Date: Sun, 27 May 2012 17:33:30 -0600 From: Jamie Gritton <jamie@FreeBSD.org> To: sbruno@FreeBSD.org Cc: FreeBSD Hackers <freebsd-hackers@FreeBSD.org>, Sean Bruno <seanbru@yahoo-inc.com> Subject: Re: [jail] Allowing root privledged users to renice Message-ID: <4FC2B9CA.5090301@FreeBSD.org> In-Reply-To: <1337964514.8951.2.camel@powernoodle-l7.corp.yahoo.com> References: <1337964514.8951.2.camel@powernoodle-l7.corp.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/25/12 10:48, Sean Bruno wrote: > I've been toying with the idea of letting jails renice processes ... how > dangerous and/or stupid is this idea? > > ==== //depot/yahoo/ybsd_9/src/sys/kern/kern_jail.c#5 - > /home/seanbru/ybsd_9/src/sys/kern/kern_jail.c ==== > 270a271,275 > + int jail_allow_renice = 0; > + SYSCTL_INT(_security_jail, OID_AUTO, allow_renice, CTLFLAG_RW, > +&jail_allow_renice, 0, > + "Prison root can renice processes"); > > 3857a3863,3865 > + case PRIV_SCHED_SETPRIORITY: > + if (!jail_allow_renice) > + return (EPERM); Considering they can only renice their own stuff, and could always just start a new process anyway, I see very little reason to deny this. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FC2B9CA.5090301>