Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: sysctl: security.models.extensions.user_set_cpu_affinity: Operation not permitted on netbsd-9 evbarm

On Mon, Mar 09, 2020 at 09:55:41PM +1100, Paul Ripke wrote:
> Noticed this mucking with some pthread code that does pthread_setaffinity_np.
> Is this expected? I would've thought it still possible at securelevel 1?
> thing1:ksh$ sysctl security.models.extensions.user_set_cpu_affinity
> security.models.extensions.user_set_cpu_affinity = 0
> thing1:ksh$ sudo sysctl -w security.models.extensions.user_set_cpu_affinity=1
> sysctl: security.models.extensions.user_set_cpu_affinity: Operation not permitted
> thing1:ksh$ sysctl kern.securelevel
> kern.securelevel = 1
> thing1:ksh$ uname -a
> NetBSD thing1 9.0_STABLE NetBSD 9.0_STABLE (GENERIC) #8: Sun Mar  8 23:07:35 AEDT 2020  stix@slave:/home/netbsd/netbsd-9/obj.evbarm-earmv7hf/home/netbsd/netbsd-9/src/sys/arch/evbarm/compile/GENERIC evbarm

I can read, honest!
secmodel_extensions(9) says:

It can be disabled at any time, but cannot be enabled anymore when the
securelevel of the system is above 0.

Paul Ripke
"Great minds discuss ideas, average minds discuss events, small minds
 discuss people."
-- Disputed: Often attributed to Eleanor Roosevelt. 1948.

Home | Main Index | Thread Index | Old Index