From owner-freebsd-jail@FreeBSD.ORG Wed Apr 22 10:48:01 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 21CF8106566B for ; Wed, 22 Apr 2009 10:48:00 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 98D648FC1A for ; Wed, 22 Apr 2009 10:48:00 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 7FC1A19E023 for ; Wed, 22 Apr 2009 12:47:58 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 06E3319E019 for ; Wed, 22 Apr 2009 12:47:56 +0200 (CEST) Message-ID: <49EEF5DB.4030408@quip.cz> Date: Wed, 22 Apr 2009 12:47:55 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <49EE4B6B.5020005@quip.cz> <20090422094447.A15361@maildrop.int.zabbadoz.net> In-Reply-To: <20090422094447.A15361@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: changing cpuset of jail from inside of jail - is it feature? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Apr 2009 10:48:02 -0000 Bjoern A. Zeeb wrote: > On Wed, 22 Apr 2009, Miroslav Lachman wrote: > > Hi, > >> I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 >> 09:56:08 CET 2009) hosting few jails. >> The machine has dual core CPU and some jails are set to run only on >> one core (core 0 in this example): >> >> host# cpuset -l 0 -j 25 >> >> As I tested today, root user inside the jail can change this by the >> same command as I am doing it from the host system: >> >> injail# cpuset -l 0,1 -j 25 >> >> And from now, jail with JID 25 is running on both cores. >> >> Is it expected behavior of cpuset to allow user inside the jail change >> cpuset of the jail itself or is it a bug? >> >> It seems to me as undesirable. > > > it is (undesirable) and it seems to be a bug as even if you do > > host# cpuset -l 0 -r -j 25 > > you can get back to 0,1 from within the jail. > > I'll check how/why this is possible. > > /bz > > PS: moving this to freebsd-jail@ I found this behavior as result of your reply to my e-mail from March http://lists.freebsd.org/pipermail/freebsd-jail/2009-March/000751.html You are suggesting jail__exec_afterstart to use it for cpuset of starting jails, but as I look in to /etc/rc.d/jail, it seems this command is executed inside of the jail: while [ true ]; do eval out=\"\${_exec_afterstart${i}:-''}\" if [ -z "$out" ]; then break; fi jexec "${_jail_id}" ${out} i=$((i + 1)) done So I was confused if cpuset behavior i expected or not and if not, I don't know how to use current rc.d/jail + rc.conf to start jails on choosen cores or in particular set of cpus/cores. That was the reason to my suggestion - write patch for rc.d/jail to support something like: jail__cpuset_list="0,3,5" # start jail on cores 0, 3 and 5 It should be something like: _cpuset="cpuset -l ${_cpuset_list}" eval ${_cpuset} ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \ \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 (I didn't test the example above, so I don't know if it is valid) or something like: if [ -n "$_cpuset_list" ]; then cpuset -l ${_cpuset_list} -j ${_jail_id} fi (^ this seems more simpler) I don't know what is better, or if there is another way to set cpuset of jails from rc.conf But the first problem is as I previously posted - cpuset of jail should not be changed from within jail... Miroslav Lachman