Change Details

Add an `idletime` user group that allows non-root users to run processes with idle scheduling priority. Privileges are granted by a MAC policy in the `mac_priority` module. For this purpose, the kernel privilege `PRIV_SCHED_IDPRIO` was added to `sys/priv.h` (kernel module ABI change). Deprecate the system wide sysctl(8) knob `security.bsd.unprivileged_idprio` which lets any user run idle priority processes, regardless of context. While the knob is still working, it is marked as deprecated in the description and removed from the man pages.

Add an `idletime` user group that allows non-root users to run processes with idle scheduling priority. Privileges are granted by a MAC policy in the `mac_priority` module. For this purpose, the kernel privilege `PRIV_SCHED_IDPRIO` was added to `sys/priv.h` (kernel module ABI change). Deprecate the system wide sysctl(8) knob `security.bsd.unprivileged_idprio` which lets any user run idle priority processes, regardless of context. While the knob is still working, it is marked as deprecated in the description and in the man pages.

Add an `idletime` user group that allows non-root users to run processes with idle scheduling priority. Privileges are granted by a MAC policy in the `mac_priority` module. For this purpose, the kernel privilege `PRIV_SCHED_IDPRIO` was added to `sys/priv.h` (kernel module ABI change). Deprecate the system wide sysctl(8) knob `security.bsd.unprivileged_idprio` which lets any user run idle priority processes, regardless of context. While the knob is still working, it is marked as deprecated in the description and removed fromin the man pages.