Re: KAUTH_PROCESS_SCHEDULER_*AFFINITY restricted to root in default secmodel?

To: tech-kern%netbsd.org@localhost
Subject: Re: KAUTH_PROCESS_SCHEDULER_*AFFINITY restricted to root in default secmodel?
From: Matthew Mondor <mm_lists%pulsar-zone.net@localhost>
Date: Mon, 26 Sep 2011 01:54:59 -0400

On Mon, 29 Aug 2011 01:07:52 +0200
Alistair Crooks <agc%pkgsrc.org@localhost> wrote:

Sorry for replying to an old thread, I'm still catching up with mail :)

> > i've found this some what annoying.  IMO, we should have a a way to say
> > "let normal users do this".  i'm not sure sysctl is the right place, but
> > maybe an overlay secmodel?  on some of my machines, i don't want to have
> > to be root to do this.  it's annoying to have to use root to get the
> > highest performance i can out of an application.
> > 
> > the current default is fine, however.
> 
> Something analogous to our friends:
> 
> % sysctl -a | grep mount
> vfs.generic.usermount = 0
> security.models.suser.usermount = 0
> %

And/or like   security.models.bsd44.curtain,  etc; I think that a
sysctl for this would be nice too.

Also, I'm not sure if this is doable (an annoyance if users and scripts
have been using the old knobs), but I tend to think that sysctls that
affect the default secmodel (bsd44) should ideally all be under
security.models.bsd44.?
-- 
Matt

References:
- KAUTH_PROCESS_SCHEDULER_*AFFINITY restricted to root in default secmodel?
  - From: Jeff Rizzo
- re: KAUTH_PROCESS_SCHEDULER_*AFFINITY restricted to root in default secmodel?
  - From: matthew green
- Re: KAUTH_PROCESS_SCHEDULER_*AFFINITY restricted to root in default secmodel?
  - From: Alistair Crooks

Prev by Date: Re: KASSERTMSG fix
Next by Date: Re: Changing the gpio(4) API/ABI
Previous by Thread: Re: KAUTH_PROCESS_SCHEDULER_*AFFINITY restricted to root in default secmodel?
Next by Thread: Re: CVS commit: src/sys/arch/xen
Indexes:

Home | Main Index | Thread Index | Old Index