From owner-freebsd-jail@FreeBSD.ORG Thu Apr 23 14:25:07 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6AB441065687 for ; Thu, 23 Apr 2009 14:25:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 23FBB8FC15 for ; Thu, 23 Apr 2009 14:25:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id CB91141C6A3; Thu, 23 Apr 2009 16:25:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id NKAja+F1hBMx; Thu, 23 Apr 2009 16:25:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 6874E41C6A1; Thu, 23 Apr 2009 16:25:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 878DD4448E6; Thu, 23 Apr 2009 14:22:11 +0000 (UTC) Date: Thu, 23 Apr 2009 14:22:11 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: <49EEF5DB.4030408@quip.cz> Message-ID: <20090423141908.T15361@maildrop.int.zabbadoz.net> References: <49EE4B6B.5020005@quip.cz> <20090422094447.A15361@maildrop.int.zabbadoz.net> <49EEF5DB.4030408@quip.cz> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: changing cpuset of jail from inside of jail - is it feature? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2009 14:25:07 -0000 On Wed, 22 Apr 2009, Miroslav Lachman wrote: Hi, > Bjoern A. Zeeb wrote: > >> On Wed, 22 Apr 2009, Miroslav Lachman wrote: >> >> Hi, >> >>> I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 09:56:08 >>> CET 2009) hosting few jails. >>> The machine has dual core CPU and some jails are set to run only on one >>> core (core 0 in this example): >>> >>> host# cpuset -l 0 -j 25 >>> >>> As I tested today, root user inside the jail can change this by the same >>> command as I am doing it from the host system: >>> >>> injail# cpuset -l 0,1 -j 25 >>> >>> And from now, jail with JID 25 is running on both cores. >>> >>> Is it expected behavior of cpuset to allow user inside the jail change >>> cpuset of the jail itself or is it a bug? >>> >>> It seems to me as undesirable. >> >> >> it is (undesirable) and it seems to be a bug as even if you do >> >> host# cpuset -l 0 -r -j 25 >> >> you can get back to 0,1 from within the jail. >> >> I'll check how/why this is possible. >> >> /bz >> >> PS: moving this to freebsd-jail@ Ok, I am not sure what is going wrong here; well I know but I don't know if it's intended in cpuset. Trying to talk to the right people but they seen to be AWOL atm. If you are brave, you could try: http://people.freebsd.org/~bz/20090423-01-cpuset-jails.diff I haven't even compiled it yet. It may work, it may not work, it may make your machine panicing, ... just to warn you. it should still allow you to create further sets within a jail but you should not be able to change the "root set" of the jail from inside the jail anymore (in case it works;) /bz -- Bjoern A. Zeeb The greatest risk is not taking one.