• Start
• Documentation
  • PostgreSQL
  • mnoGoSearch
  • Apache 2.4
  • FreeBSD handbook
  • FreeBSD Manual
  • FreeBSD Source
• Tools
• Search
• Protected Area

plain

FreeBSD manual

keyword 1 2 3 4 5 6 7 8 9 n l

download PDF document: mac_priority.4.pdf

MAC_PRIORITY(4) FreeBSD Kernel Interfaces Manual MAC_PRIORITY(4)
NAME mac_priority - policy for scheduling privileges of non-root users
SYNOPSIS To compile the mac_priority policy into your kernel, place the following lines in your kernel configuration file:
options MAC options MAC_PRIORITY
Alternately, to load the mac_priority policy module at boot time, place the following line in your kernel configuration file:
options MAC
and in loader.conf(5):
mac_priority_load="YES"
DESCRIPTION The mac_priority policy grants scheduling privileges based on group(5) membership. Users or processes in the group `realtime' (gid 47) are allowed to run threads and processes with realtime scheduling priority. Users or processes in the group `idletime' (gid 48) are allowed to run threads and processes with idle scheduling priority.
With the mac_priority realtime policy active, privileged users may use the rtprio(1) utility to start processes with realtime priority. Privileged applications can promote threads and processes to realtime priority through the rtprio(2) system calls.
When the idletime policy is active, privileged users may use the idprio(1) utility to start processes with idle priority. Privileged applications can demote threads and processes to idle priority through the rtprio(2) system calls.
Privileges Granted The realtime policy grants the following kernel privileges to any process running with the realtime group id: PRIV_SCHED_RTPRIO PRIV_SCHED_SETPOLICY
The kernel privilege granted by the idletime policy is: PRIV_SCHED_IDPRIO
Runtime Configuration The following sysctl(8) MIBs are available for fine-tuning this MAC policy. All sysctl(8) variables can also be set as loader(8) tunables in loader.conf(5).
security.mac.priority.realtime Enable the realtime policy. (Default: 1).
security.mac.priority.realtime_gid The numeric gid of the realtime group. (Default: 47).
security.mac.priority.idletime
HISTORY MAC first appeared in FreeBSD 5.0 and mac_priority first appeared in FreeBSD 13.1.
FreeBSD 14.2-RELEASE December 14, 2021 FreeBSD 14.2-RELEASE