Hello
Here is a patch on the permission scheme when changing RT priorities.
Presently, a process without the capability CAP_SYS_NICE can not change
its own policy, which is OK.
But it can also not decrease its RT priority (if scheduled with policy
SCHED_RR or SCHED_FIFO), which is what this patch changes.
The rationale is the same as for the nice value: a process should be
able to require less priority for itself. Increasing the priority is
still not allowed.
This is for example useful if you give a multithreaded user process a RT
priority, and the process would like to organize its internal threads
using priorities also. Then you can give the process the highest
priority needed N, and the process starts its threads with lower
priorities: N-1, N-2...
The POSIX norm says that the permissions are implementation specific, so
I think we can do that.
In a sense, it makes the permissions consistent whatever the policy is:
with this patch, process scheduled by SCHED_FIFO, SCHED_RR and
SCHED_OTHER can all decrease their priority.
Please tell me what you think!
Regards
Olivier
--- linux-2.6.8-24.11/kernel/sched.c 2005-01-14 16:34:00.000000000
+0100
+++ linux-2.6.8-24.11-sched-patch/kernel/sched.c 2005-04-17
09:27:07.000000000 +0200
@@ -3248,12 +3248,19 @@
goto out_unlock;
retval = -EPERM;
- if ((policy == SCHED_FIFO || policy == SCHED_RR) &&
- !capable(CAP_SYS_NICE))
- goto out_unlock;
- if ((current->euid != p->euid) && (current->euid != p->uid) &&
- !capable(CAP_SYS_NICE))
- goto out_unlock;
+ if(!capable(CAP_SYS_NICE)) {
+ /* can't change a policy without cap */
+ if (policy != p->policy)
+ goto out_unlock;
+ /* can't increase priority without cap */
+ if (policy != SCHED_NORMAL &&
+ lp.sched_priority > p->rt_priority)
+ goto out_unlock;
+ /* can't change other processes without cap */
+ if ((current->euid != p->euid) &&
+ (current->euid != p->uid))
+ goto out_unlock;
+ }
retval = security_task_setscheduler(p, policy, &lp);
if (retval)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]