Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
MAC_PRIORITY(4)		    Kernel Interfaces Manual	       MAC_PRIORITY(4)

NAME
       mac_priority -- policy for scheduling privileges	of non-root users

SYNOPSIS
       To  compile the mac_priority policy into	your kernel, place the follow-
       ing lines in your kernel	configuration file:

	     options MAC
	     options MAC_PRIORITY

       Alternately, to load the	mac_priority policy module at boot time, place
       the following line in your kernel configuration file:

	     options MAC

       and in loader.conf(5):

	     mac_priority_load="YES"

DESCRIPTION
       The mac_priority	policy grants scheduling privileges based on  group(5)
       membership.   Users  or	processes in the group `realtime' (gid 47) are
       allowed to run threads and processes with realtime scheduling priority.
       Users or	processes in the group `idletime' (gid 48) are allowed to  run
       threads and processes with idle scheduling priority.

       With  the mac_priority realtime policy active, privileged users may use
       the rtprio(1) utility to	start processes	with realtime priority.	 Priv-
       ileged applications can promote threads and processes to	realtime  pri-
       ority through the rtprio(2) system calls.

       When  the  idletime  policy  is	active,	 privileged  users may use the
       idprio(1) utility to start processes with  idle	priority.   Privileged
       applications  can demote	threads	and processes to idle priority through
       the rtprio(2) system calls.

   Privileges Granted
       The realtime policy grants  the	following  kernel  privileges  to  any
       process running with the	realtime group id:
	     PRIV_SCHED_RTPRIO
	     PRIV_SCHED_SETPOLICY

       The kernel privilege granted by the idletime policy is:
	     PRIV_SCHED_IDPRIO

   Runtime Configuration
       The  following  sysctl(8)  MIBs	are available for fine-tuning this MAC
       policy.	All sysctl(8) variables	can also be set	as loader(8)  tunables
       in loader.conf(5).

       security.mac.priority.realtime
	       Enable the realtime policy.  (Default: 1).

       security.mac.priority.realtime_gid
	       The numeric gid of the realtime group.  (Default: 47).

       security.mac.priority.idletime
	       Enable the idletime policy.  (Default: 1).

       security.mac.priority.idletime_gid
	       The numeric gid of the idletime group.  (Default: 48).

SEE ALSO
       idprio(1), rtprio(1), rtprio(2),	mac(4)

HISTORY
       MAC  first  appeared  in	FreeBSD	5.0 and	mac_priority first appeared in
       FreeBSD 13.1.

FreeBSD	14.3		       December	14, 2021	       MAC_PRIORITY(4)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=mac_priority&manpath=FreeBSD+14.3-RELEASE+and+Ports>

home | help