GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
MAC_PRIORITY(4) FreeBSD Kernel Interfaces Manual MAC_PRIORITY(4)

mac_priority
policy for scheduling privileges of non-root users

To compile the mac_priority policy into your kernel, place the following lines in your kernel configuration file:
options MAC
options MAC_PRIORITY

Alternately, to load the mac_priority policy module at boot time, place the following line in your kernel configuration file:

options MAC

and in loader.conf(5):

mac_priority_load="YES"

The mac_priority policy grants scheduling privileges based on group(5) membership. Users or processes in the group ‘realtime’ (gid 47) are allowed to run threads and processes with realtime scheduling priority. Users or processes in the group ‘idletime’ (gid 48) are allowed to run threads and processes with idle scheduling priority.

With the mac_priority realtime policy active, privileged users may use the rtprio(1) utility to start processes with realtime priority. Privileged applications can promote threads and processes to realtime priority through the rtprio(2) system calls.

When the idletime policy is active, privileged users may use the idprio(1) utility to start processes with idle priority. Privileged applications can demote threads and processes to idle priority through the rtprio(2) system calls.

The realtime policy grants the following kernel privileges to any process running with the realtime group id:

The kernel privilege granted by the idletime policy is:

The following sysctl(8) MIBs are available for fine-tuning this MAC policy. All sysctl(8) variables can also be set as loader(8) tunables in loader.conf(5).
security.mac.priority.realtime
Enable the realtime policy. (Default: 1).
security.mac.priority.realtime_gid
The numeric gid of the realtime group. (Default: 47).
security.mac.priority.idletime
Enable the idletime policy. (Default: 1).
security.mac.priority.idletime_gid
The numeric gid of the idletime group. (Default: 48).

idprio(1), rtprio(1), rtprio(2), mac(4)

MAC first appeared in FreeBSD 5.0 and mac_priority first appeared in FreeBSD 14.0.
December 14, 2021 FreeBSD 13.1-RELEASE
Search for    or go to Top of page |  Section 4 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.