Subject: Re: kauth and sched_{get,set}param
To: Juan RP <juan@xtrarom.org>
From: Elad Efrat <elad@NetBSD.org>
List: current-users
Date: 01/31/2008 03:02:40
Juan RP wrote:
> Hi,
>
> With the following set of changes I'm not able to use schedctl(8)
> anymore even when I'm root:
>
> Module Name: src
> Committed By: elad
> Date: Wed Jan 30 17:54:56 UTC 2008
>
> Modified Files:
> src/share/examples/secmodel: secmodel_example.c
> src/share/man/man9: kauth.9
> src/sys/kern: sys_pset.c sys_sched.c
> src/sys/secmodel/bsd44: secmodel_bsd44_suser.c
> src/sys/sys: kauth.h
>
> Log Message:
> Use proper kauth(9) actions/requests for native scheduler stuff and the
> recently introduced processor-sets.
>
> Discussed with and okay rmind@, yamt@, and christos@.
>
> $ sudo schedctl -p696
> schedctl: _sched_getparam: Permission denied
> $ sudo schedctl -p696 -P32
> schedctl: _sched_setparam: Operation not permitted
> $
>
> Could you please fix this? thanks.
Oops, the authorization calls in sys_sched.c are either done without a
process or with an incorrect one.
Fixing it is obvious but takes a bit more work than I'd like to do at
this time of day. :) Basically the code should be reorganized to get the
process from p_find() before the call to kauth_authorize_process(), so
we can use it in the authorization.
Thanks for pointing this out, and sorry for the inconvenience,
-e.