[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pthread_setaffinity_np() permissions
On Thu, Nov 03, 2011 at 03:30:54AM +0100, Jean-Yves Migeon wrote:
> On 03.11.2011 02:55, Thor Lancelot Simon wrote:
> >On Thu, Nov 03, 2011 at 12:20:18AM +0100, Jean-Yves Migeon wrote:
> >>On 02.11.2011 17:03, Sad Clouds wrote:
> >>>Hi, is there some setting that would allow pthread_setaffinity_np() to
> >>>succeed for non-root users, i.e. some form of RBAC?
> >>Not that I know of. There was a discussion to introduce a sysctl(7),
> >>but never got implemented actually (here's a quick patch).
> >Is that patch right? It appears to allow the variable to be set
> >regardless of the kernel security level.
> Should not? I took the same logic as the one allowing usermounts.
> It's a matter of policy though.
None of the security sysctls should be changeable at securelevel 1 or
higher. Certainly it should not be possible to grant additional privileges
to non-root users. Is there logic somewhere else preventing it, like
in the relevant kauth listener perhaps?
Thor Lancelot Simon tls%panix.com@localhost
"All of my opinions are consistent, but I cannot present them all
at once." -Jean-Jacques Rousseau, On The Social Contract
Main Index |
Thread Index |