a9545eede4
Add an idletime user group that allows non-root users to run processes with idle scheduling priority. Privileges are granted by a MAC policy in the mac_priority module. For this purpose, the kernel privilege PRIV_SCHED_IDPRIO was added to sys/priv.h (kernel module ABI change). Deprecate the system wide sysctl(8) knob security.bsd.unprivileged_idprio which lets any user run idle priority processes, regardless of context. While the knob is still working, it is marked as deprecated in the description and in the man pages. MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D33338
208 lines
5.5 KiB
Groff
208 lines
5.5 KiB
Groff
.\"
|
|
.\" Copyright (c) 1994, Henrik Vestergaard Draboel
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by Henrik Vestergaard Draboel.
|
|
.\" 4. The name of the author may not be used to endorse or promote products
|
|
.\" derived from this software without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd December 8, 2021
|
|
.Dt RTPRIO 1
|
|
.Os
|
|
.Sh NAME
|
|
.Nm rtprio ,
|
|
.Nm idprio
|
|
.Nd execute, examine or modify a utility's or process's realtime
|
|
or idletime scheduling priority
|
|
.Sh SYNOPSIS
|
|
.Nm [id|rt]prio
|
|
.Nm [id|rt]prio
|
|
.Oo Fl Oc Ns Ar pid
|
|
.Nm [id|rt]prio
|
|
.Ar priority
|
|
.Ar command
|
|
.Op args
|
|
.Nm [id|rt]prio
|
|
.Ar priority
|
|
.Fl Ar pid
|
|
.Nm [id|rt]prio
|
|
.Fl t
|
|
.Ar command
|
|
.Op args
|
|
.Nm [id|rt]prio
|
|
.Fl t
|
|
.Fl Ar pid
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
utility is used for controlling realtime process scheduling.
|
|
.Pp
|
|
The
|
|
.Nm idprio
|
|
utility is used for controlling idletime process scheduling, and can be called
|
|
with the same options as
|
|
.Nm .
|
|
.Pp
|
|
A process with a realtime priority is not subject to priority
|
|
degradation, and will only be preempted by another process of equal or
|
|
higher realtime priority.
|
|
.Pp
|
|
A process with an idle priority will run only when no other
|
|
process is runnable and then only if its idle priority is equal or
|
|
greater than all other runnable idle priority processes.
|
|
.Pp
|
|
Both
|
|
.Nm
|
|
or
|
|
.Nm idprio
|
|
when called without arguments will return the realtime priority
|
|
of the current process.
|
|
.Pp
|
|
If
|
|
.Nm
|
|
is called with 1 argument, it will return the realtime priority
|
|
of the process with the specified
|
|
.Ar pid .
|
|
.Pp
|
|
If
|
|
.Ar priority
|
|
is specified, the process or program is run at that realtime priority.
|
|
If
|
|
.Fl t
|
|
is specified, the process or program is run as a normal (non-realtime)
|
|
process.
|
|
.Pp
|
|
If
|
|
.Ar -pid
|
|
is specified, the process with the process identifier
|
|
.Ar pid
|
|
will be modified, else if
|
|
.Ar command
|
|
is specified, that program is run with its arguments.
|
|
.Pp
|
|
.Ar Priority
|
|
is an integer between 0 and RTP_PRIO_MAX (usually 31).
|
|
0 is the
|
|
highest priority
|
|
.Pp
|
|
.Ar Pid
|
|
of 0 means "the current process".
|
|
.Pp
|
|
Only root is allowed to set realtime or idle priority for a process.
|
|
Exceptional privileges can be granted through the
|
|
.Xr mac_priority 4
|
|
policy and the realtime and idletime user groups.
|
|
The
|
|
.Xr sysctl 8
|
|
variable
|
|
.Va security.bsd.unprivileged_idprio
|
|
is deprecated.
|
|
If set to non-zero, it lets any user modify the idle priority of processes
|
|
they own.
|
|
.Pp
|
|
Note that idle priority increases the chance that a deadlock can occur
|
|
if a process locks a required resource and then does
|
|
not get to run.
|
|
.Sh EXIT STATUS
|
|
If
|
|
.Nm
|
|
execute a command, the exit value is that of the command executed.
|
|
In all other cases,
|
|
.Nm
|
|
exits 0 on success, and 1 for all other errors.
|
|
.Sh EXAMPLES
|
|
To see which realtime priority the current process is at:
|
|
.Dl rtprio
|
|
.Pp
|
|
To see which realtime priority of process 1423:
|
|
.Dl "rtprio 1423"
|
|
.Pp
|
|
To run
|
|
.Xr cron 8
|
|
at the lowest realtime priority:
|
|
.Dl "rtprio 31 cron"
|
|
.Pp
|
|
To change the realtime priority of process 1423 to 16:
|
|
.Dl "rtprio 16 -1423"
|
|
.Pp
|
|
To run
|
|
.Xr tcpdump 1
|
|
without realtime priority:
|
|
.Dl "rtprio -t tcpdump"
|
|
.Pp
|
|
To change the realtime priority of process 1423
|
|
to
|
|
.Dv RTP_PRIO_NORMAL
|
|
(non-realtime/normal priority):
|
|
.Dl "rtprio -t -1423"
|
|
.Pp
|
|
To make depend while not disturbing other machine usage:
|
|
.Dl "idprio 31 make depend"
|
|
.Sh SEE ALSO
|
|
.Xr nice 1 ,
|
|
.Xr ps 1 ,
|
|
.Xr rtprio 2 ,
|
|
.Xr setpriority 2 ,
|
|
.Xr nice 3 ,
|
|
.Xr mac_priority 4 ,
|
|
.Xr renice 8
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
utility appeared in
|
|
.Fx 2.0 ,
|
|
but is similar to the HP-UX version.
|
|
.Sh AUTHORS
|
|
.An -nosplit
|
|
.An Henrik Vestergaard Draboel Aq Mt hvd@terry.ping.dk
|
|
is the original author.
|
|
This
|
|
implementation in
|
|
.Fx
|
|
was substantially rewritten by
|
|
.An David Greenman .
|
|
.Sh CAVEATS
|
|
You can lock yourself out of the system by placing a cpu-heavy
|
|
process in a realtime priority.
|
|
.Sh BUGS
|
|
There is no way to set/view the realtime priority of process 0
|
|
(swapper) (see
|
|
.Xr ps 1 ) .
|
|
.Pp
|
|
There is in
|
|
.Fx
|
|
no way to ensure that a process page is present in memory therefore
|
|
the process may be stopped for pagein (see
|
|
.Xr mprotect 2 ,
|
|
.Xr madvise 2 ) .
|
|
.Pp
|
|
Under
|
|
.Fx
|
|
system calls are currently never preempted, therefore non-realtime
|
|
processes can starve realtime processes, or idletime processes can
|
|
starve normal priority processes.
|