[Bug 276962] mac_priority(4) doesn't affect sched_setscheduler(2)
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 276962] mac_priority(4) doesn't affect sched_setscheduler(2)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 11 Feb 2024 02:48:46 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276962 --- Comment #1 from Florian Walpen <dev@submerge.ch> --- Seems like there's a mismatch with different privileges requested. sys/sys/priv.h defines: #define PRIV_SCHED_DIFFCRED 200 /* Exempt scheduling other users. */ #define PRIV_SCHED_SETPRIORITY 201 /* Can set lower nice value for proc. */ #define PRIV_SCHED_RTPRIO 202 /* Can set real time scheduling. */ #define PRIV_SCHED_SETPOLICY 203 /* Can set scheduler policy. */ #define PRIV_SCHED_SET 204 /* Can set thread scheduler. */ #define PRIV_SCHED_SETPARAM 205 /* Can set thread scheduler params. */ #define PRIV_SCHED_CPUSET 206 /* Can manipulate cpusets. */ #define PRIV_SCHED_CPUSET_INTR 207 /* Can adjust IRQ to CPU binding. */ #define PRIV_SCHED_IDPRIO 208 /* Can set idle time scheduling. */ The call to sched_setscheduler() ends up in sys/kern/p1003_1b.c, checking for the PRIV_SCHED_SET privilege: kern_sched_setscheduler(struct thread *td, struct thread *targettd, int policy, struct sched_param *param) { ... /* Don't allow non root user to set a scheduler policy. */ error = priv_check(td, PRIV_SCHED_SET); if (error) return (error); ... } While mac_priority only grants privileges for PRIV_SCHED_RTPRIO / PRIV_SCHED_SETPOLICY or PRIV_SCHED_IDPRIO. I think sched_setscheduler() does actually set the policy, not the scheduler, so maybe PRIV_SCHED_SETPOLICY would be more appropriate here. I can have a closer look tomorrow. -- You are receiving this mail because: You are the assignee for the bug.