Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 23 Apr 2009 14:22:11 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        Miroslav Lachman <000.fbsd@quip.cz>
Cc:        freebsd-jail@freebsd.org
Subject:   Re: changing cpuset of jail from inside of jail - is it feature?
Message-ID:  <20090423141908.T15361@maildrop.int.zabbadoz.net>
In-Reply-To: <49EEF5DB.4030408@quip.cz>
References:  <49EE4B6B.5020005@quip.cz> <20090422094447.A15361@maildrop.int.zabbadoz.net> <49EEF5DB.4030408@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 22 Apr 2009, Miroslav Lachman wrote:

Hi,

> Bjoern A. Zeeb wrote:
>
>> On Wed, 22 Apr 2009, Miroslav Lachman wrote:
>> 
>> Hi,
>> 
>>> I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 09:56:08 
>>> CET 2009) hosting few jails.
>>> The machine has dual core CPU and some jails are set to run only on one 
>>> core (core 0 in this example):
>>>
>>>    host# cpuset -l 0 -j 25
>>> 
>>> As I tested today, root user inside the jail can change this by the same 
>>> command as I am doing it from the host system:
>>>
>>>   injail# cpuset -l 0,1 -j 25
>>> 
>>> And from now, jail with JID 25 is running on both cores.
>>> 
>>> Is it expected behavior of cpuset to allow user inside the jail change 
>>> cpuset of the jail itself or is it a bug?
>>> 
>>> It seems to me as undesirable.
>> 
>> 
>> it is (undesirable) and it seems to be a bug as even if you do
>>
>>     host# cpuset -l 0 -r -j 25
>> 
>> you can get back to 0,1 from within the jail.
>> 
>> I'll check how/why this is possible.
>> 
>> /bz
>> 
>> PS: moving this to freebsd-jail@

Ok, I am not sure what is going wrong here; well I know but I don't
know if it's intended in cpuset.  Trying to talk to the right people
but they seen to be AWOL atm.


If you are brave, you could try:

http://people.freebsd.org/~bz/20090423-01-cpuset-jails.diff

I haven't even compiled it yet. It may work, it may not work, it may
make your machine panicing, ... just to warn you.

it should still allow you to create further sets within a jail but you
should not be able to change the "root set" of the jail from inside
the jail anymore (in case it works;)

/bz

-- 
Bjoern A. Zeeb                      The greatest risk is not taking one.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090423141908.T15361>