MAC_PRIORITY(4)        FreeBSD Kernel Interfaces Manual        MAC_PRIORITY(4)

NAME
     mac_priority - policy for scheduling privileges of non-root users

SYNOPSIS
     To compile the mac_priority policy into your kernel, place the following
     lines in your kernel configuration file:

           options MAC
           options MAC_PRIORITY

     Alternately, to load the mac_priority policy module at boot time, place
     the following line in your kernel configuration file:

           options MAC

     and in loader.conf(5):

           mac_priority_load="YES"

DESCRIPTION
     The mac_priority policy grants scheduling privileges based on group(5)
     membership.  Users or processes in the group `realtime' (gid 47) are
     allowed to run threads and processes with realtime scheduling priority.
     Users or processes in the group `idletime' (gid 48) are allowed to run
     threads and processes with idle scheduling priority.

     With the mac_priority realtime policy active, privileged users may use
     the rtprio(1) utility to start processes with realtime priority.
     Privileged applications can promote threads and processes to realtime
     priority through the rtprio(2) system calls.

     When the idletime policy is active, privileged users may use the
     idprio(1) utility to start processes with idle priority.  Privileged
     applications can demote threads and processes to idle priority through
     the rtprio(2) system calls.

   Privileges Granted
     The realtime policy grants the following kernel privileges to any process
     running with the realtime group id:
           PRIV_SCHED_RTPRIO
           PRIV_SCHED_SETPOLICY

     The kernel privilege granted by the idletime policy is:
           PRIV_SCHED_IDPRIO

   Runtime Configuration
     The following sysctl(8) MIBs are available for fine-tuning this MAC
     policy.  All sysctl(8) variables can also be set as loader(8) tunables in
     loader.conf(5).

     security.mac.priority.realtime
             Enable the realtime policy.  (Default: 1).

     security.mac.priority.realtime_gid
             The numeric gid of the realtime group.  (Default: 47).

     security.mac.priority.idletime
             Enable the idletime policy.  (Default: 1).

     security.mac.priority.idletime_gid
             The numeric gid of the idletime group.  (Default: 48).

SEE ALSO
     idprio(1), rtprio(1), rtprio(2), mac(4)

HISTORY
     MAC first appeared in FreeBSD 5.0 and mac_priority first appeared in
     FreeBSD 14.0.

FreeBSD 13.1-RELEASE-p6        December 14, 2021       FreeBSD 13.1-RELEASE-p6