diff options
Diffstat (limited to 'static/freebsd/man4/mac_priority.4 3.html')
| -rw-r--r-- | static/freebsd/man4/mac_priority.4 3.html | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/static/freebsd/man4/mac_priority.4 3.html b/static/freebsd/man4/mac_priority.4 3.html new file mode 100644 index 00000000..13bf80f9 --- /dev/null +++ b/static/freebsd/man4/mac_priority.4 3.html @@ -0,0 +1,101 @@ +<table class="head"> + <tr> + <td class="head-ltitle">MAC_PRIORITY(4)</td> + <td class="head-vol">Device Drivers Manual</td> + <td class="head-rtitle">MAC_PRIORITY(4)</td> + </tr> +</table> +<div class="manual-text"> +<section class="Sh"> +<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> +<p class="Pp"><code class="Nm">mac_priority</code> — + <span class="Nd">policy for scheduling privileges of non-root + users</span></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> +<p class="Pp">To compile the mac_priority policy into your kernel, place the + following lines in your kernel configuration file:</p> +<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code> +<br/> +<code class="Cd">options MAC_PRIORITY</code></div> +<p class="Pp">Alternately, to load the mac_priority policy module at boot time, + place the following line in your kernel configuration file:</p> +<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code></div> +<p class="Pp">and in <a class="Xr">loader.conf(5)</a>:</p> +<div class="Bd Pp Bd-indent Li"> +<pre>mac_priority_load="YES"</pre> +</div> +</section> +<section class="Sh"> +<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> +<p class="Pp">The <code class="Nm">mac_priority</code> policy grants scheduling + privileges based on <a class="Xr">group(5)</a> membership. Users or + processes in the group ‘realtime’ (gid 47) are allowed to run + threads and processes with realtime scheduling priority. Users or processes + in the group ‘idletime’ (gid 48) are allowed to run threads + and processes with idle scheduling priority.</p> +<p class="Pp">With the <code class="Nm">mac_priority</code> realtime policy + active, privileged users may use the <a class="Xr">rtprio(1)</a> utility to + start processes with realtime priority. Privileged applications can promote + threads and processes to realtime priority through the + <a class="Xr">rtprio(2)</a> system calls.</p> +<p class="Pp">When the idletime policy is active, privileged users may use the + <a class="Xr">idprio(1)</a> utility to start processes with idle priority. + Privileged applications can demote threads and processes to idle priority + through the <a class="Xr">rtprio(2)</a> system calls.</p> +<section class="Ss"> +<h2 class="Ss" id="Privileges_Granted"><a class="permalink" href="#Privileges_Granted">Privileges + Granted</a></h2> +<p class="Pp">The realtime policy grants the following kernel privileges to any + process running with the realtime group id:</p> +<dl class="Bl-inset Bd-indent Bl-compact"> + <dt id="PRIV_SCHED_RTPRIO"><a class="permalink" href="#PRIV_SCHED_RTPRIO"><code class="Dv">PRIV_SCHED_RTPRIO</code></a></dt> + <dd></dd> + <dt id="PRIV_SCHED_SETPOLICY"><a class="permalink" href="#PRIV_SCHED_SETPOLICY"><code class="Dv">PRIV_SCHED_SETPOLICY</code></a></dt> + <dd></dd> +</dl> +<p class="Pp">The kernel privilege granted by the idletime policy is:</p> +<dl class="Bl-inset Bd-indent Bl-compact"> + <dt id="PRIV_SCHED_IDPRIO"><a class="permalink" href="#PRIV_SCHED_IDPRIO"><code class="Dv">PRIV_SCHED_IDPRIO</code></a></dt> + <dd></dd> +</dl> +</section> +<section class="Ss"> +<h2 class="Ss" id="Runtime_Configuration"><a class="permalink" href="#Runtime_Configuration">Runtime + Configuration</a></h2> +<p class="Pp">The following <a class="Xr">sysctl(8)</a> MIBs are available for + fine-tuning this MAC policy. All <a class="Xr">sysctl(8)</a> variables can + also be set as <a class="Xr">loader(8)</a> tunables in + <a class="Xr">loader.conf(5)</a>.</p> +<dl class="Bl-tag"> + <dt id="security.mac.priority.realtime"><var class="Va">security.mac.priority.realtime</var></dt> + <dd>Enable the realtime policy. (Default: 1).</dd> + <dt id="security.mac.priority.realtime_gid"><var class="Va">security.mac.priority.realtime_gid</var></dt> + <dd>The numeric gid of the realtime group. (Default: 47).</dd> + <dt id="security.mac.priority.idletime"><var class="Va">security.mac.priority.idletime</var></dt> + <dd>Enable the idletime policy. (Default: 1).</dd> + <dt id="security.mac.priority.idletime_gid"><var class="Va">security.mac.priority.idletime_gid</var></dt> + <dd>The numeric gid of the idletime group. (Default: 48).</dd> +</dl> +</section> +</section> +<section class="Sh"> +<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE + ALSO</a></h1> +<p class="Pp"><a class="Xr">idprio(1)</a>, <a class="Xr">rtprio(1)</a>, + <a class="Xr">rtprio(2)</a>, <a class="Xr">mac(4)</a></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> +<p class="Pp">MAC first appeared in <span class="Ux">FreeBSD 5.0</span> and + <code class="Nm">mac_priority</code> first appeared in + <span class="Ux">FreeBSD 13.1</span>.</p> +</section> +</div> +<table class="foot"> + <tr> + <td class="foot-date">December 14, 2021</td> + <td class="foot-os">FreeBSD 15.0</td> + </tr> +</table> |