Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 25 May 2012 17:04:34 +0000
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        sbruno@freebsd.org
Cc:        FreeBSD Hackers <freebsd-hackers@freebsd.org>, FreeBSD-Jail <freebsd-jail@freebsd.org>
Subject:   Re: [jail] Allowing root privledged users to renice
Message-ID:  <8EE125C9-9FA7-495B-A6ED-CF3F7C2E8A3E@lists.zabbadoz.net>
In-Reply-To: <1337964514.8951.2.camel@powernoodle-l7.corp.yahoo.com>
References:  <1337964514.8951.2.camel@powernoodle-l7.corp.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On 25. May 2012, at 16:48 , Sean Bruno wrote:

> I've been toying with the idea of letting jails renice processes ... how
> dangerous and/or stupid is this idea?
> 
> ==== //depot/yahoo/ybsd_9/src/sys/kern/kern_jail.c#5 -
> /home/seanbru/ybsd_9/src/sys/kern/kern_jail.c ====
> 270a271,275
> + int   jail_allow_renice = 0;
> + SYSCTL_INT(_security_jail, OID_AUTO, allow_renice, CTLFLAG_RW,
> +    &jail_allow_renice, 0,
> +    "Prison root can renice processes");
> 
> 3857a3863,3865
> +      case PRIV_SCHED_SETPRIORITY:
> +              if (!jail_allow_renice)
> +                       return (EPERM);


I think sysctls are a bad idea given jails have per-jail flags these days.

Maybe also only allow re-nicing to be nicer but not less nice?

/bz

-- 
Bjoern A. Zeeb                                 You have to have visions!
   It does not matter how good you are. It matters what good you do!




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8EE125C9-9FA7-495B-A6ED-CF3F7C2E8A3E>