[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
KAUTH_PROCESS_SCHEDULER_*AFFINITY restricted to root in default secmodel?
I've just had my first occasion to play with the processor affinity
code, via porting some code from linux. It was very straightforward,
but there's one glaring difference: linux doesn't (by default, anyway)
require root to use their sched_setaffinity(), while we do require root
(by default) for pthread_setaffinity_np().
I don't pretend to understand the security ramifications regarding
processor affinity; I do wonder, however, whether it warrants requiring
elevated privilege (and possible exposure via other code in the process
which doesn't require root for normal operation) to prevent allowing
users to pin their own code to a particular cpu by default. Are we sure
we've made the right (default) tradeoff here?
For my own use, I know I can tweak the secmodel to permit
KAUTH_PROCESS_SCHEDULER_SETAFFINITY . (and now I'm going to research
how to actually do it. :)
Main Index |
Thread Index |