HomeFreeBSD

sched_setscheduler(2): Change realtime privilege check

Description

sched_setscheduler(2): Change realtime privilege check

Check for privilege PRIV_SCHED_SETPOLICY instead of PRIV_SCHED_SET, to
at least make it coherent with what is done at thread creation when
a realtime policy is requested, and have users authorized by
mac_priority(4) pass it.

This change is good enough in practice since it only allows 'root' (as
before) and mac_priority(4)'s authorized users in (the point of this
change), without other side effects. More changes in this area, to
generally ensure that all privilege checks are consistent, are going to
come as olce's priority revamp project lands.

(olce: Expanded the explanations.)

PR: 276962
Reported by: jbeich
Reviewed by: olce
Approved by: emaste (mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D43835

(cherry picked from commit 2198221bd9df0ceb69945120bc477309a5729241)
(cherry picked from commit 8ff01d01f2e8894bbac9f179f1ab0e83a8160384)

Approved by: emaste (mentor)
Approved by: re (cperciva)

Details

Provenance
dev_submerge.chAuthored on Feb 14 2024, 1:50 PM
olceCommitted on Feb 14 2024, 6:19 PM
Reviewer
olce
Differential Revision
D43835: sched_setscheduler(2): Fix realtime privilege check
Parents
rGb36ddb27b3b9: Merge sendmail 8.18.1 from stable/13 to releng/13.3
Branches
Unknown
Tags
Unknown