A couple of comments,
> - while ((ch = getopt(argc, argv, "Aanqw")) != -1) {
> + while ((ch = getopt(argc, argv, "Aanpqw")) != -1) {
The use of -p as the flag seems a bit odd, -f would be my instinctive
choice - though it does match one of the three possibliities in Linux'
sysctl(8).
FreeBSD has this functionality under -f with a non-optional filename.
Linux has the same thing under all of -f, -p and --load (why?!) with
an optional filename defaulting to /etc/sysctl.conf.
At this point it might make sense to pause for more feedback to see if
there are objections before spending more time coding, OpenBSD is
often quite conservative about adding options to standard tools.
> + if(unveil(SYSCTL_CONF, "r") == -1 && errno != ENOENT)
> + err(1, "unveil /etc/sysctl.conf");
It would make more sense to use the macro in the error message as
well, though if this does go in, matching other OS' ability to use
a different filename would make more sense.
> + while(fgets(line, SYSCTL_BUFSIZ, file) != NULL) {
> + /* Ignore comments */
> + if (strncmp(line, "#", 1) == 0)
> + continue;
The existing format allows # in the middle of a line, and (especially
in conjunction with this) there maybe spaces which need trimming.
FreeBSD's implementation handles those (with extra bits to avoid
trimming # inside quotes).
