From nobody Thu Feb  1 21:26:15 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TQsQv5WkVz58hMP;
	Thu,  1 Feb 2024 21:26:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TQsQv3fSGz4WRL;
	Thu,  1 Feb 2024 21:26:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1706822775;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kt/AwLfKMqlCSrHC9EoBhACw1HMVOxk+zj4sBjXfQos=;
	b=fSWHswQ629G/KEYdJvMYIoyAuCJAySxamhYK1Uk4NhYw+Y/hMHwOvvf1lIWt3ZhU3rY8h4
	gn5auwjiwPbJfQ9sqGyBrPdAeMZr7K26FImWQE+GFVFCL6VSGcgsDTB9PA1uYlu5ykRq6C
	QPnFBja6xUyqyy1PZyUHGq4nD/tiyYwW+5Yt1WvXTGOpLCx1tZYPfGr0zd1PMl8vSP8kIa
	8e5ilv6TQkFyit+ZZD2kqCyS1y5WZDym3T8eakmzS1r1K7BzChxiIowCPrE3OvxKXs7iv6
	+8Mufsat+9xrUG8xydVNr6VathMbWyqiHCHzdYnddF0IMlaEoAtFwgwG9LrfpQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1706822775;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kt/AwLfKMqlCSrHC9EoBhACw1HMVOxk+zj4sBjXfQos=;
	b=mC+1B+zfZIROr8IRgnDgCBiJZPlH5OcDloTZZODJDzRjucghfLVl3yUW1HeFUlHxyWJ4hR
	QQ2WElT4x93fX6IFIVLbvH2Xdc2xj6Wf89PypreGpSvtAWQQ4WAjdwWE1YezHCwXmF9ALo
	IfcbXZVtD3VzgZlLv90Km44yKoniy7NIwBb3DQiY3f/yTEgtvbZXmRVFBwis0tP9qWjwie
	czLzCBve2So475ZqSvwlIFu0I8Ht1QyuezrIj/OUfy61K/hK1kVKhJv90moUFJIHCz2+pJ
	ls8s9JNJ15qNWVRAZ8m/zmSP6564PMFgU4w1hlK0ToryASZT9py6m65MGzRPXQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706822775; a=rsa-sha256; cv=none;
	b=r28W+fmwn8pfKccuGkEgyMiJrJH8Ou4F1ejYYqqZqkXsq71qX4eAlb0Xq5nWufHS9mUYTq
	/eHLawuskkN2cX4rRgQ9rl7fkv4DT07vrLA/SA6CEVlSlg4I90Dmz+/vOxJo/sGxUOee/m
	X7BZNXUP669X+7JjnS4pYy2GMG9gGgu3SHptsHYJRnG0SKmUUX9Q3zA/w58XEZzTHL5Pos
	HczF/U4m0j8+8t9NV7uh5d09MD+dHP18Kway54jNBUVQhD9Ox912cIWr3fV0FZJlleNSsL
	1yyqih+ARXyAZWDVUrom3flU6AoFunlLC6mp6FS01zNecnZruABlCht7YLiw8Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TQsQv2lhvz1HgT;
	Thu,  1 Feb 2024 21:26:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 411LQFdk070785;
	Thu, 1 Feb 2024 21:26:15 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 411LQFer070782;
	Thu, 1 Feb 2024 21:26:15 GMT
	(envelope-from git)
Date: Thu, 1 Feb 2024 21:26:15 GMT
Message-Id: <202402012126.411LQFer070782@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 8b359002747a - stable/13 - setusercontext(): Set
  priority from '~/.login_conf' as well
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 8b359002747a3ce84414fb64a9b89eab20ab7c25
Auto-Submitted: auto-generated

The branch stable/13 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=8b359002747a3ce84414fb64a9b89eab20ab7c25

commit 8b359002747a3ce84414fb64a9b89eab20ab7c25
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2023-05-30 15:14:50 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-02-01 21:24:13 +0000

    setusercontext(): Set priority from '~/.login_conf' as well
    
    Setting the process priority is done only when the current process'
    effective UID corresponds to that for which context is to be set.
    Consequently, setting priority is done with appropriate credentials and
    will fail if the target user tries to raise it unduly via his
    '~/.login_conf'.
    
    PR:                     271751
    Reviewed by:            kib, Andrew Gierth <andrew_tao173.riddles.org.uk>
    Approved by:            emaste (mentor)
    MFC after:              3 days
    Relnotes:               yes
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40352
    
    (cherry picked from commit f2a0277d3e51a6a839151eef17f466d0db2b7300)
    
    Approved by:            markj (mentor)
---
 lib/libutil/login_class.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
index f545e3661520..b4e52951bf9c 100644
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -622,6 +622,8 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
      */
     if (geteuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
 	setlogincontext(lc, pwd, flags);
+	if (flags & LOGIN_SETPRIORITY)
+	    setclasspriority(lc, pwd);
 	login_close(lc);
     }