From nobody Tue Feb 20 08:28:00 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TfCG86DQLz5BdZQ; Tue, 20 Feb 2024 08:28:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TfCG83C6yz4ZJ7; Tue, 20 Feb 2024 08:28:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708417680; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/D6snvRAIZUrexrSuDcTsbCPSTUWLnKFAdgoZ+R5bZE=; b=nXMvmut+Tm1ZDrjQksZBOmODKFsCHGQP/gYOntoYyIovfmSc5GMNJQ0r5rJQpDbv0UMXOc mdv2fQLQ4qmeWLzl1YUp6sV23CGJijGqaCJF7XrS/3HAthZEuB+vkY1EnKg7MUf72ogEXt iorYdbtEkWYUAMMmszT9Eu7svPjFQ1WUmkNjZlj4AbzrVvvkqG80pGTo0iPDEDVV8Rmmpo 3OHvVfZiO21KTfI8ShakM6NErsXguAHwvGPVc6eTYVtE+xW8AqhD7xTd99P+IC23WDIUrG rECTT/XbGJYBwwfcgDgam52GeBGrFH04R0RNMPySfstBXyk9gsnRZBB2jEdgeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708417680; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/D6snvRAIZUrexrSuDcTsbCPSTUWLnKFAdgoZ+R5bZE=; b=FhHRHFvSfpNtUZXPnJLhWqPWySqmLFjVWNYtg6Fj+4Pu5ggjpKqEQi3kmj9o5dRZkWXtxf 8Rr8sjseH5b80k11WAxMOCzCXzsikr8ukZSLOEhPFEGsHsY4vl4ZvTW1hlb01zL1hYN6b1 ukP7PnbIS+hksXzpgg4I/Ez8l7qhhZorM7FJCcrf7oGiuZAkOqWk6wrtzNWI+KsTlF2kY/ i3KUjqxKUdnY5BkJVCjCkZo78vdpHZnzogFKQy51iVY3m7onRgeLVML8voFMzTMilkRk5Q 6rBdCPHCpfCZXJGyi0mKZ6qcZ6Se6fY6x74NyPSps7o8BPwP9pUa8rolC8GMoA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708417680; a=rsa-sha256; cv=none; b=bEooa1KRg1Dr5yWJgu8LPrFQRf4KxmkTZTBKfRy1bG4c83CUMpFqrwPTaxE7+MAWpZ4Dvq Rjh+7wEP8M+lGEyCvE8AGpRs2UV6U1wNk/muCYTuIwEAe6K19TVCTMNz0JXkMEtHaa+1qo YZxcjnPz0ZeIAPAkwg9QmgULVE9P881PzSJL2Tbs38KCHgNR9VpYuSA8u1u0lJHe87/PAd MadpOqR/YHQpbCnD1ze3aOsHdzXsRmes41Ja4jaA5eJV6bNyJGfUPHx955C7wa5hvmKtx/ 6kcBAxJCF38MV7+NsnslJAttRDDqV4sJAbMk+7pEdO2dUHkwlpL7AaRIt59ZPQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TfCG82Fxrz19ks; Tue, 20 Feb 2024 08:28:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41K8S0wu081276; Tue, 20 Feb 2024 08:28:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41K8S0Rq081273; Tue, 20 Feb 2024 08:28:00 GMT (envelope-from git) Date: Tue, 20 Feb 2024 08:28:00 GMT Message-Id: <202402200828.41K8S0Rq081273@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 0f0bf1e880c6 - stable/14 - sched_setscheduler(2): Change realtime privilege check List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 0f0bf1e880c6854859a6e8c2ad97b46a688ee025 Auto-Submitted: auto-generated The branch stable/14 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=0f0bf1e880c6854859a6e8c2ad97b46a688ee025 commit 0f0bf1e880c6854859a6e8c2ad97b46a688ee025 Author: Florian Walpen AuthorDate: 2024-02-14 13:50:44 +0000 Commit: Olivier Certner CommitDate: 2024-02-20 08:27:08 +0000 sched_setscheduler(2): Change realtime privilege check Check for privilege PRIV_SCHED_SETPOLICY instead of PRIV_SCHED_SET, to at least make it coherent with what is done at thread creation when a realtime policy is requested, and have users authorized by mac_priority(4) pass it. This change is good enough in practice since it only allows 'root' (as before) and mac_priority(4)'s authorized users in (the point of this change), without other side effects. More changes in this area, to generally ensure that all privilege checks are consistent, are going to come as olce's priority revamp project lands. (olce: Expanded the explanations.) PR: 276962 Reported by: jbeich Reviewed by: olce Approved by: emaste (mentor) MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D43835 (cherry picked from commit 2198221bd9df0ceb69945120bc477309a5729241) Approved by: markj (mentor) --- sys/kern/p1003_1b.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/kern/p1003_1b.c b/sys/kern/p1003_1b.c index 21c9e3a27039..6259f7092487 100644 --- a/sys/kern/p1003_1b.c +++ b/sys/kern/p1003_1b.c @@ -233,8 +233,8 @@ kern_sched_setscheduler(struct thread *td, struct thread *targettd, targetp = targettd->td_proc; PROC_LOCK_ASSERT(targetp, MA_OWNED); - /* Don't allow non root user to set a scheduler policy. */ - error = priv_check(td, PRIV_SCHED_SET); + /* Only privileged users are allowed to set a scheduler policy. */ + error = priv_check(td, PRIV_SCHED_SETPOLICY); if (error) return (error);