Re: [jail] Allowing root privledged users to renice
On 25. May 2012, at 16:48 , Sean Bruno wrote: I've been toying with the idea of letting jails renice processes ... how dangerous and/or stupid is this idea? //depot/yahoo/ybsd_9/src/sys/kern/kern_jail.c#5 - /home/seanbru/ybsd_9/src/sys/kern/kern_jail.c 270a271,275 + int jail_allow_renice = 0; + SYSCTL_INT(_security_jail, OID_AUTO, allow_renice, CTLFLAG_RW, +jail_allow_renice, 0, +Prison root can renice processes); 3857a3863,3865 + case PRIV_SCHED_SETPRIORITY: + if (!jail_allow_renice) + return (EPERM); I think sysctls are a bad idea given jails have per-jail flags these days. Maybe also only allow re-nicing to be nicer but not less nice? /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: [jail] Allowing root privledged users to renice
On 5/25/12 10:04 AM, Bjoern A. Zeeb wrote: On 25. May 2012, at 16:48 , Sean Bruno wrote: I've been toying with the idea of letting jails renice processes ... how dangerous and/or stupid is this idea? //depot/yahoo/ybsd_9/src/sys/kern/kern_jail.c#5 - /home/seanbru/ybsd_9/src/sys/kern/kern_jail.c 270a271,275 + int jail_allow_renice = 0; + SYSCTL_INT(_security_jail, OID_AUTO, allow_renice, CTLFLAG_RW, +jail_allow_renice, 0, +Prison root can renice processes); 3857a3863,3865 + case PRIV_SCHED_SETPRIORITY: + if (!jail_allow_renice) + return (EPERM); I think sysctls are a bad idea given jails have per-jail flags these days. Maybe also only allow re-nicing to be nicer but not less nice? for sure ! start a jail with it's max priority and the root within can allow nicer priorities only.. you can always add priority from teh master (parent) environment outside. /bz ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
zjails VNET and ZFS jails
Hi all, Just a quick note that I have uploaded a perl script with VNET and ZFS jails support to sourceforge.net. It is in very early stages (expect a lot of bugs) and intended only for testing purposes, README documentation is sparse too (will change over time). If anyone is interested please check it here: http://sourceforge.net/projects/zjails/ Cheers, Peter ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org