Subject: Re: kauth and sched_{get,set}param
To: Juan RP <juan@xtrarom.org>
From: Elad Efrat <elad@NetBSD.org>
List: current-users
Date: 01/31/2008 03:02:40
Juan RP wrote:
> Hi,
> 
> With the following set of changes I'm not able to use schedctl(8)
> anymore even when I'm root:
> 
> Module Name:	src
> Committed By:	elad
> Date:		Wed Jan 30 17:54:56 UTC 2008
> 
> Modified Files:
> 	src/share/examples/secmodel: secmodel_example.c
> 	src/share/man/man9: kauth.9
> 	src/sys/kern: sys_pset.c sys_sched.c
> 	src/sys/secmodel/bsd44: secmodel_bsd44_suser.c
> 	src/sys/sys: kauth.h
> 
> Log Message:
> Use proper kauth(9) actions/requests for native scheduler stuff and the
> recently introduced processor-sets.
> 
> Discussed with and okay rmind@, yamt@, and christos@.
> 
> $ sudo schedctl -p696
> schedctl: _sched_getparam: Permission denied
> $ sudo schedctl -p696 -P32
> schedctl: _sched_setparam: Operation not permitted
> $
> 
> Could you please fix this? thanks.

Oops, the authorization calls in sys_sched.c are either done without a
process or with an incorrect one.

Fixing it is obvious but takes a bit more work than I'd like to do at
this time of day. :) Basically the code should be reorganized to get the
process from p_find() before the call to kauth_authorize_process(), so
we can use it in the authorization.

Thanks for pointing this out, and sorry for the inconvenience,

-e.