Diffusion FreeBSD src repository a9545eede43b

Add idle priority scheduling privilege group to MAC/priority
a9545eede43b
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

Add idle priority scheduling privilege group to MAC/priority

Add an idletime user group that allows non-root users to run processes
with idle scheduling priority. Privileges are granted by a MAC policy in
the mac_priority module. For this purpose, the kernel privilege
PRIV_SCHED_IDPRIO was added to sys/priv.h (kernel module ABI change).

Deprecate the system wide sysctl(8) knob
security.bsd.unprivileged_idprio which lets any user run idle priority
processes, regardless of context. While the knob is still working, it is
marked as deprecated in the description and in the man pages.

MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D33338

Details

Provenance

dev_submerge.ch	Authored on Dec 10 2021, 1:35 AM
kib	Committed on Dec 10 2021, 2:54 AM

Differential Revision

D33338: Add idle priority scheduling privilege group to MAC/priority.

Parents

rGa20a2450cd5f: Add PRIV_SCHED_IDPRIO

Branches

Unknown

Tags

Unknown

Event Timeline

kib committed rGa9545eede43b: Add idle priority scheduling privilege group to MAC/priority (authored by dev_submerge.ch).Dec 10 2021, 2:54 AM

kib added an edge: D33338: Add idle priority scheduling privilege group to MAC/priority..Dec 10 2021, 2:56 AM

kib mentioned this in rG30c3a5f24825: Add idle priority scheduling privilege group to MAC/priority.Dec 19 2021, 2:45 AM

Changes (7)

Path

Size

etc/

lib/

libc/

sys/

share/

man/

man4/

sys/

kern/

kern_resource.c

security/

mac_priority/

sys/

usr.sbin/

rtprio/

rGa9545eede43b

etc/group

Loading...

lib/libc/sys/rtprio.2

Loading...

share/man/man4/mac_priority.4

Loading...

sys/kern/kern_resource.c

Loading...

sys/security/mac_priority/mac_priority.c

Loading...

sys/sys/conf.h

Loading...

usr.sbin/rtprio/rtprio.1

Loading...