# First, write to an entry of /proc/sys. It should work fine.

r0 = openat$tcp_congestion(AUTO, &AUTO='/proc/sys/net/ipv4/tcp_congestion_control', AUTO, AUTO)

r1 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO)

# Now, load a BPF_PROG_TYPE_CGROUP_SYSCTL that simply returns 0, which will block all writes to /proc/sys

r2 = bpf$PROG_LOAD(AUTO, &AUTO={0x17, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], {AUTO, AUTO, AUTO, AUTO}}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

r3 = openat(0xffffffffffffff9c, &AUTO='./cgroup\x00', 0x0, 0x0)

r4 = bpf$BPF_PROG_ATTACH(AUTO, &AUTO={@cgroup=r3, r2, 0x12, 0x0, 0x0}, AUTO)

# It should fail now.

r5 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO) # EPERM

# Detach the BPF program.

r6 = bpf$BPF_PROG_DETACH(AUTO, &AUTO={@cgroup=r3, r2, 0x12, 0x0}, AUTO)

# It should work again.

r7 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO)