From nobody Wed Feb 14 18:18:13 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TZmdx5XVjz51hff; Wed, 14 Feb 2024 18:18:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TZmdx50xGz4Tdg; Wed, 14 Feb 2024 18:18:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707934693; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=c+2bohVWB2XqcLkx3yEt4P91lDjuwu2P2dtA9vPUnqY=; b=ayZP7qZYrYU+6l38LOVCmZ3pUaBQ/XZ4dFQJxHmUtfbNoaBzKTAW8XKDp2EdRQ2weDE9iL zXBTxd8cWAM6UcQgn8iay3zLCnY+W1v/+GF17Hs7pVZIM/YQyDqVVypT/RJBC3i4H+eEoe 0pD1bTIfgc7rwtcBmQRF/wLEtQsQzB1pYKrtMGsvAYQOmjY9N5niQygZEWcXI1KC4IrduR NJZ0ke5YKr7AcZTjlz1m3dDHHZR1HsmyCrzIPkOYxBlxEDwRT0+oWoxDt1HYcyaIVHvPIs cPPSkQW5VKVgf2p4OahtvJVoPw1yAQeGs4hk0VTIS9tHFMQzjJLIiFL66S0zcw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1707934693; a=rsa-sha256; cv=none; b=EIsbkl73UaxlBwnkmSqN3+ZdYcjBcfW778nOB4B6qgJAg4Nz6S76yGNSi1dKaP4kjt/IUi 40DSIXQdwSk58DEtLRu3yoQheQLAuHeZ0WjZaE834cLm5VwKxgVPzUugVLccJmuUl9yTPK ZMXhzpOsz2OBpKlzKzCJpUzv3/0rN3vHIyPuX77/l/eLz39X6js9mopXv6KO82WDjkbCPb xvWFAyTwbjVu0OI5XKlmJqn6l817smHz+1Ia6Kuwqy5jiENNxiZ0IaaIZenGGPIAdBexlG rAFRTto/LJiPHDnLmr8nxUvB3oFD+6sTnX2kg65rI4H8j0Zq4w0IWU/5j31IgQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707934693; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=c+2bohVWB2XqcLkx3yEt4P91lDjuwu2P2dtA9vPUnqY=; b=kREs4hNqMrWW7EzoxcF5tGZ/vqs975iomDfI9lgezKV540WeoCsGInq3BcBUVRNp/Vc56s vaPx9Tewn5Q6jN6LGqHWTAqRCW3oolfZeKwfDA/StgWHnoAX6RIyZEmA5AjAlm+FMdGmUy K65Xb9h4m8RqKryw0ffJ2STgQBmLf1vXr3Xj6e08uVDDruGzg50dTqcQyVr7nyFTCar2+3 wxbJfKm2qkKx2iveIu+MMDdH8pMlEHtTLZkLzrR44ZFgNJR9KNlCLBK432dQhz6TFyhfdM 75swU3tyhrHxnH54nZOHn2Ehk/dYJnSLZAJ/6qTweQ+DtwQSVJr4UDO8WOojxA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TZmdx40wjz17WY; Wed, 14 Feb 2024 18:18:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41EIIDKi018234; Wed, 14 Feb 2024 18:18:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41EIID92018231; Wed, 14 Feb 2024 18:18:13 GMT (envelope-from git) Date: Wed, 14 Feb 2024 18:18:13 GMT Message-Id: <202402141818.41EIID92018231@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 8ff01d01f2e8 - stable/13 - sched_setscheduler(2): Change realtime privilege check List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 8ff01d01f2e8894bbac9f179f1ab0e83a8160384 Auto-Submitted: auto-generated The branch stable/13 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=8ff01d01f2e8894bbac9f179f1ab0e83a8160384 commit 8ff01d01f2e8894bbac9f179f1ab0e83a8160384 Author: Florian Walpen AuthorDate: 2024-02-14 13:50:44 +0000 Commit: Olivier Certner CommitDate: 2024-02-14 18:17:14 +0000 sched_setscheduler(2): Change realtime privilege check Check for privilege PRIV_SCHED_SETPOLICY instead of PRIV_SCHED_SET, to at least make it coherent with what is done at thread creation when a realtime policy is requested, and have users authorized by mac_priority(4) pass it. This change is good enough in practice since it only allows 'root' (as before) and mac_priority(4)'s authorized users in (the point of this change), without other side effects. More changes in this area, to generally ensure that all privilege checks are consistent, are going to come as olce's priority revamp project lands. (olce: Expanded the explanations.) PR: 276962 Reported by: jbeich Reviewed by: olce Approved by: emaste (mentor) MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D43835 (cherry picked from commit 2198221bd9df0ceb69945120bc477309a5729241) Approved by: emaste (mentor) Approved by: re (cperciva) --- sys/kern/p1003_1b.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/kern/p1003_1b.c b/sys/kern/p1003_1b.c index 21c9e3a27039..6259f7092487 100644 --- a/sys/kern/p1003_1b.c +++ b/sys/kern/p1003_1b.c @@ -233,8 +233,8 @@ kern_sched_setscheduler(struct thread *td, struct thread *targettd, targetp = targettd->td_proc; PROC_LOCK_ASSERT(targetp, MA_OWNED); - /* Don't allow non root user to set a scheduler policy. */ - error = priv_check(td, PRIV_SCHED_SET); + /* Only privileged users are allowed to set a scheduler policy. */ + error = priv_check(td, PRIV_SCHED_SETPOLICY); if (error) return (error);