[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: KAUTH_PROCESS_SCHEDULER_*AFFINITY restricted to root in default secmodel?
On Mon, 29 Aug 2011 01:07:52 +0200
Alistair Crooks <agc%pkgsrc.org@localhost> wrote:
Sorry for replying to an old thread, I'm still catching up with mail :)
> > i've found this some what annoying. IMO, we should have a a way to say
> > "let normal users do this". i'm not sure sysctl is the right place, but
> > maybe an overlay secmodel? on some of my machines, i don't want to have
> > to be root to do this. it's annoying to have to use root to get the
> > highest performance i can out of an application.
> > the current default is fine, however.
> Something analogous to our friends:
> % sysctl -a | grep mount
> vfs.generic.usermount = 0
> security.models.suser.usermount = 0
And/or like security.models.bsd44.curtain, etc; I think that a
sysctl for this would be nice too.
Also, I'm not sure if this is doable (an annoyance if users and scripts
have been using the old knobs), but I tend to think that sysctls that
affect the default secmodel (bsd44) should ideally all be under
Main Index |
Thread Index |