Date: Wed, 22 Apr 2009 12:47:55 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: freebsd-jail@freebsd.org Subject: Re: changing cpuset of jail from inside of jail - is it feature? Message-ID: <49EEF5DB.4030408@quip.cz> In-Reply-To: <20090422094447.A15361@maildrop.int.zabbadoz.net> References: <49EE4B6B.5020005@quip.cz> <20090422094447.A15361@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Bjoern A. Zeeb wrote: > On Wed, 22 Apr 2009, Miroslav Lachman wrote: > > Hi, > >> I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 >> 09:56:08 CET 2009) hosting few jails. >> The machine has dual core CPU and some jails are set to run only on >> one core (core 0 in this example): >> >> host# cpuset -l 0 -j 25 >> >> As I tested today, root user inside the jail can change this by the >> same command as I am doing it from the host system: >> >> injail# cpuset -l 0,1 -j 25 >> >> And from now, jail with JID 25 is running on both cores. >> >> Is it expected behavior of cpuset to allow user inside the jail change >> cpuset of the jail itself or is it a bug? >> >> It seems to me as undesirable. > > > it is (undesirable) and it seems to be a bug as even if you do > > host# cpuset -l 0 -r -j 25 > > you can get back to 0,1 from within the jail. > > I'll check how/why this is possible. > > /bz > > PS: moving this to freebsd-jail@ I found this behavior as result of your reply to my e-mail from March http://lists.freebsd.org/pipermail/freebsd-jail/2009-March/000751.html You are suggesting jail_<jname>_exec_afterstart to use it for cpuset of starting jails, but as I look in to /etc/rc.d/jail, it seems this command is executed inside of the jail: while [ true ]; do eval out=\"\${_exec_afterstart${i}:-''}\" if [ -z "$out" ]; then break; fi jexec "${_jail_id}" ${out} i=$((i + 1)) done So I was confused if cpuset behavior i expected or not and if not, I don't know how to use current rc.d/jail + rc.conf to start jails on choosen cores or in particular set of cpus/cores. That was the reason to my suggestion - write patch for rc.d/jail to support something like: jail_<jname>_cpuset_list="0,3,5" # start jail on cores 0, 3 and 5 It should be something like: _cpuset="cpuset -l ${_cpuset_list}" eval ${_cpuset} ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \ \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 (I didn't test the example above, so I don't know if it is valid) or something like: if [ -n "$_cpuset_list" ]; then cpuset -l ${_cpuset_list} -j ${_jail_id} fi (^ this seems more simpler) I don't know what is better, or if there is another way to set cpuset of jails from rc.conf But the first problem is as I previously posted - cpuset of jail should not be changed from within jail... Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49EEF5DB.4030408>