Re: kauth and sched_{get,set}param

To: Juan RP <juan%xtrarom.org@localhost>
Subject: Re: kauth and sched_{get,set}param
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Thu, 31 Jan 2008 03:02:40 +0200

Juan RP wrote:

Hi,

With the following set of changes I'm not able to use schedctl(8)
anymore even when I'm root:

Module Name:    src
Committed By:   elad
Date:           Wed Jan 30 17:54:56 UTC 2008

Modified Files:
        src/share/examples/secmodel: secmodel_example.c
        src/share/man/man9: kauth.9
        src/sys/kern: sys_pset.c sys_sched.c
        src/sys/secmodel/bsd44: secmodel_bsd44_suser.c
        src/sys/sys: kauth.h

Log Message:
Use proper kauth(9) actions/requests for native scheduler stuff and the
recently introduced processor-sets.

Discussed with and okay rmind@, yamt@, and christos@.

$ sudo schedctl -p696
schedctl: _sched_getparam: Permission denied
$ sudo schedctl -p696 -P32
schedctl: _sched_setparam: Operation not permitted
$

Could you please fix this? thanks.


Oops, the authorization calls in sys_sched.c are either done without a
process or with an incorrect one.

Fixing it is obvious but takes a bit more work than I'd like to do at
this time of day. :) Basically the code should be reorganized to get the
process from p_find() before the call to kauth_authorize_process(), so
we can use it in the authorization.

Thanks for pointing this out, and sorry for the inconvenience,

-e.

Follow-Ups:
- Re: kauth and sched_{get,set}param
  - From: Elad Efrat

References:
- kauth and sched_{get,set}param
  - From: Juan RP

Prev by Date: Re: printer recommendations
Next by Date: Re: kauth and sched_{get,set}param
Previous by Thread: kauth and sched_{get,set}param
Next by Thread: Re: kauth and sched_{get,set}param
Indexes:

Home | Main Index | Thread Index | Old Index