Date: Thu, 21 Mar 2013 07:22:58 -0600 From: Jamie Gritton <jamie@FreeBSD.org> To: Nicolas de Bari Embriz Garcia Rojas <nbari@inbox.im> Cc: FreeBSD-Jail <freebsd-jail@FreeBSD.org> Subject: Re: jail.conf & cpuset.id Message-ID: <514B09B2.70607@FreeBSD.org> In-Reply-To: <076B486D-A526-4945-BA38-DD7167365749@inbox.im> References: <076B486D-A526-4945-BA38-DD7167365749@inbox.im>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/17/13 05:59, Nicolas de Bari Embriz Garcia Rojas wrote: > Hi, all, I am start using the jail.conf for running my jails, in rc.local I have this line jail -c this to start my jails at boot time (any better ideas) > > Now checking the man pages for the jail I found a option that cough my attention, 'cpuset.id' any idea of how to use it ? > > I would like to found a way to prevent a root user within a jail to run a 'fork-bum' and freeze the host server. Take a look at cpuset(1). You use that utility (in the host environment) to change the CPUs available to a jail. Don't worry about the cpuset.id parameter itself - you don't need it. Just use cpuset's "-j" flag to specify the jail itself (by jid only). When you're starting jails in rc, add the appropriate cpuset commands an exec_poststart option. Such as: jail_backtest_poststart0="cpuset -c -l1,3-7 -j`cat /var/run/jail_backtest.id`" - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?514B09B2.70607>