mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-27 11:20:58 +01:00
a9545eede4
Add an idletime user group that allows non-root users to run processes with idle scheduling priority. Privileges are granted by a MAC policy in the mac_priority module. For this purpose, the kernel privilege PRIV_SCHED_IDPRIO was added to sys/priv.h (kernel module ABI change). Deprecate the system wide sysctl(8) knob security.bsd.unprivileged_idprio which lets any user run idle priority processes, regardless of context. While the knob is still working, it is marked as deprecated in the description and in the man pages. MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D33338
40 lines
472 B
Plaintext
40 lines
472 B
Plaintext
# $FreeBSD$
|
|
#
|
|
wheel:*:0:root
|
|
daemon:*:1:
|
|
kmem:*:2:
|
|
sys:*:3:
|
|
tty:*:4:
|
|
operator:*:5:root
|
|
mail:*:6:
|
|
bin:*:7:
|
|
news:*:8:
|
|
man:*:9:
|
|
games:*:13:
|
|
ftp:*:14:
|
|
staff:*:20:
|
|
sshd:*:22:
|
|
smmsp:*:25:
|
|
mailnull:*:26:
|
|
guest:*:31:
|
|
video:*:44:
|
|
realtime:*:47:
|
|
idletime:*:48:
|
|
bind:*:53:
|
|
unbound:*:59:
|
|
proxy:*:62:
|
|
authpf:*:63:
|
|
_pflogd:*:64:
|
|
_dhcp:*:65:
|
|
uucp:*:66:
|
|
dialer:*:68:
|
|
network:*:69:
|
|
audit:*:77:
|
|
www:*:80:
|
|
ntpd:*:123:
|
|
_ypldap:*:160:
|
|
hast:*:845:
|
|
tests:*:977:
|
|
nogroup:*:65533:
|
|
nobody:*:65534:
|