Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 27 May 2012 17:33:30 -0600
From:      Jamie Gritton <jamie@FreeBSD.org>
To:        sbruno@FreeBSD.org
Cc:        FreeBSD Hackers <freebsd-hackers@FreeBSD.org>, Sean Bruno <seanbru@yahoo-inc.com>
Subject:   Re: [jail] Allowing root privledged users to renice
Message-ID:  <4FC2B9CA.5090301@FreeBSD.org>
In-Reply-To: <1337964514.8951.2.camel@powernoodle-l7.corp.yahoo.com>
References:  <1337964514.8951.2.camel@powernoodle-l7.corp.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 05/25/12 10:48, Sean Bruno wrote:
> I've been toying with the idea of letting jails renice processes ... how
> dangerous and/or stupid is this idea?
>
> ==== //depot/yahoo/ybsd_9/src/sys/kern/kern_jail.c#5 -
> /home/seanbru/ybsd_9/src/sys/kern/kern_jail.c ====
> 270a271,275
> + int   jail_allow_renice = 0;
> + SYSCTL_INT(_security_jail, OID_AUTO, allow_renice, CTLFLAG_RW,
> +&jail_allow_renice, 0,
> +    "Prison root can renice processes");
>
> 3857a3863,3865
> +      case PRIV_SCHED_SETPRIORITY:
> +              if (!jail_allow_renice)
> +                       return (EPERM);

Considering they can only renice their own stuff, and could always just
start a new process anyway, I see very little reason to deny this.

- Jamie



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FC2B9CA.5090301>