Date: Sun, 11 Feb 2024 02:48:46 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 276962] mac_priority(4) doesn't affect sched_setscheduler(2) Message-ID: <bug-276962-227-mlc5NvgoTd@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-276962-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276962 --- Comment #1 from Florian Walpen <dev@submerge.ch> --- Seems like there's a mismatch with different privileges requested. sys/sys/priv.h defines: #define PRIV_SCHED_DIFFCRED 200 /* Exempt scheduling other users. */ #define PRIV_SCHED_SETPRIORITY 201 /* Can set lower nice value for proc. */ #define PRIV_SCHED_RTPRIO 202 /* Can set real time scheduling. */ #define PRIV_SCHED_SETPOLICY 203 /* Can set scheduler policy. */ #define PRIV_SCHED_SET 204 /* Can set thread scheduler. */ #define PRIV_SCHED_SETPARAM 205 /* Can set thread scheduler params. */ #define PRIV_SCHED_CPUSET 206 /* Can manipulate cpusets. */ #define PRIV_SCHED_CPUSET_INTR 207 /* Can adjust IRQ to CPU binding. */ #define PRIV_SCHED_IDPRIO 208 /* Can set idle time scheduling. */ The call to sched_setscheduler() ends up in sys/kern/p1003_1b.c, checking for the PRIV_SCHED_SET privilege: kern_sched_setscheduler(struct thread *td, struct thread *targettd, int policy, struct sched_param *param) { ... /* Don't allow non root user to set a scheduler policy. */ error = priv_check(td, PRIV_SCHED_SET); if (error) return (error); ... } While mac_priority only grants privileges for PRIV_SCHED_RTPRIO / PRIV_SCHED_SETPOLICY or PRIV_SCHED_IDPRIO. I think sched_setscheduler() does actually set the policy, not the scheduler, so maybe PRIV_SCHED_SETPOLICY would be more appropriate here. I can have a closer look tomorrow. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-276962-227-mlc5NvgoTd>