diff options
author | bz <bz@FreeBSD.org> | 2008-06-29 17:58:16 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2008-06-29 17:58:16 +0000 |
commit | 103613ceb8c16d04226de8ddb4127011e7ccec2e (patch) | |
tree | e523d59d33e4663a538aca017048099a5e0b96da | |
parent | 7b38a318a44fcf3fe1c18946c7c242ee9c3fd7d4 (diff) | |
download | FreeBSD-src-103613ceb8c16d04226de8ddb4127011e7ccec2e.zip FreeBSD-src-103613ceb8c16d04226de8ddb4127011e7ccec2e.tar.gz |
Add a new priv 'PRIV_SCHED_CPUSET' to check if manipulating cpusets is
allowed and replace the suser() call. Do not allow it in jails.
Reviewed by: rwatson
-rw-r--r-- | sys/kern/kern_cpuset.c | 2 | ||||
-rw-r--r-- | sys/sys/priv.h | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/sys/kern/kern_cpuset.c b/sys/kern/kern_cpuset.c index 1a2495e..8c434fd 100644 --- a/sys/kern/kern_cpuset.c +++ b/sys/kern/kern_cpuset.c @@ -292,7 +292,7 @@ cpuset_modify(struct cpuset *set, cpuset_t *mask) struct cpuset *root; int error; - error = suser(curthread); + error = priv_check(curthread, PRIV_SCHED_CPUSET); if (error) return (error); /* diff --git a/sys/sys/priv.h b/sys/sys/priv.h index 0e4d1cd..70706bc 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -187,6 +187,7 @@ #define PRIV_SCHED_SETPOLICY 203 /* Can set scheduler policy. */ #define PRIV_SCHED_SET 204 /* Can set thread scheduler. */ #define PRIV_SCHED_SETPARAM 205 /* Can set thread scheduler params. */ +#define PRIV_SCHED_CPUSET 206 /* Can manipulate cpusets. */ /* * POSIX semaphore privileges. |