diff options
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | src/firejail/env.c | 55 | ||||
-rw-r--r-- | src/firejail/firejail.h | 7 | ||||
-rw-r--r-- | src/firejail/main.c | 4 | ||||
-rw-r--r-- | src/firejail/profile.c | 6 | ||||
-rw-r--r-- | src/firejail/seccomp.c | 18 | ||||
-rw-r--r-- | src/firejail/usage.c | 3 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 10 | ||||
-rw-r--r-- | src/man/firejail.txt | 26 | ||||
-rw-r--r-- | todo | 22 |
10 files changed, 95 insertions, 58 deletions
@@ -2,8 +2,10 @@ firejail (0.9.41) baseline; urgency=low | |||
2 | * work in progress... | 2 | * work in progress... |
3 | * AppImage support (--appimage) | 3 | * AppImage support (--appimage) |
4 | * Sandbox auditing support (--audit) | 4 | * Sandbox auditing support (--audit) |
5 | * Remove environment variable (--rmenv) | ||
5 | * include /dev/snd in --private-dev | 6 | * include /dev/snd in --private-dev |
6 | * added mkfile profile command | 7 | * added mkfile profile command |
8 | * seccomp filter updated | ||
7 | * compile time and run time support to disable whitelists | 9 | * compile time and run time support to disable whitelists |
8 | * compile time support to disable global configuration file | 10 | * compile time support to disable global configuration file |
9 | * some profiles have been converted to private-bin | 11 | * some profiles have been converted to private-bin |
diff --git a/src/firejail/env.c b/src/firejail/env.c index 54a6b0036..1a6236407 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
@@ -27,12 +27,27 @@ typedef struct env_t { | |||
27 | struct env_t *next; | 27 | struct env_t *next; |
28 | char *name; | 28 | char *name; |
29 | char *value; | 29 | char *value; |
30 | ENV_OP op; | ||
30 | } Env; | 31 | } Env; |
31 | static Env *envlist = NULL; | 32 | static Env *envlist = NULL; |
32 | 33 | ||
33 | static void env_add(Env *env) { | 34 | static void env_add(Env *env) { |
34 | env->next = envlist; | 35 | env->next = NULL; |
35 | envlist = env; | 36 | |
37 | // add the new entry at the end of the list | ||
38 | if (envlist == NULL) { | ||
39 | envlist = env; | ||
40 | return; | ||
41 | } | ||
42 | |||
43 | Env *ptr = envlist; | ||
44 | while (1) { | ||
45 | if (ptr->next == NULL) { | ||
46 | ptr->next = env; | ||
47 | break; | ||
48 | } | ||
49 | ptr = ptr->next; | ||
50 | } | ||
36 | } | 51 | } |
37 | 52 | ||
38 | // load IBUS env variables | 53 | // load IBUS env variables |
@@ -87,7 +102,7 @@ void env_ibus_load(void) { | |||
87 | if (arg_debug) | 102 | if (arg_debug) |
88 | printf("%s\n", buf); | 103 | printf("%s\n", buf); |
89 | EUID_USER(); | 104 | EUID_USER(); |
90 | env_store(buf); | 105 | env_store(buf, SETENV); |
91 | EUID_ROOT(); | 106 | EUID_ROOT(); |
92 | } | 107 | } |
93 | 108 | ||
@@ -126,7 +141,7 @@ void env_defaults(void) { | |||
126 | } | 141 | } |
127 | 142 | ||
128 | // parse and store the environment setting | 143 | // parse and store the environment setting |
129 | void env_store(const char *str) { | 144 | void env_store(const char *str, ENV_OP op) { |
130 | EUID_ASSERT(); | 145 | EUID_ASSERT(); |
131 | assert(str); | 146 | assert(str); |
132 | 147 | ||
@@ -134,11 +149,13 @@ void env_store(const char *str) { | |||
134 | if (*str == '\0') | 149 | if (*str == '\0') |
135 | goto errexit; | 150 | goto errexit; |
136 | char *ptr = strchr(str, '='); | 151 | char *ptr = strchr(str, '='); |
137 | if (!ptr) | 152 | if (op == SETENV) { |
138 | goto errexit; | 153 | if (!ptr) |
139 | ptr++; | 154 | goto errexit; |
140 | if (*ptr == '\0') | 155 | ptr++; |
141 | goto errexit; | 156 | if (*ptr == '\0') |
157 | goto errexit; | ||
158 | } | ||
142 | 159 | ||
143 | // build list entry | 160 | // build list entry |
144 | Env *env = malloc(sizeof(Env)); | 161 | Env *env = malloc(sizeof(Env)); |
@@ -148,10 +165,13 @@ void env_store(const char *str) { | |||
148 | env->name = strdup(str); | 165 | env->name = strdup(str); |
149 | if (env->name == NULL) | 166 | if (env->name == NULL) |
150 | errExit("strdup"); | 167 | errExit("strdup"); |
151 | char *ptr2 = strchr(env->name, '='); | 168 | if (op == SETENV) { |
152 | assert(ptr2); | 169 | char *ptr2 = strchr(env->name, '='); |
153 | *ptr2 = '\0'; | 170 | assert(ptr2); |
154 | env->value = ptr2 + 1; | 171 | *ptr2 = '\0'; |
172 | env->value = ptr2 + 1; | ||
173 | } | ||
174 | env->op = op; | ||
155 | 175 | ||
156 | // add entry to the list | 176 | // add entry to the list |
157 | env_add(env); | 177 | env_add(env); |
@@ -167,8 +187,13 @@ void env_apply(void) { | |||
167 | Env *env = envlist; | 187 | Env *env = envlist; |
168 | 188 | ||
169 | while (env) { | 189 | while (env) { |
170 | if (setenv(env->name, env->value, 1) < 0) | 190 | if (env->op == SETENV) { |
171 | errExit("setenv"); | 191 | if (setenv(env->name, env->value, 1) < 0) |
192 | errExit("setenv"); | ||
193 | } | ||
194 | else if (env->op == RMENV) { | ||
195 | unsetenv(env->name); | ||
196 | } | ||
172 | env = env->next; | 197 | env = env->next; |
173 | } | 198 | } |
174 | } | 199 | } |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 3d0e9a51b..590646f23 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -493,7 +493,12 @@ int check_kernel_procs(void); | |||
493 | void run_no_sandbox(int argc, char **argv); | 493 | void run_no_sandbox(int argc, char **argv); |
494 | 494 | ||
495 | // env.c | 495 | // env.c |
496 | void env_store(const char *str); | 496 | typedef enum { |
497 | SETENV = 0, | ||
498 | RMENV | ||
499 | } ENV_OP; | ||
500 | |||
501 | void env_store(const char *str, ENV_OP op); | ||
497 | void env_apply(void); | 502 | void env_apply(void); |
498 | void env_defaults(void); | 503 | void env_defaults(void); |
499 | void env_ibus_load(void); | 504 | void env_ibus_load(void); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index b1dd7d32c..a0225be15 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1465,7 +1465,9 @@ int main(int argc, char **argv) { | |||
1465 | arg_nonewprivs = 1; | 1465 | arg_nonewprivs = 1; |
1466 | } | 1466 | } |
1467 | else if (strncmp(argv[i], "--env=", 6) == 0) | 1467 | else if (strncmp(argv[i], "--env=", 6) == 0) |
1468 | env_store(argv[i] + 6); | 1468 | env_store(argv[i] + 6, SETENV); |
1469 | else if (strncmp(argv[i], "--rmenv=", 8) == 0) | ||
1470 | env_store(argv[i] + 8, RMENV); | ||
1469 | else if (strcmp(argv[i], "--nosound") == 0) { | 1471 | else if (strcmp(argv[i], "--nosound") == 0) { |
1470 | arg_nosound = 1; | 1472 | arg_nosound = 1; |
1471 | } | 1473 | } |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index bb834bf19..1106ed84e 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -457,7 +457,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
457 | } | 457 | } |
458 | 458 | ||
459 | if (strncmp(ptr, "env ", 4) == 0) { | 459 | if (strncmp(ptr, "env ", 4) == 0) { |
460 | env_store(ptr + 4); | 460 | env_store(ptr + 4, SETENV); |
461 | return 0; | ||
462 | } | ||
463 | if (strncmp(ptr, "rmenv ", 6) == 0) { | ||
464 | env_store(ptr + 6, RMENV); | ||
461 | return 0; | 465 | return 0; |
462 | } | 466 | } |
463 | 467 | ||
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index 7108b5a05..efe24a211 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -334,12 +334,15 @@ void seccomp_filter_32(void) { | |||
334 | BLACKLIST(52), // umount2 | 334 | BLACKLIST(52), // umount2 |
335 | BLACKLIST(26), // ptrace | 335 | BLACKLIST(26), // ptrace |
336 | BLACKLIST(283), // kexec_load | 336 | BLACKLIST(283), // kexec_load |
337 | BLACKLIST(341), // name_to_handle_at | ||
337 | BLACKLIST(342), // open_by_handle_at | 338 | BLACKLIST(342), // open_by_handle_at |
339 | BLACKLIST(127), // create_module | ||
338 | BLACKLIST(128), // init_module | 340 | BLACKLIST(128), // init_module |
339 | BLACKLIST(350), // finit_module | 341 | BLACKLIST(350), // finit_module |
340 | BLACKLIST(129), // delete_module | 342 | BLACKLIST(129), // delete_module |
341 | BLACKLIST(110), // iopl | 343 | BLACKLIST(110), // iopl |
342 | BLACKLIST(101), // ioperm | 344 | BLACKLIST(101), // ioperm |
345 | BLACKLIST(289), // ioprio_set | ||
343 | BLACKLIST(87), // swapon | 346 | BLACKLIST(87), // swapon |
344 | BLACKLIST(115), // swapoff | 347 | BLACKLIST(115), // swapoff |
345 | BLACKLIST(103), // syslog | 348 | BLACKLIST(103), // syslog |
@@ -376,6 +379,7 @@ void seccomp_filter_32(void) { | |||
376 | BLACKLIST(88), // reboot | 379 | BLACKLIST(88), // reboot |
377 | BLACKLIST(169), // nfsservctl | 380 | BLACKLIST(169), // nfsservctl |
378 | BLACKLIST(130), // get_kernel_syms | 381 | BLACKLIST(130), // get_kernel_syms |
382 | |||
379 | RETURN_ALLOW | 383 | RETURN_ALLOW |
380 | }; | 384 | }; |
381 | 385 | ||
@@ -403,11 +407,14 @@ void seccomp_filter_64(void) { | |||
403 | BLACKLIST(101), // ptrace | 407 | BLACKLIST(101), // ptrace |
404 | BLACKLIST(246), // kexec_load | 408 | BLACKLIST(246), // kexec_load |
405 | BLACKLIST(304), // open_by_handle_at | 409 | BLACKLIST(304), // open_by_handle_at |
410 | BLACKLIST(303), // name_to_handle_at | ||
411 | BLACKLIST(174), // create_module | ||
406 | BLACKLIST(175), // init_module | 412 | BLACKLIST(175), // init_module |
407 | BLACKLIST(313), // finit_module | 413 | BLACKLIST(313), // finit_module |
408 | BLACKLIST(176), // delete_module | 414 | BLACKLIST(176), // delete_module |
409 | BLACKLIST(172), // iopl | 415 | BLACKLIST(172), // iopl |
410 | BLACKLIST(173), // ioperm | 416 | BLACKLIST(173), // ioperm |
417 | BLACKLIST(251), // ioprio_set | ||
411 | BLACKLIST(167), // swapon | 418 | BLACKLIST(167), // swapon |
412 | BLACKLIST(168), // swapoff | 419 | BLACKLIST(168), // swapoff |
413 | BLACKLIST(103), // syslog | 420 | BLACKLIST(103), // syslog |
@@ -445,6 +452,7 @@ void seccomp_filter_64(void) { | |||
445 | BLACKLIST(169), // reboot | 452 | BLACKLIST(169), // reboot |
446 | BLACKLIST(180), // nfsservctl | 453 | BLACKLIST(180), // nfsservctl |
447 | BLACKLIST(177), // get_kernel_syms | 454 | BLACKLIST(177), // get_kernel_syms |
455 | |||
448 | RETURN_ALLOW | 456 | RETURN_ALLOW |
449 | }; | 457 | }; |
450 | 458 | ||
@@ -493,12 +501,18 @@ int seccomp_filter_drop(int enforce_seccomp) { | |||
493 | #ifdef SYS_open_by_handle_at | 501 | #ifdef SYS_open_by_handle_at |
494 | filter_add_blacklist(SYS_open_by_handle_at, 0); | 502 | filter_add_blacklist(SYS_open_by_handle_at, 0); |
495 | #endif | 503 | #endif |
504 | #ifdef SYS_name_to_handle_at | ||
505 | filter_add_blacklist(SYS_name_to_handle_at, 0); | ||
506 | #endif | ||
496 | #ifdef SYS_init_module | 507 | #ifdef SYS_init_module |
497 | filter_add_blacklist(SYS_init_module, 0); | 508 | filter_add_blacklist(SYS_init_module, 0); |
498 | #endif | 509 | #endif |
499 | #ifdef SYS_finit_module // introduced in 2013 | 510 | #ifdef SYS_finit_module // introduced in 2013 |
500 | filter_add_blacklist(SYS_finit_module, 0); | 511 | filter_add_blacklist(SYS_finit_module, 0); |
501 | #endif | 512 | #endif |
513 | #ifdef SYS_create_module | ||
514 | filter_add_blacklist(SYS_create_module, 0); | ||
515 | #endif | ||
502 | #ifdef SYS_delete_module | 516 | #ifdef SYS_delete_module |
503 | filter_add_blacklist(SYS_delete_module, 0); | 517 | filter_add_blacklist(SYS_delete_module, 0); |
504 | #endif | 518 | #endif |
@@ -508,6 +522,9 @@ int seccomp_filter_drop(int enforce_seccomp) { | |||
508 | #ifdef SYS_ioperm | 522 | #ifdef SYS_ioperm |
509 | filter_add_blacklist(SYS_ioperm, 0); | 523 | filter_add_blacklist(SYS_ioperm, 0); |
510 | #endif | 524 | #endif |
525 | #ifdef SYS_ioprio_set | ||
526 | filter_add_blacklist(SYS_ioprio_set, 0); | ||
527 | #endif | ||
511 | #ifdef SYS_ni_syscall // new io permissions call on arm devices | 528 | #ifdef SYS_ni_syscall // new io permissions call on arm devices |
512 | filter_add_blacklist(SYS_ni_syscall, 0); | 529 | filter_add_blacklist(SYS_ni_syscall, 0); |
513 | #endif | 530 | #endif |
@@ -648,6 +665,7 @@ int seccomp_filter_drop(int enforce_seccomp) { | |||
648 | #ifdef SYS_get_kernel_syms | 665 | #ifdef SYS_get_kernel_syms |
649 | filter_add_blacklist(SYS_get_kernel_syms, 0); | 666 | filter_add_blacklist(SYS_get_kernel_syms, 0); |
650 | #endif | 667 | #endif |
668 | |||
651 | } | 669 | } |
652 | 670 | ||
653 | // default seccomp filter with additional drop list | 671 | // default seccomp filter with additional drop list |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 1efc247b5..b67300618 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -208,6 +208,7 @@ void usage(void) { | |||
208 | 208 | ||
209 | printf(" --quiet - turn off Firejail's output.\n\n"); | 209 | printf(" --quiet - turn off Firejail's output.\n\n"); |
210 | printf(" --read-only=dirname_or_filename - set directory or file read-only..\n\n"); | 210 | printf(" --read-only=dirname_or_filename - set directory or file read-only..\n\n"); |
211 | printf(" --read-write=dirname_or_filename - set directory or file read-write..\n\n"); | ||
211 | printf(" --rlimit-fsize=number - set the maximum file size that can be created\n"); | 212 | printf(" --rlimit-fsize=number - set the maximum file size that can be created\n"); |
212 | printf("\tby a process.\n\n"); | 213 | printf("\tby a process.\n\n"); |
213 | printf(" --rlimit-nofile=number - set the maximum number of files that can be\n"); | 214 | printf(" --rlimit-nofile=number - set the maximum number of files that can be\n"); |
@@ -216,7 +217,7 @@ void usage(void) { | |||
216 | printf("\tcreated for the real user ID of the calling process.\n\n"); | 217 | printf("\tcreated for the real user ID of the calling process.\n\n"); |
217 | printf(" --rlimit-sigpending=number - set the maximum number of pending signals\n"); | 218 | printf(" --rlimit-sigpending=number - set the maximum number of pending signals\n"); |
218 | printf("\tfor a process.\n\n"); | 219 | printf("\tfor a process.\n\n"); |
219 | printf(" --read-write=dirname_or_filename - set directory or file read-write..\n\n"); | 220 | printf(" --rmenv=name - remove environment variable in the new sandbox.\n\n"); |
220 | #ifdef HAVE_NETWORK | 221 | #ifdef HAVE_NETWORK |
221 | printf(" --scan - ARP-scan all the networks from inside a network namespace.\n"); | 222 | printf(" --scan - ARP-scan all the networks from inside a network namespace.\n"); |
222 | printf("\tThis makes it possible to detect macvlan kernel device drivers\n"); | 223 | printf("\tThis makes it possible to detect macvlan kernel device drivers\n"); |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 9c416b0f3..98fa17908 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -224,15 +224,7 @@ first argument to socket system call. Recognized values: \fBunix\fR, | |||
224 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR. | 224 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR. |
225 | .TP | 225 | .TP |
226 | \fBseccomp | 226 | \fBseccomp |
227 | Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows: | 227 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. |
228 | mount, umount2, ptrace, kexec_load, kexec_file_load, open_by_handle_at, init_module, finit_module, delete_module, | ||
229 | iopl, ioperm, swapon, swapoff, syslog, process_vm_readv, process_vm_writev, | ||
230 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp, | ||
231 | add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup, | ||
232 | io_destroy, io_getevents, io_submit, io_cancel, | ||
233 | remap_file_pages, mbind, get_mempolicy, set_mempolicy, | ||
234 | migrate_pages, move_pages, vmsplice, perf_event_open, chroot, | ||
235 | tuxcall, reboot, mfsservctl and get_kernel_syms. | ||
236 | .TP | 228 | .TP |
237 | \fBseccomp syscall,syscall,syscall | 229 | \fBseccomp syscall,syscall,syscall |
238 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. | 230 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e915ab6cb..8d20cf36b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1172,6 +1172,15 @@ make the whitelist read-only. Example: | |||
1172 | $ firejail --whitelist=~/work --read-only=~ --read-only=~/work | 1172 | $ firejail --whitelist=~/work --read-only=~ --read-only=~/work |
1173 | 1173 | ||
1174 | .TP | 1174 | .TP |
1175 | \fB\-\-read-write=dirname_or_filename | ||
1176 | By default, the sandbox mounts system directories read-only. | ||
1177 | These directories are /etc, /var, /usr, /bin, /sbin, /lib, /lib32, /libx32 and /lib64. | ||
1178 | Use this option to mount read-write files or directories inside the system directories. | ||
1179 | |||
1180 | This option is available only to root user. It has no effect when --chroot or --overlay are also set. In these | ||
1181 | cases the system directories are mounted read-write. | ||
1182 | |||
1183 | .TP | ||
1175 | \fB\-\-rlimit-fsize=number | 1184 | \fB\-\-rlimit-fsize=number |
1176 | Set the maximum file size that can be created by a process. | 1185 | Set the maximum file size that can be created by a process. |
1177 | .TP | 1186 | .TP |
@@ -1185,13 +1194,14 @@ Set the maximum number of processes that can be created for the real user ID of | |||
1185 | Set the maximum number of pending signals for a process. | 1194 | Set the maximum number of pending signals for a process. |
1186 | 1195 | ||
1187 | .TP | 1196 | .TP |
1188 | \fB\-\-read-write=dirname_or_filename | 1197 | \fB\-\-rmenv=name |
1189 | By default, the sandbox mounts system directories read-only. | 1198 | Remove environment variable in the new sandbox. |
1190 | These directories are /etc, /var, /usr, /bin, /sbin, /lib, /lib32, /libx32 and /lib64. | 1199 | .br |
1191 | Use this option to mount read-write files or directories inside the system directories. | ||
1192 | 1200 | ||
1193 | This option is available only to root user. It has no effect when --chroot or --overlay are also set. In these | 1201 | .br |
1194 | cases the system directories are mounted read-write. | 1202 | Example: |
1203 | .br | ||
1204 | $ firejail \-\-rmenv=DBUS_SESSION_BUS_ADDRESS | ||
1195 | 1205 | ||
1196 | .TP | 1206 | .TP |
1197 | \fB\-\-scan | 1207 | \fB\-\-scan |
@@ -1206,8 +1216,8 @@ $ firejail \-\-net=eth0 \-\-scan | |||
1206 | .TP | 1216 | .TP |
1207 | \fB\-\-seccomp | 1217 | \fB\-\-seccomp |
1208 | Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows: | 1218 | Enable seccomp filter and blacklist the syscalls in the default list. The default list is as follows: |
1209 | mount, umount2, ptrace, kexec_load, kexec_file_load, open_by_handle_at, init_module, finit_module, delete_module, | 1219 | mount, umount2, ptrace, kexec_load, kexec_file_load, name_to_handle_at, open_by_handle_at, create_module, init_module, finit_module, delete_module, |
1210 | iopl, ioperm, swapon, swapoff, syslog, process_vm_readv, process_vm_writev, | 1220 | iopl, ioperm, ioprio_set, swapon, swapoff, syslog, process_vm_readv, process_vm_writev, |
1211 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp, | 1221 | sysfs,_sysctl, adjtimex, clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init, kcmp, |
1212 | add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup, | 1222 | add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup, |
1213 | io_destroy, io_getevents, io_submit, io_cancel, | 1223 | io_destroy, io_getevents, io_submit, io_cancel, |
@@ -161,25 +161,3 @@ To disable Vsync | |||
161 | 161 | ||
162 | $ vblank_mode=0 glxgears | 162 | $ vblank_mode=0 glxgears |
163 | 163 | ||
164 | 18. Add nosound in all profiles with private-dev (including server.profile) | ||
165 | test hedgewars! | ||
166 | |||
167 | 19. new syscalls: | ||
168 | create_module | ||
169 | name_to_handle_at | ||
170 | ioprio_set, | ||
171 | |||
172 | ??? | ||
173 | 146 - sched_get_priority_max | ||
174 | 147 - sched_get_priority_min | ||
175 | 204 - sched_getaffinity | ||
176 | 315 - sched_getattr | ||
177 | 143 - sched_getparam | ||
178 | 145 - sched_getscheduler | ||
179 | 148 - sched_rr_get_interval | ||
180 | 203 - sched_setaffinity | ||
181 | 314 - sched_setattr | ||
182 | 142 - sched_setparam | ||
183 | 144 - sched_setscheduler | ||
184 | 24 - sched_yield | ||
185 | |||