On 25. May 2012, at 16:48 , Sean Bruno wrote: > I've been toying with the idea of letting jails renice processes ... how > dangerous and/or stupid is this idea? > > ==== //depot/yahoo/ybsd_9/src/sys/kern/kern_jail.c#5 - > /home/seanbru/ybsd_9/src/sys/kern/kern_jail.c ==== > 270a271,275 > + int jail_allow_renice = 0; > + SYSCTL_INT(_security_jail, OID_AUTO, allow_renice, CTLFLAG_RW, > + &jail_allow_renice, 0, > + "Prison root can renice processes"); > > 3857a3863,3865 > + case PRIV_SCHED_SETPRIORITY: > + if (!jail_allow_renice) > + return (EPERM);
I think sysctls are a bad idea given jails have per-jail flags these days. Maybe also only allow re-nicing to be nicer but not less nice? /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
