DataDog · matt-dz · Mar 26, 2026 · Mar 25, 2026 · Mar 25, 2026 · Mar 25, 2026
@@ -31,6 +31,7 @@ Blocked features are rejected before execution with exit code 2.
 - ✅ `test EXPRESSION` / `[ EXPRESSION ]` — evaluate conditional expression (file tests, string/integer comparison, logical operators)
 - ✅ `tr [-cdsCt] SET1 [SET2]` — translate, squeeze, and/or delete characters from stdin
 - ✅ `true` — return exit code 0
+- ✅ `uname [-asnrvm]` — print system information (Linux only; reads from `/proc/sys/kernel/`, respects `--proc-path`)
 - ✅ `uniq [OPTION]... [INPUT]` — report or omit repeated lines
 - ✅ `wc [-l] [-w] [-c] [-m] [-L] [FILE]...` — count lines, words, bytes, characters, or max line length
 - ❌ All other commands — return exit code 127 with `<cmd>: not found` unless an ExecHandler is configured

@@ -278,6 +278,11 @@ var builtinPerCommandSymbols = map[string][]string{
 	"true": {
 		"context.Context", // 🟢 deadline/cancellation plumbing; pure interface, no side effects.
 	},
+	"uname": {
+		"context.Context", // 🟢 deadline/cancellation plumbing; pure interface, no side effects.
+		"runtime.GOOS",    // 🟢 current OS name constant; pure constant, no I/O.
+		"strings.Join",    // 🟢 joins string slices; pure function, no I/O.
+	},
 	"uniq": {
 		"bufio.NewScanner",  // 🟢 line-by-line input reading (e.g. head, cat); no write or exec capability.
 		"bufio.SplitFunc",   // 🟢 type for custom scanner split functions; pure type, no I/O.

@@ -56,6 +56,20 @@ var internalPerPackageSymbols = map[string][]string{
 	"procpath": {
 		// No stdlib symbols needed — this package only defines a string constant.
 	},
+	"procsyskernel": {
+		"fmt.Errorf",          // 🟢 error formatting; pure function, no I/O.
+		"io.LimitReader",      // 🟢 wraps a reader with a byte cap; pure wrapper, no I/O by itself.
+		"io.ReadAll",          // 🟠 reads all data from a reader; bounded by io.LimitReader.
+		"os.ModeCharDevice",   // 🟢 file mode constant; pure constant.
+		"os.O_RDONLY",         // 🟢 read-only file flag; pure constant.
+		"os.OpenFile",         // 🟠 opens kernel pseudo-files for reading; bypasses AllowedPaths by design.
+		"path/filepath.Base",  // 🟢 returns the last element of a path; validates name is a plain basename.
+		"path/filepath.Clean", // 🟢 normalises path before use; pure function, no I/O.
+		"path/filepath.Join",  // 🟢 joins path elements; pure function, no I/O.
+		"strings.Contains",    // 🟢 checks for ".." traversal in procPath; pure function, no I/O.
+		"strings.TrimRight",   // 🟢 trims trailing characters; pure function, no I/O.
+		"syscall.O_NONBLOCK",  // 🟢 non-blocking open flag; prevents FIFO hang. Pure constant.
+	},
 	"procnetroute": {
 		"bufio.NewScanner", // 🟢 line-by-line reading of /proc/net/route; no write capability.
 		"github.com/DataDog/rshell/builtins/internal/procpath.Default", // 🟢 canonical /proc filesystem root path constant; pure constant, no I/O.
@@ -128,11 +142,17 @@ var internalAllowedSymbols = []string{
 	"fmt.Errorf",                            // 🟢 error formatting; pure function, no I/O.
 	"os.ErrNotExist",                        // 🟢 procinfo: sentinel error value indicating a file or directory does not exist; read-only constant, no I/O.
 	"fmt.Sprintf",                           // 🟢 string formatting; pure function, no I/O.
+	"io.LimitReader",                        // 🟢 procsyskernel: wraps a reader with a byte cap; pure wrapper, no I/O by itself.
+	"io.ReadAll",                            // 🟠 procsyskernel: reads all data from a bounded reader; used with LimitReader for 4KiB cap.
 	"os.Getpid",                             // 🟠 procinfo: returns the current process ID; read-only, no side effects.
+	"os.ModeCharDevice",                     // 🟢 procsyskernel: file mode constant for char device detection; pure constant.
+	"os.O_RDONLY",                           // 🟢 procsyskernel: read-only open flag; pure constant.
 	"os.Open",                               // 🟠 procinfo: opens a file read-only; needed to stream /proc/stat line-by-line.
+	"os.OpenFile",                           // 🟠 procsyskernel: opens kernel pseudo-files with O_NONBLOCK; bypasses AllowedPaths by design.
 	"os.ReadDir",                            // 🟠 procinfo: reads a directory listing; needed to enumerate /proc entries.
 	"os.ReadFile",                           // 🟠 procinfo: reads a whole file; needed to read /proc/[pid]/{stat,cmdline,status}.
 	"os.Stat",                               // 🟠 procinfo: validates that the proc path exists before enumeration; read-only metadata, no write capability.
+	"path/filepath.Base",                    // 🟢 procsyskernel: returns the last element of a path; validates name is a plain basename.
 	"path/filepath.Clean",                   // 🟢 procnetroute/procnetsocket: normalises procPath before ".." safety check; pure function, no I/O.
 	"path/filepath.Join",                    // 🟢 procinfo: joins path elements to construct /proc/<pid>/stat paths; pure function, no I/O.
 	"strconv.Atoi",                          // 🟢 string-to-int conversion; pure function, no I/O.
@@ -153,6 +173,7 @@ var internalAllowedSymbols = []string{
 	"strings.TrimSpace",                     // 🟢 procinfo: removes leading/trailing whitespace; pure function, no I/O.
 	"syscall.Errno",                         // 🟢 winnet: wraps DLL return code as an error type; pure type, no I/O.
 	"syscall.Getsid",                        // 🟠 procinfo: returns the session ID of a process; read-only syscall, no write/exec.
+	"syscall.O_NONBLOCK",                    // 🟢 procsyskernel: non-blocking open flag to prevent FIFO hang; pure constant.
 	"syscall.MustLoadDLL",                   // 🔴 winnet: loads iphlpapi.dll once at program init; read-only OS loader call.
 	"syscall.Proc",                          // 🟢 winnet: DLL procedure handle type used in function signature; pure type, no I/O.
 	"time.Now",                              // 🟠 procinfo: returns the current wall-clock time; read-only, no side effects.

@@ -0,0 +1,72 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2026-present Datadog, Inc.
+
+// Package procsyskernel reads Linux kernel information from /proc/sys/kernel/.
+//
+// This package is in builtins/internal/ and is therefore exempt from the
+// builtinAllowedSymbols allowlist check. It may use OS-specific APIs freely.
+//
+// # Sandbox bypass
+//
+// ReadFile intentionally bypasses the AllowedPaths sandbox (callCtx.OpenFile)
+// and calls os.OpenFile directly. This is safe because procPath is always a
+// kernel-managed pseudo-filesystem root (/proc by default) that is hardcoded
+// by the caller — it is never derived from user-supplied input and cannot be
+// redirected by a shell script. The caller is responsible for ensuring that
+// procPath remains a safe, non-user-controlled path.
+package procsyskernel
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+)
+
+// ReadFile reads a single-line value from a /proc/sys/kernel/ pseudo-file.
+// name is the filename (e.g. "ostype", "hostname"). procPath is the base
+// proc path (e.g. "/proc" or "/host/proc").
+//
+// The file is opened with O_NONBLOCK to prevent blocking on FIFOs, then
+// validated via fstat to reject non-regular files. Reads are bounded to
+// 4 KiB. The returned value is trimmed of trailing whitespace.
+func ReadFile(procPath, name string) (string, error) {
+	// Defence-in-depth: reject ".." in the original path before Clean
+	// so traversal like "/proc/../etc/passwd" is caught. Matches the
+	// equivalent guard in procnetroute and procnetsocket.
+	if strings.Contains(procPath, "..") {
+		return "", fmt.Errorf("procsyskernel: unsafe procPath %q (must not contain \"..\" components)", procPath)
+	}
+	// Reject path components in name — must be a plain basename (e.g. "ostype").
+	if name != filepath.Base(name) || strings.Contains(name, "..") {
+		return "", fmt.Errorf("procsyskernel: unsafe name %q (must be a plain filename)", name)
+	}
+	path := filepath.Join(filepath.Clean(procPath), "sys", "kernel", name)
+	// Open with O_NONBLOCK to prevent blocking on FIFOs, then validate
+	// the file type via fstat on the opened fd. This is atomic — no
+	// TOCTOU gap between type check and open.
+	f, err := os.OpenFile(path, os.O_RDONLY|syscall.O_NONBLOCK, 0)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+	info, err := f.Stat()
+	if err != nil {
+		return "", err
+	}
+	if !info.Mode().IsRegular() && info.Mode().Type()&os.ModeCharDevice == 0 {
+		// Allow regular files and char devices (proc pseudo-files appear as
+		// char devices on some configurations). Reject FIFOs, sockets, etc.
+		return "", fmt.Errorf("not a regular file: %s", path)
+	}
+	// Proc kernel files are tiny single-line values. Cap at 4 KiB.
+	data, err := io.ReadAll(io.LimitReader(f, 4096))
+	if err != nil {
+		return "", err
+	}
+	return strings.TrimRight(string(data), " \t\r\n"), nil
+}
@@ -9,6 +9,7 @@ import (
 	"context"
 
 	"github.com/DataDog/rshell/builtins/internal/procinfo"
+	"github.com/DataDog/rshell/builtins/internal/procsyskernel"
 )
 
 // ProcProvider gives builtins controlled access to the proc filesystem.
@@ -26,6 +27,11 @@ func NewProcProvider(path string) *ProcProvider {
 	return &ProcProvider{path: path}
 }
 
+// ProcPath returns the configured proc filesystem path (e.g. "/proc" or "/host/proc").
+func (p *ProcProvider) ProcPath() string {
+	return p.path
+}
+
 // ListAll returns all running processes.
 func (p *ProcProvider) ListAll(ctx context.Context) ([]procinfo.ProcInfo, error) {
 	return procinfo.ListAll(ctx, p.path)
@@ -40,3 +46,10 @@ func (p *ProcProvider) GetSession(ctx context.Context) ([]procinfo.ProcInfo, err
 func (p *ProcProvider) GetByPIDs(ctx context.Context, pids []int) ([]procinfo.ProcInfo, error) {
 	return procinfo.GetByPIDs(ctx, p.path, pids)
 }
+
+// ReadKernelFile reads a single-line value from a /proc/sys/kernel/ pseudo-file.
+// name is the filename relative to sys/kernel/ (e.g. "ostype", "hostname").
+// The returned value is trimmed of trailing whitespace.
+func (p *ProcProvider) ReadKernelFile(name string) (string, error) {
+	return procsyskernel.ReadFile(p.path, name)
+}