On Mon, Mar 09, 2020 at 09:55:41PM +1100, Paul Ripke wrote: > Noticed this mucking with some pthread code that does pthread_setaffinity_np. > Is this expected? I would've thought it still possible at securelevel 1? > > thing1:ksh$ sysctl security.models.extensions.user_set_cpu_affinity > security.models.extensions.user_set_cpu_affinity = 0 > thing1:ksh$ sudo sysctl -w security.models.extensions.user_set_cpu_affinity=1 > sysctl: security.models.extensions.user_set_cpu_affinity: Operation not > permitted > thing1:ksh$ sysctl kern.securelevel > kern.securelevel = 1 > thing1:ksh$ uname -a > NetBSD thing1 9.0_STABLE NetBSD 9.0_STABLE (GENERIC) #8: Sun Mar 8 23:07:35 > AEDT 2020 > stix@slave:/home/netbsd/netbsd-9/obj.evbarm-earmv7hf/home/netbsd/netbsd-9/src/sys/arch/evbarm/compile/GENERIC > evbarm
I can read, honest! secmodel_extensions(9) says: It can be disabled at any time, but cannot be enabled anymore when the securelevel of the system is above 0. Explained. -- Paul Ripke "Great minds discuss ideas, average minds discuss events, small minds discuss people." -- Disputed: Often attributed to Eleanor Roosevelt. 1948.
