Florian Walpen a9545eede4 Add idle priority scheduling privilege group to MAC/priority
Add an idletime user group that allows non-root users to run processes
with idle scheduling priority. Privileges are granted by a MAC policy in
the mac_priority module. For this purpose, the kernel privilege
PRIV_SCHED_IDPRIO was added to sys/priv.h (kernel module ABI change).

Deprecate the system wide sysctl(8) knob
security.bsd.unprivileged_idprio which lets any user run idle priority
processes, regardless of context. While the knob is still working, it is
marked as deprecated in the description and in the man pages.

MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D33338
2021-12-10 04:54:48 +02:00

208 lines
5.5 KiB
Groff

.\"
.\" Copyright (c) 1994, Henrik Vestergaard Draboel
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by Henrik Vestergaard Draboel.
.\" 4. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd December 8, 2021
.Dt RTPRIO 1
.Os
.Sh NAME
.Nm rtprio ,
.Nm idprio
.Nd execute, examine or modify a utility's or process's realtime
or idletime scheduling priority
.Sh SYNOPSIS
.Nm [id|rt]prio
.Nm [id|rt]prio
.Oo Fl Oc Ns Ar pid
.Nm [id|rt]prio
.Ar priority
.Ar command
.Op args
.Nm [id|rt]prio
.Ar priority
.Fl Ar pid
.Nm [id|rt]prio
.Fl t
.Ar command
.Op args
.Nm [id|rt]prio
.Fl t
.Fl Ar pid
.Sh DESCRIPTION
The
.Nm
utility is used for controlling realtime process scheduling.
.Pp
The
.Nm idprio
utility is used for controlling idletime process scheduling, and can be called
with the same options as
.Nm .
.Pp
A process with a realtime priority is not subject to priority
degradation, and will only be preempted by another process of equal or
higher realtime priority.
.Pp
A process with an idle priority will run only when no other
process is runnable and then only if its idle priority is equal or
greater than all other runnable idle priority processes.
.Pp
Both
.Nm
or
.Nm idprio
when called without arguments will return the realtime priority
of the current process.
.Pp
If
.Nm
is called with 1 argument, it will return the realtime priority
of the process with the specified
.Ar pid .
.Pp
If
.Ar priority
is specified, the process or program is run at that realtime priority.
If
.Fl t
is specified, the process or program is run as a normal (non-realtime)
process.
.Pp
If
.Ar -pid
is specified, the process with the process identifier
.Ar pid
will be modified, else if
.Ar command
is specified, that program is run with its arguments.
.Pp
.Ar Priority
is an integer between 0 and RTP_PRIO_MAX (usually 31).
0 is the
highest priority
.Pp
.Ar Pid
of 0 means "the current process".
.Pp
Only root is allowed to set realtime or idle priority for a process.
Exceptional privileges can be granted through the
.Xr mac_priority 4
policy and the realtime and idletime user groups.
The
.Xr sysctl 8
variable
.Va security.bsd.unprivileged_idprio
is deprecated.
If set to non-zero, it lets any user modify the idle priority of processes
they own.
.Pp
Note that idle priority increases the chance that a deadlock can occur
if a process locks a required resource and then does
not get to run.
.Sh EXIT STATUS
If
.Nm
execute a command, the exit value is that of the command executed.
In all other cases,
.Nm
exits 0 on success, and 1 for all other errors.
.Sh EXAMPLES
To see which realtime priority the current process is at:
.Dl rtprio
.Pp
To see which realtime priority of process 1423:
.Dl "rtprio 1423"
.Pp
To run
.Xr cron 8
at the lowest realtime priority:
.Dl "rtprio 31 cron"
.Pp
To change the realtime priority of process 1423 to 16:
.Dl "rtprio 16 -1423"
.Pp
To run
.Xr tcpdump 1
without realtime priority:
.Dl "rtprio -t tcpdump"
.Pp
To change the realtime priority of process 1423
to
.Dv RTP_PRIO_NORMAL
(non-realtime/normal priority):
.Dl "rtprio -t -1423"
.Pp
To make depend while not disturbing other machine usage:
.Dl "idprio 31 make depend"
.Sh SEE ALSO
.Xr nice 1 ,
.Xr ps 1 ,
.Xr rtprio 2 ,
.Xr setpriority 2 ,
.Xr nice 3 ,
.Xr mac_priority 4 ,
.Xr renice 8
.Sh HISTORY
The
.Nm
utility appeared in
.Fx 2.0 ,
but is similar to the HP-UX version.
.Sh AUTHORS
.An -nosplit
.An Henrik Vestergaard Draboel Aq Mt hvd@terry.ping.dk
is the original author.
This
implementation in
.Fx
was substantially rewritten by
.An David Greenman .
.Sh CAVEATS
You can lock yourself out of the system by placing a cpu-heavy
process in a realtime priority.
.Sh BUGS
There is no way to set/view the realtime priority of process 0
(swapper) (see
.Xr ps 1 ) .
.Pp
There is in
.Fx
no way to ensure that a process page is present in memory therefore
the process may be stopped for pagein (see
.Xr mprotect 2 ,
.Xr madvise 2 ) .
.Pp
Under
.Fx
system calls are currently never preempted, therefore non-realtime
processes can starve realtime processes, or idletime processes can
starve normal priority processes.