From nobody Thu Feb  1 21:31:21 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TQsXn5MMBz58jDf;
	Thu,  1 Feb 2024 21:31:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TQsXn4KG4z4cCv;
	Thu,  1 Feb 2024 21:31:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1706823081;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=JiSK17nb5X05NHxJffnCWA/v8YqNvBJmSekt0YvMCfg=;
	b=o3b0HhTiV3yyyQ8E4vYi8qZeXFRIlP8SVhjVzjQpLcDQ3ujo4+xWURxX40x+Aiykk/wMpq
	5zvVkpZlMVRlMn9ZzlLOjih+Juutz0GVcJJ5oa6aPtNgOrx0/dpjYu6D7b1ZmAytOQDMhG
	qZ+lmKBYC42fU2xwLCF/+9vRUg+V15K1yvwAQAkEcgvjjXdK5uwpaelzNvFmyxs04Q8nHk
	uJT2QmnpzeD8H5NC4zq3Gc3jEy9jEakbcGwlppXfo1+36x3VdWzucP3M61EfBMyiofTFmi
	GDIKqXh3wCWti/CPyBwJd7lQInofYloLlr1V+KakfUpySTshmdtD7AGvEeY4NA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1706823081;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=JiSK17nb5X05NHxJffnCWA/v8YqNvBJmSekt0YvMCfg=;
	b=wxtOtM8TlVgrOvsbJWRZE04GgueLcG7IlHQoTrN2G6WNddQ104yzQ/CPvpWKgxFqtkkiw/
	Qt3oQf77a6wKYjaik9nw/jrp8Ym679KqNRyp92gDsn60/ebroMFvlVZ7GxuMzyqBIJqLyg
	X5EgJMNRcReVzTEQyU5J2ajkowc794FQA+qa3rPHgFoBVmD9sdw8K2ozWLT5/n3eLb4iKB
	xVuK8ueIZk2x8KzM6qIHDwMCdrGq7++A/I+leInNWWCqRHCdK/Kg+kE8MWH9IIxQN4ZPIx
	gin11/IfcFrLeThKhzlZuHctcah7kjc3de/pQH3pg4R/Pj0CcXlj6N6bzWkmiA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706823081; a=rsa-sha256; cv=none;
	b=w1RT9Ob5NlnqUqs9uI4QG0lIwRcDFNTVd4u6Hso/6YsZV07EfGI0Av7DE/086naC0hlhsL
	6ukEfCIenXRPlhwpBDyr7eugopOp9M3q/d4h5RBwn6bSvQZEP5WPIoEwkeAhVqootPVGMC
	EhEsFOm1QkG61TWr9DTC81laPhQxa88eGtNvJeus7vuqJpUx1YagvGMpf2ANXWOXv7oK9t
	0WJY7UrMLNok1v4CWGLm9vksokT+/xyi9fJyiEGKvWvdDesBiVW3T+1dqAda6+65cWH8Xb
	tUSDzyJveTvC8v/m2VIGtgstcnaR/RFg8sRs+4soKbdlDoGHX3ttgv2JYSqVtQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TQsXn3R0wz1HwN;
	Thu,  1 Feb 2024 21:31:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 411LVLBG081008;
	Thu, 1 Feb 2024 21:31:21 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 411LVLka081005;
	Thu, 1 Feb 2024 21:31:21 GMT
	(envelope-from git)
Date: Thu, 1 Feb 2024 21:31:21 GMT
Message-Id: <202402012131.411LVLka081005@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: d2d66fedc418 - stable/14 - setusercontext(): Set
  priority from '~/.login_conf' as well
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: d2d66fedc418a9bccbe4ea92345f269106d6af32
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=d2d66fedc418a9bccbe4ea92345f269106d6af32

commit d2d66fedc418a9bccbe4ea92345f269106d6af32
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2023-05-30 15:14:50 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-02-01 21:30:08 +0000

    setusercontext(): Set priority from '~/.login_conf' as well
    
    Setting the process priority is done only when the current process'
    effective UID corresponds to that for which context is to be set.
    Consequently, setting priority is done with appropriate credentials and
    will fail if the target user tries to raise it unduly via his
    '~/.login_conf'.
    
    PR:                     271751
    Reviewed by:            kib, Andrew Gierth <andrew_tao173.riddles.org.uk>
    Approved by:            emaste (mentor)
    MFC after:              3 days
    Relnotes:               yes
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40352
    
    (cherry picked from commit f2a0277d3e51a6a839151eef17f466d0db2b7300)
    
    Approved by:            markj (mentor)
---
 lib/libutil/login_class.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
index f545e3661520..b4e52951bf9c 100644
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -622,6 +622,8 @@ setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned in
      */
     if (geteuid() == uid && (lc = login_getuserclass(pwd)) != NULL) {
 	setlogincontext(lc, pwd, flags);
+	if (flags & LOGIN_SETPRIORITY)
+	    setclasspriority(lc, pwd);
 	login_close(lc);
     }