From nobody Wed Feb 14 14:25:34 2024 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TZgTV3pRYz5B0bx for ; Wed, 14 Feb 2024 14:25:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TZgTV2kvkz4rBK for ; Wed, 14 Feb 2024 14:25:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1707920734; a=rsa-sha256; cv=none; b=n8YEP3o+y51u7p7g4bbXv17e1N3dAd443I5aCZw0ed4Ai9JGxelQbSwoZ//7YnSKByWM8Y ORxYXhq/BhdIgafAH0sMNxualxAq2cKUOog0QnZqHGXbLWQIRM8hnILeEVwdB1Mp3/lb0X 2Q7gL4ODkHpH60Z5hWZiUq6hJnm0WJcLgnd70TOMyj9nANuoK535yUeDFX4u8GHxlOb7qO GuNElhBODrWqdx7+sdn8vEb9XuryKrqhVc+KN5sTRx+Pq2662krYaoCif42YkQABK11ED4 FyIQ8O4MTOU+q0bn+h0WtgXuFzfDNSL2sgPIsibOlsu2pMcSwnQ1uzZnZJiTtw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707920734; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RDHVwjGeEXPyvmPD+Tz48A4gsnYqJMLLUOASLpbyK1A=; b=bIsIJDaXpmGxYc7AG4qnvDPOnxrrlG3rPXLGDjb9JCpGAHZUi5dBSNsmoHfLGA4l4UAzdC hr6emJQNI88pK3ONEKeDlhdS82zgAwcSb0VEgD2oxr5QnX5OoaOm5Ji8zAwZHpNcXKBZGM n4h6cuWEh1lJZbuOQnegasuCCNEpla0s7NtB5/m+LIyKqysPh4cZVuyhdMdBUjGos7DLZq 9CwBLjfp752yYwMkl9ssGWu06qvk6J5EPQ4k8+flHfK8H0P29fJj2tRBl2ckU7uOZJlti3 XV3h65lCg6vUtQTBJjHZdMeCjgIH09W1xUM3+LFeLiUGPxXNu39wWxpvgHTJ3A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TZgTV1pr6z121v for ; Wed, 14 Feb 2024 14:25:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 41EEPYA2089342 for ; Wed, 14 Feb 2024 14:25:34 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 41EEPYKs089337 for bugs@FreeBSD.org; Wed, 14 Feb 2024 14:25:34 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 276962] mac_priority(4) doesn't affect sched_setscheduler(2) Date: Wed, 14 Feb 2024 14:25:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276962 --- Comment #3 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D2198221bd9df0ceb69945120bc477309a= 5729241 commit 2198221bd9df0ceb69945120bc477309a5729241 Author: Florian Walpen AuthorDate: 2024-02-14 13:50:44 +0000 Commit: Olivier Certner CommitDate: 2024-02-14 14:24:11 +0000 sched_setscheduler(2): Change realtime privilege check Check for privilege PRIV_SCHED_SETPOLICY instead of PRIV_SCHED_SET, to at least make it coherent with what is done at thread creation when a realtime policy is requested, and have users authorized by mac_priority(4) pass it. This change is good enough in practice since it only allows 'root' (as before) and mac_priority(4)'s authorized users in (the point of this change), without other side effects. More changes in this area, to generally ensure that all privilege checks are consistent, are going to come as olce's priority revamp project lands. (olce: Expanded the explanations.) PR: 276962 Reported by: jbeich Reviewed by: olce Approved by: emaste (mentor) MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D43835 sys/kern/p1003_1b.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=