diff --git a/etc/group b/etc/group --- a/etc/group +++ b/etc/group @@ -19,6 +19,7 @@ guest:*:31: video:*:44: realtime:*:47: +idletime:*:48: bind:*:53: unbound:*:59: proxy:*:62: diff --git a/lib/libc/sys/rtprio.2 b/lib/libc/sys/rtprio.2 --- a/lib/libc/sys/rtprio.2 +++ b/lib/libc/sys/rtprio.2 @@ -53,7 +53,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 29, 2021 +.Dd December 8, 2021 .Dt RTPRIO 2 .Os .Sh NAME @@ -167,19 +167,19 @@ .Fa prio was out of range. .It Bq Er EPERM -The calling thread is not allowed to set the realtime priority. +The calling thread is not allowed to set the priority. Only -root is allowed to change the realtime priority of any thread, -exceptional privileges can be granted through the +root is allowed to change the realtime or idle priority of any thread. +Exceptional privileges can be granted through the .Xr mac_priority 4 -policy and the realtime user group. -Non-root -may only change the idle priority of threads the user owns, -when the +policy and the realtime and idletime user groups. +The .Xr sysctl 8 variable .Va security.bsd.unprivileged_idprio -is set to non-zero. +is deprecated. +If set to non-zero, it lets any user change the idle priority of threads +they own. .It Bq Er ESRCH The specified process or thread was not found or visible. .El diff --git a/share/man/man4/mac_priority.4 b/share/man/man4/mac_priority.4 --- a/share/man/man4/mac_priority.4 +++ b/share/man/man4/mac_priority.4 @@ -21,7 +21,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd November 29, 2021 +.Dd December 7, 2021 .Dt MAC_PRIORITY 4 .Os .Sh NAME @@ -56,6 +56,10 @@ .Sq realtime (gid 47) are allowed to run threads and processes with realtime scheduling priority. +Users or processes in the group +.Sq idletime +(gid 48) are allowed to run threads and processes with idle scheduling +priority. .Pp With the .Nm @@ -66,11 +70,22 @@ priority through the .Xr rtprio 2 system calls. +.Pp +When the idletime policy is active, privileged users may use the +.Xr idprio 1 +utility to start processes with idle priority. +Privileged applications can demote threads and processes to idle +priority through the +.Xr rtprio 2 +system calls. .Ss Privileges Granted -The kernel privilege granted to any process running -with the configured realtime group gid is: -.Bl -inset -compact -offset indent +The kernel privileges granted to any process running +with the corresponding group gid is: +.Bl -tag -width ".Dv PRIV_SCHED_RTPRIO" -offset indent .It Dv PRIV_SCHED_RTPRIO +If it is a member of the realtime group. +.It Dv PRIV_SCHED_IDPRIO +If it is a member of the idletime group. .El .Ss Runtime Configuration The following @@ -89,8 +104,15 @@ .It Va security.mac.priority.realtime_gid The numeric gid of the realtime group. (Default: 47). +.It Va security.mac.priority.idletime +Enable the idletime policy. +(Default: 1). +.It Va security.mac.priority.idletime_gid +The numeric gid of the idletime group. +(Default: 48). .El .Sh SEE ALSO +.Xr idprio 1 , .Xr rtprio 1 , .Xr rtprio 2 , .Xr mac 4 diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c --- a/sys/kern/kern_resource.c +++ b/sys/kern/kern_resource.c @@ -284,7 +284,8 @@ static int unprivileged_idprio; SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_idprio, CTLFLAG_RW, - &unprivileged_idprio, 0, "Allow non-root users to set an idle priority"); + &unprivileged_idprio, 0, + "Allow non-root users to set an idle priority (deprecated)"); /* * Set realtime priority for LWP. @@ -350,13 +351,13 @@ * easier to lock a resource indefinitely, but it is not the * only thing that makes it possible. */ - if (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_REALTIME || - (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_IDLE && - unprivileged_idprio == 0)) { - error = priv_check(td, PRIV_SCHED_RTPRIO); - if (error) - break; - } + if (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_REALTIME && + (error = priv_check(td, PRIV_SCHED_RTPRIO)) != 0) + break; + if (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_IDLE && + unprivileged_idprio == 0 && + (error = priv_check(td, PRIV_SCHED_IDPRIO)) != 0) + break; error = rtp_to_pri(&rtp, td1); break; default: @@ -440,13 +441,13 @@ * See the comment in sys_rtprio_thread about idprio * threads holding a lock. */ - if (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_REALTIME || - (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_IDLE && - !unprivileged_idprio)) { - error = priv_check(td, PRIV_SCHED_RTPRIO); - if (error) - break; - } + if (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_REALTIME && + (error = priv_check(td, PRIV_SCHED_RTPRIO)) != 0) + break; + if (RTP_PRIO_BASE(rtp.type) == RTP_PRIO_IDLE && + unprivileged_idprio == 0 && + (error = priv_check(td, PRIV_SCHED_IDPRIO)) != 0) + break; /* * If we are setting our own priority, set just our diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1975,6 +1975,7 @@ case PRIV_SCHED_SETPOLICY: case PRIV_SCHED_SET: case PRIV_SCHED_SETPARAM: + case PRIV_SCHED_IDPRIO: /* * More IPC privileges. diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1743,6 +1743,7 @@ case PRIV_SCHED_SETPOLICY: case PRIV_SCHED_SET: case PRIV_SCHED_SETPARAM: + case PRIV_SCHED_IDPRIO: /* * More IPC privileges. diff --git a/sys/security/mac_priority/mac_priority.c b/sys/security/mac_priority/mac_priority.c --- a/sys/security/mac_priority/mac_priority.c +++ b/sys/security/mac_priority/mac_priority.c @@ -44,19 +44,34 @@ static int realtime_enabled = 1; SYSCTL_INT(_security_mac_priority, OID_AUTO, realtime, CTLFLAG_RWTUN, &realtime_enabled, 0, - "Enable realtime policy for group realtime_gid"); + "Enable realtime priority scheduling for group realtime_gid"); static int realtime_gid = GID_RT_PRIO; SYSCTL_INT(_security_mac_priority, OID_AUTO, realtime_gid, CTLFLAG_RWTUN, &realtime_gid, 0, "Group id of the realtime privilege group"); +static int idletime_enabled = 1; +SYSCTL_INT(_security_mac_priority, OID_AUTO, idletime, CTLFLAG_RWTUN, + &idletime_enabled, 0, + "Enable idle priority scheduling for group idletime_gid"); + +static int idletime_gid = GID_ID_PRIO; +SYSCTL_INT(_security_mac_priority, OID_AUTO, idletime_gid, CTLFLAG_RWTUN, + &idletime_gid, 0, + "Group id of the idletime privilege group"); + static int priority_priv_grant(struct ucred *cred, int priv) { if (priv == PRIV_SCHED_RTPRIO && realtime_enabled && groupmember(realtime_gid, cred)) return (0); + + if (priv == PRIV_SCHED_IDPRIO && idletime_enabled && + groupmember(idletime_gid, cred)) + return (0); + return (EPERM); } diff --git a/sys/sys/conf.h b/sys/sys/conf.h --- a/sys/sys/conf.h +++ b/sys/sys/conf.h @@ -160,6 +160,7 @@ #define GID_GAMES 13 #define GID_VIDEO 44 #define GID_RT_PRIO 47 +#define GID_ID_PRIO 48 #define GID_DIALER 68 #define GID_NOGROUP 65533 #define GID_NOBODY 65534 diff --git a/sys/sys/priv.h b/sys/sys/priv.h --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -192,6 +192,7 @@ #define PRIV_SCHED_SETPARAM 205 /* Can set thread scheduler params. */ #define PRIV_SCHED_CPUSET 206 /* Can manipulate cpusets. */ #define PRIV_SCHED_CPUSET_INTR 207 /* Can adjust IRQ to CPU binding. */ +#define PRIV_SCHED_IDPRIO 208 /* Can set idle time scheduling. */ /* * POSIX semaphore privileges. diff --git a/usr.sbin/rtprio/rtprio.1 b/usr.sbin/rtprio/rtprio.1 --- a/usr.sbin/rtprio/rtprio.1 +++ b/usr.sbin/rtprio/rtprio.1 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 29, 2021 +.Dd December 8, 2021 .Dt RTPRIO 1 .Os .Sh NAME @@ -115,13 +115,16 @@ Only root is allowed to set realtime or idle priority for a process. Exceptional privileges can be granted through the .Xr mac_priority 4 -policy and the realtime user group. -A user may modify the idle priority of their own processes if the +policy and the realtime and idletime user groups. +The .Xr sysctl 8 variable .Va security.bsd.unprivileged_idprio -is set to non-zero. -Note that this increases the chance that a deadlock can occur +is deprecated. +If set to non-zero, it lets any user modify the idle priority of processes +they own. +.Pp +Note that idle priority increases the chance that a deadlock can occur if a process locks a required resource and then does not get to run. .Sh EXIT STATUS