From owner-freebsd-security@FreeBSD.ORG  Sun Feb 24 16:45:57 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EBCE716A402;
	Sun, 24 Feb 2008 16:45:57 +0000 (UTC) (envelope-from w@wrzask.pl)
Received: from mx.oak.pl (mx.oak.pl [217.96.108.251])
	by mx1.freebsd.org (Postfix) with ESMTP id 9547213C461;
	Sun, 24 Feb 2008 16:45:57 +0000 (UTC) (envelope-from w@wrzask.pl)
Received: by oak.pl (Postfix, from userid 1002)
	id 48C4D1CD0E; Sun, 24 Feb 2008 17:30:05 +0100 (CET)
Date: Sun, 24 Feb 2008 17:30:05 +0100
From: Jan Srzednicki <w@wrzask.pl>
To: freebsd-stable@freebsd.org, freebsd-security@freebsd.org
Message-ID: <20080224163005.GG15445@oak.pl>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="r5Pyd7+fXNt84Ff3"
Content-Disposition: inline
User-Agent: Mutt/1.5.16 (2007-06-09)
X-Mailman-Approved-At: Sun, 24 Feb 2008 17:00:08 +0000
Cc: 
Subject: A simple rc.d jail patch to enable priority
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Feb 2008 16:45:58 -0000


--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hello,

I have written this tiny little patch to the jail rc.d script, which
allows user to set jail nice value. It doesn't change any default
behaviour.

Can that make it to the trees?
Patch attached.

-- 
  Jan Srzednicki  ::  http://wrzask.pl/
  "Remember, remember, the fifth of November"
                                     -- V for Vendetta


--r5Pyd7+fXNt84Ff3
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="jail.diff"

--- /etc/rc.d/jail	2007-06-06 16:42:01.000000000 +0200
+++ /srv/home/winfried/jail.new	2008-02-24 17:26:42.000000000 +0100
@@ -69,6 +69,7 @@
 	[ -z "${_flags}" ] && _flags="-l -U root"
 	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
 	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
+	eval _nice=\"\${jail_${_j}_nice:-${jail_nice}}\"
 
 	# Debugging aid
 	#
@@ -89,6 +90,7 @@
 	debug "$_j exec stop: $_exec_stop"
 	debug "$_j flags: $_flags"
 	debug "$_j consolelog: $_consolelog"
+	[ -n "${_nice}" ] && debug "$_j nice: $_nice"
 
 	if [ -z "${_hostname}" ]; then
 		err 3 "$name: No hostname has been defined for ${_j}"
@@ -322,7 +324,14 @@
 			fi
 		fi
 		_tmp_jail=${_tmp_dir}/jail.$$
-		eval jail ${_flags} -i ${_rootdir} ${_hostname} \
+
+		if [ -z "${_nice}" ]; then 
+			_nice_cmd=""
+		else
+			_nice_cmd="nice -n${_nice}"
+		fi
+
+		eval ${_nice_cmd} jail ${_flags} -i ${_rootdir} ${_hostname} \
 			${_ip} ${_exec_start} > ${_tmp_jail} 2>&1
 			if [ "$?" -eq 0 ] ; then
 				echo -n " $_hostname"

--r5Pyd7+fXNt84Ff3--