Re: sysctl: security.models.extensions.user_set_cpu_affinity: Operation not permitted on netbsd-9 evbarm

To: NetBSD current-users <current-users%NetBSD.org@localhost>
Subject: Re: sysctl: security.models.extensions.user_set_cpu_affinity: Operation not permitted on netbsd-9 evbarm
From: Paul Ripke <stix%stix.id.au@localhost>
Date: Wed, 11 Mar 2020 15:58:31 +1100

On Mon, Mar 09, 2020 at 09:55:41PM +1100, Paul Ripke wrote:
> Noticed this mucking with some pthread code that does pthread_setaffinity_np.
> Is this expected? I would've thought it still possible at securelevel 1?
> 
> thing1:ksh$ sysctl security.models.extensions.user_set_cpu_affinity
> security.models.extensions.user_set_cpu_affinity = 0
> thing1:ksh$ sudo sysctl -w security.models.extensions.user_set_cpu_affinity=1
> sysctl: security.models.extensions.user_set_cpu_affinity: Operation not permitted
> thing1:ksh$ sysctl kern.securelevel
> kern.securelevel = 1
> thing1:ksh$ uname -a
> NetBSD thing1 9.0_STABLE NetBSD 9.0_STABLE (GENERIC) #8: Sun Mar  8 23:07:35 AEDT 2020  stix@slave:/home/netbsd/netbsd-9/obj.evbarm-earmv7hf/home/netbsd/netbsd-9/src/sys/arch/evbarm/compile/GENERIC evbarm

I can read, honest!
secmodel_extensions(9) says:

It can be disabled at any time, but cannot be enabled anymore when the
securelevel of the system is above 0.

Explained.
-- 
Paul Ripke
"Great minds discuss ideas, average minds discuss events, small minds
 discuss people."
-- Disputed: Often attributed to Eleanor Roosevelt. 1948.

References:
- sysctl: security.models.extensions.user_set_cpu_affinity: Operation not permitted on netbsd-9 evbarm
  - From: Paul Ripke

Prev by Date: daily CVS update output
Next by Date: Automated report: NetBSD-current/i386 test failure
Previous by Thread: sysctl: security.models.extensions.user_set_cpu_affinity: Operation not permitted on netbsd-9 evbarm
Next by Thread: XEN 4.11 and 9.99.48 DOMU performance
Indexes:

Home | Main Index | Thread Index | Old Index