From nobody Wed Feb 14 14:24:51 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TZgSh238jz5B0LJ; Wed, 14 Feb 2024 14:24:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TZgSh139kz4qy8; Wed, 14 Feb 2024 14:24:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707920692; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mbMo7axt9vLxqaMlUREvaT7mtS2gvpcP7PSYAHZKaJw=; b=v+d2piXGTknvfiD3Qc9a2d3fGV7g0lZw3VxMsGNTZahSgrF5Wnph0SlsFs4h1M9SZGKcWV uncYc+htkQZqy4EFEoQNtFo+6lIoewPUDgirJR1YFhMmnIxH1WtcLDfNYbGP1MkIh3zBUm y069EI37G2BiiZ7tQXgRWaOSKr4rtrF3fILAeiEwMbO2xb0nr5K/QZVb09CkLgkRBEsmDW ew0GUmFYBWGhWi8+LsDaz8Wn5A027JCqP1ghcayUUGYaCYTJMBaEv4Kw4ur0maGCojs2Ur /fl6WEFkxtfxBx+YPkK75XrCKqsoAgqbiGK5nfKox1z5piTfTiqkrbEQhwEHWw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1707920692; a=rsa-sha256; cv=none; b=y0pFouoQiqSLXh088uMHa3nPjEVrpr12LtwI8zQDY/QqZqe/ltATYQndubI6ARyZOmNF/E dvuzI8D0McWcvI9h0xlHz8O+dF2Bm2hqmAAr4tuIcssTJJDEj5EYNENUgG+QF8+R6p7rlT XYwPRhpiVUQXGz1dp3FiiWMzj72c38oXBvzT4jTXZNc442tPN3Q0iQvIq8e5KbKQS/9c4x 9mLcZQplsY0xnMIJwY8ExYVMbnyoHpnfRmZP0VCRucPOIHc2CQiXDkgZVcTHOc+wOiWGDJ G8vA1Cj0Ux4jdKY9gamXBprNsDOJK99b+k4BkWHHmmt99SZTpGi3hViW9bRgUQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707920692; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mbMo7axt9vLxqaMlUREvaT7mtS2gvpcP7PSYAHZKaJw=; b=kAehdQhXL2JUfOGznA2Ak5UCcT9zJx+Yqc0dKL6xqwdN6jko3O/mgru3/9TVTrKEEg4Uz9 a7MAyN+QakXGDJHio8sko7MJXIEnBpXMvgj46x5dSdyooJZJ8CDCsOjg6uvZ6w4KZSjdzv mix4OjEyvozLrDrsStEE+eYZBWfy+SY1cnfM9H2nqWoMcG23ekUu75odJZrfQtov93grzt mEttkE86xPSlmUbPmx3GXEoXIs1+JAtiHCNiW+FnAPzcxw2l3kR2ECr1BJMb972WkpLWy1 9BJd07/rGin9pq5gaBY1EEhhqxx1/EM9aiqE9SmhXmQpVr033mzju6KkLHtA3Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TZgSg71zRz12HS; Wed, 14 Feb 2024 14:24:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41EEOpaX028866; Wed, 14 Feb 2024 14:24:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41EEOpeM028863; Wed, 14 Feb 2024 14:24:51 GMT (envelope-from git) Date: Wed, 14 Feb 2024 14:24:51 GMT Message-Id: <202402141424.41EEOpeM028863@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 2198221bd9df - main - sched_setscheduler(2): Change realtime privilege check List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2198221bd9df0ceb69945120bc477309a5729241 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=2198221bd9df0ceb69945120bc477309a5729241 commit 2198221bd9df0ceb69945120bc477309a5729241 Author: Florian Walpen AuthorDate: 2024-02-14 13:50:44 +0000 Commit: Olivier Certner CommitDate: 2024-02-14 14:24:11 +0000 sched_setscheduler(2): Change realtime privilege check Check for privilege PRIV_SCHED_SETPOLICY instead of PRIV_SCHED_SET, to at least make it coherent with what is done at thread creation when a realtime policy is requested, and have users authorized by mac_priority(4) pass it. This change is good enough in practice since it only allows 'root' (as before) and mac_priority(4)'s authorized users in (the point of this change), without other side effects. More changes in this area, to generally ensure that all privilege checks are consistent, are going to come as olce's priority revamp project lands. (olce: Expanded the explanations.) PR: 276962 Reported by: jbeich Reviewed by: olce Approved by: emaste (mentor) MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D43835 --- sys/kern/p1003_1b.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/kern/p1003_1b.c b/sys/kern/p1003_1b.c index 21c9e3a27039..6259f7092487 100644 --- a/sys/kern/p1003_1b.c +++ b/sys/kern/p1003_1b.c @@ -233,8 +233,8 @@ kern_sched_setscheduler(struct thread *td, struct thread *targettd, targetp = targettd->td_proc; PROC_LOCK_ASSERT(targetp, MA_OWNED); - /* Don't allow non root user to set a scheduler policy. */ - error = priv_check(td, PRIV_SCHED_SET); + /* Only privileged users are allowed to set a scheduler policy. */ + error = priv_check(td, PRIV_SCHED_SETPOLICY); if (error) return (error);