a9545eede4
Add an idletime user group that allows non-root users to run processes with idle scheduling priority. Privileges are granted by a MAC policy in the mac_priority module. For this purpose, the kernel privilege PRIV_SCHED_IDPRIO was added to sys/priv.h (kernel module ABI change). Deprecate the system wide sysctl(8) knob security.bsd.unprivileged_idprio which lets any user run idle priority processes, regardless of context. While the knob is still working, it is marked as deprecated in the description and in the man pages. MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D33338 |
||
|---|---|---|
| .. | ||
| audit | ||
| mac | ||
| mac_biba | ||
| mac_bsdextended | ||
| mac_ifoff | ||
| mac_lomac | ||
| mac_mls | ||
| mac_none | ||
| mac_ntpd | ||
| mac_partition | ||
| mac_portacl | ||
| mac_priority | ||
| mac_seeotheruids | ||
| mac_stub | ||
| mac_test | ||
| mac_veriexec | ||
| mac_veriexec_parser | ||