file found in the
- * root directory of this source tree.
- *
- * SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
- */
-
-// Sanity check integration test for system_controls
-// Spec file: specs/posix/system_controls.table
-
-#include <osquery/tests/integration/tables/helper.h>
-
-namespace osquery {
-namespace table_tests {
-namespace {
-
-class SystemControlsTest : public testing::Test {
- protected:
-  void SetUp() override {
-    setUpEnvironment();
-  }
-};
-
-TEST_F(SystemControlsTest, test_sanity) {
-  auto const rows = execute_query("select * from system_controls");
-  auto const row_map = ValidationMap{
-      {"name", NonEmptyString},
-      {"oid", NormalType},
-      {"subsystem",
-       SpecificValuesCheck{"",
-                           "abi",
-                           "debug",
-                           "dev",
-                           "fs",
-                           "fscache",
-                           "hw",
-                           "kern",
-                           "kernel",
-                           "machdep",
-                           "net",
-                           "sunrpc",
-                           "user",
-                           "vfs",
-                           "vm"}},
-      {"current_value", NormalType},
-      {"config_value", NormalType},
-      {"type",
-       SpecificValuesCheck{
-           "", "node", "int", "string", "quad", "opaque", "struct"}},
-#ifdef __APPLE__
-      {"field_name", NormalType},
-#endif
-  };
-  validate_rows(rows, row_map);
-}
-
-} // namespace
-} // namespace table_tests
-} // namespace osquery
-- 
2.38.1