From nobody Wed Feb 14 18:22:03 2024 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TZmkM6Dkwz51jPD for ; Wed, 14 Feb 2024 18:22:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TZmkM4b6xz4VlL for ; Wed, 14 Feb 2024 18:22:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1707934923; a=rsa-sha256; cv=none; b=AlwUHfvSPjXkR0UeCrC7IhenC93S4PvzeBPt73mZax6iMWdkARVH8/mb6IBPIt3S79+Kxg TsbczeXyQTb8kVbSvJ+scEk5L+y8zU7QrISg7yeXNckotE9H9RYsk11MgBE7oGnZ7fUP9D PzV7jBnK9s4+vv4Hq2JlhXG8mYcdALE63Wjo2PYlCiIhW/2cW0L3Y9tK0rueJqyIZ5Fm8v 6Wkh4jmAVcEZB7DI+FlSkn4r+t36FtW5PspeevFIMjhWy6WkMH/1q2BnaMZo/nAeRWqDs5 fqN62mIycxwse/bEFoiRNcYgM5/E57hUowN5UhcXfegMRi2LH6RMZLuKZzFu4g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707934923; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hrqjmoDmJPVZ2qxoXhq5dBb6DyXsWPrFi/6LHvE0rgA=; b=rn7AP+qdlQbYdfV7fZYgUCyFdqMFY0cV9k1KEYyysU1nCi4XjyVi9/F0y7BAxA8R49UikR nCi0q6dlrZJ4c5uHbMUhwqZ4tswLR5yjdfgdJUlAMFomoGvMqzxouL3BDnIb8tX933r4Nb oSL5ciRnXJrevUpSWkq09qOpbmffgVc5O313w6glR5jHVsxY6YqlpsB3dVRz6RP7Ur6l+s IiRaHe5DzezQjs24lzv2UqRSe5NOQDcobXQy/V033SaZolxFXWeRZ2JcCgBHAx5E1I7NfS 3ihdpGOeQHtH6Eh+V2ZsjDvtNnuqUxqJzRoTvypsmVFr968kuq1QSH8JgXdlPQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TZmkM3g5Zz17Qr for ; Wed, 14 Feb 2024 18:22:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 41EIM3lc007645 for ; Wed, 14 Feb 2024 18:22:03 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 41EIM3aJ007644 for bugs@FreeBSD.org; Wed, 14 Feb 2024 18:22:03 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 276962] mac_priority(4) doesn't affect sched_setscheduler(2) Date: Wed, 14 Feb 2024 18:22:03 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276962 --- Comment #5 from commit-hook@FreeBSD.org --- A commit in branch releng/13.3 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D1ee910875cd00c6f86f3f64dbc1686ec6= d52ab11 commit 1ee910875cd00c6f86f3f64dbc1686ec6d52ab11 Author: Florian Walpen AuthorDate: 2024-02-14 13:50:44 +0000 Commit: Olivier Certner CommitDate: 2024-02-14 18:19:04 +0000 sched_setscheduler(2): Change realtime privilege check Check for privilege PRIV_SCHED_SETPOLICY instead of PRIV_SCHED_SET, to at least make it coherent with what is done at thread creation when a realtime policy is requested, and have users authorized by mac_priority(4) pass it. This change is good enough in practice since it only allows 'root' (as before) and mac_priority(4)'s authorized users in (the point of this change), without other side effects. More changes in this area, to generally ensure that all privilege checks are consistent, are going to come as olce's priority revamp project lands. (olce: Expanded the explanations.) PR: 276962 Reported by: jbeich Reviewed by: olce Approved by: emaste (mentor) MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D43835 (cherry picked from commit 2198221bd9df0ceb69945120bc477309a5729241) (cherry picked from commit 8ff01d01f2e8894bbac9f179f1ab0e83a8160384) Approved by: emaste (mentor) Approved by: re (cperciva) sys/kern/p1003_1b.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=