tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: KAUTH_PROCESS_SCHEDULER_*AFFINITY restricted to root in default secmodel?

On Mon, 29 Aug 2011 01:07:52 +0200
Alistair Crooks <> wrote:

Sorry for replying to an old thread, I'm still catching up with mail :)

> > i've found this some what annoying.  IMO, we should have a a way to say
> > "let normal users do this".  i'm not sure sysctl is the right place, but
> > maybe an overlay secmodel?  on some of my machines, i don't want to have
> > to be root to do this.  it's annoying to have to use root to get the
> > highest performance i can out of an application.
> > 
> > the current default is fine, however.
> Something analogous to our friends:
> % sysctl -a | grep mount
> vfs.generic.usermount = 0
> security.models.suser.usermount = 0
> %

And/or like   security.models.bsd44.curtain,  etc; I think that a
sysctl for this would be nice too.

Also, I'm not sure if this is doable (an annoyance if users and scripts
have been using the old knobs), but I tend to think that sysctls that
affect the default secmodel (bsd44) should ideally all be under

Home | Main Index | Thread Index | Old Index