Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Feb 2024 18:21:06 GMT
From:      Olivier Certner <olce@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 1ee910875cd0 - releng/13.3 - sched_setscheduler(2): Change realtime privilege check
Message-ID:  <202402141821.41EIL6fR032664@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch releng/13.3 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=1ee910875cd00c6f86f3f64dbc1686ec6d52ab11

commit 1ee910875cd00c6f86f3f64dbc1686ec6d52ab11
Author:     Florian Walpen <dev@submerge.ch>
AuthorDate: 2024-02-14 13:50:44 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-02-14 18:19:04 +0000

    sched_setscheduler(2): Change realtime privilege check
    
    Check for privilege PRIV_SCHED_SETPOLICY instead of PRIV_SCHED_SET, to
    at least make it coherent with what is done at thread creation when
    a realtime policy is requested, and have users authorized by
    mac_priority(4) pass it.
    
    This change is good enough in practice since it only allows 'root' (as
    before) and mac_priority(4)'s authorized users in (the point of this
    change), without other side effects.  More changes in this area, to
    generally ensure that all privilege checks are consistent, are going to
    come as olce's priority revamp project lands.
    
    (olce: Expanded the explanations.)
    
    PR:                     276962
    Reported by:            jbeich
    Reviewed by:            olce
    Approved by:            emaste (mentor)
    MFC after:              3 days
    Differential Revision:  https://reviews.freebsd.org/D43835
    
    (cherry picked from commit 2198221bd9df0ceb69945120bc477309a5729241)
    (cherry picked from commit 8ff01d01f2e8894bbac9f179f1ab0e83a8160384)
    
    Approved by:            emaste (mentor)
    Approved by:            re (cperciva)
---
 sys/kern/p1003_1b.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/kern/p1003_1b.c b/sys/kern/p1003_1b.c
index 21c9e3a27039..6259f7092487 100644
--- a/sys/kern/p1003_1b.c
+++ b/sys/kern/p1003_1b.c
@@ -233,8 +233,8 @@ kern_sched_setscheduler(struct thread *td, struct thread *targettd,
 	targetp = targettd->td_proc;
 	PROC_LOCK_ASSERT(targetp, MA_OWNED);
 
-	/* Don't allow non root user to set a scheduler policy. */
-	error = priv_check(td, PRIV_SCHED_SET);
+	/* Only privileged users are allowed to set a scheduler policy. */
+	error = priv_check(td, PRIV_SCHED_SETPOLICY);
 	if (error)
 		return (error);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202402141821.41EIL6fR032664>