From owner-freebsd-jail@freebsd.org Tue Sep 27 15:44:55 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2ADBFBEC1C8 for ; Tue, 27 Sep 2016 15:44:55 +0000 (UTC) (envelope-from admin@x222.amz-ssale.com) Received: from x222.amz-ssale.com (x222.amz-ssale.com [23.248.194.222]) by mx1.freebsd.org (Postfix) with ESMTP id 1B46E7C6 for ; Tue, 27 Sep 2016 15:44:54 +0000 (UTC) (envelope-from admin@x222.amz-ssale.com) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=amz-ssale; d=x222.amz-ssale.com; h=MIME-Version:From:To:Date:Subject:Content-Type:Content-Transfer-Encoding; i=admin@x222.amz-ssale.com; bh=J3x8W3LNVpcw5pXO7+RvJueyh1Y=; b=XwkRzSNIBF6MmRCNxDKD/io/VXKzMj7CRlqDXjlqf7caOuiegjOnxi1YJh0+jFc+NMGo9fA6hgiS 0n8o3oh6o7S43YSHFiBCwX33EcTb94Q1bikuv0eSkiTZ2lQ6NRUO2YipeiytGwha5Fex9DPvW1N+ D9ierZbobAeOVNScovk= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=amz-ssale; d=x222.amz-ssale.com; b=rq7gXpJ1vbdMcNm6g6aQKsYhxCXWeazGGafFHV+M8q/j8Q0ebU2r6fFNXwKjxaJerxgoam27Wtaf VrL3ss1OawtM8UK8XMnQ9pblNWtn+iX2xFiCakNEFURo4p4ZnHUVQImMw1d6HSEsDoxKPAOsCFZ/ YB0vJkJki5iGSakhS94=; From: "MichaelKors Sale" To: freebsd-jail@freebsd.org Date: 27 Sep 2016 08:07:09 -0700 Subject: Urgent:Check out this week's best-selling items170 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Sep 2016 15:44:55 -0000 From owner-freebsd-jail@freebsd.org Wed Sep 28 23:32:30 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6EF29C01417 for ; Wed, 28 Sep 2016 23:32:30 +0000 (UTC) (envelope-from petr.fischer@me.com) Received: from pv33p00im-asmtp002.me.com (pv33p00im-asmtp002.me.com [17.142.194.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5537C1E1E for ; Wed, 28 Sep 2016 23:32:30 +0000 (UTC) (envelope-from petr.fischer@me.com) Received: from process-dkim-sign-daemon.pv33p00im-asmtp002.me.com by pv33p00im-asmtp002.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) id <0OE800K00L9K1U00@pv33p00im-asmtp002.me.com> for freebsd-jail@freebsd.org; Wed, 28 Sep 2016 23:32:29 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=4d515a; t=1475105549; bh=OnFPG8shp3hE8irTXEWkZsAQGL/wWMKV/GNRfNdDWIM=; h=Date:From:To:Subject:Message-id:MIME-version:Content-type; b=qSTRhA8ZsO/YVXQ8tZHq4xDl1TWujoRtvQk5Wh8uIO8ojO4LKY0I3amxmtJ54/3sY eaIlNBf+sDTpdITGffxzoCrwFX1QXV+o5ztv5NCHpLPSxWapsyACltFMB0XsV+9QMw n/ilrLoL8GJb5nEdipVYmKV9YD18gmixFnvyZjTde//KGMQ2ceQkNo11wXa+MRjCQe J/ItY9xDRqZ6Wmw0yx7Fa3+2zeKps4eVA058PG4O0vybKhJrvSZlEOQIUQKsTYaF86 WzrELGiYnXO1kX5J9LZKmvkjRdTHgbjv6w40oBJToRdCI4BOr/2vkkxMk5/5IXYFGK jO+vhNtmH9nFg== Received: from localhost (109.2.broadband2.iol.cz [83.208.2.109]) by pv33p00im-asmtp002.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPSA id <0OE800IS4MQ0G600@pv33p00im-asmtp002.me.com> for freebsd-jail@freebsd.org; Wed, 28 Sep 2016 23:32:26 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-09-28_13:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1034 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1603290000 definitions=main-1609280410 Date: Thu, 29 Sep 2016 01:32:22 +0200 From: Petr Fischer To: freebsd-jail@freebsd.org Subject: Linux compatibility layer - ulimit - pthread_setschedparam failed: Operation not permitted Message-id: <20160928233222.GH57400@pf-bsd.local> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Sep 2016 23:32:30 -0000 Hello, I need to run some smalltalk VM (linux binary), that uses thread with higher priority for something like "heartbeat", and when I run this binary (VM) as regular user, this error occurs: pthread_setschedparam failed: Operation not permitted When I run it with "sudo" (as root user), everything is OK. So I thought, OK, if it needs root access, it's a security risk and I will run it in isolated jail (created by ezjail)! But, there is another problem - in a jail, it does not work even with root permissions (sudo, root user inside jail), this error again: pthread_setschedparam failed: Operation not permitted Can I do something with this situation, I listed all sysctl vars, but nothing interesting, there is for example "security.bsd.unprivileged_idprio", but that is for idle priority, not realtime priority (not found something like *.rtprio). Any ideas please? Thanks! pf From owner-freebsd-jail@freebsd.org Wed Sep 28 23:37:45 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D94EC017D6 for ; Wed, 28 Sep 2016 23:37:45 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C8208852 for ; Wed, 28 Sep 2016 23:37:44 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [10.1.1.2] (unknown [10.1.1.2]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 60D211E74 for ; Wed, 28 Sep 2016 23:37:43 +0000 (UTC) Subject: Re: Linux compatibility layer - ulimit - pthread_setschedparam failed: Operation not permitted To: freebsd-jail@freebsd.org References: <20160928233222.GH57400@pf-bsd.local> From: Allan Jude Message-ID: <4c5f70ef-2d91-214e-e3e0-aa2c6aa0ba3a@freebsd.org> Date: Wed, 28 Sep 2016 19:37:39 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 MIME-Version: 1.0 In-Reply-To: <20160928233222.GH57400@pf-bsd.local> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sRcutw96e2FPm92935k36cmI5t2lvBjMI" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Sep 2016 23:37:45 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --sRcutw96e2FPm92935k36cmI5t2lvBjMI Content-Type: multipart/mixed; boundary="VJD2gqc3MRFk1qbMNPPmTdOnpKjb7QTfp"; protected-headers="v1" From: Allan Jude To: freebsd-jail@freebsd.org Message-ID: <4c5f70ef-2d91-214e-e3e0-aa2c6aa0ba3a@freebsd.org> Subject: Re: Linux compatibility layer - ulimit - pthread_setschedparam failed: Operation not permitted References: <20160928233222.GH57400@pf-bsd.local> In-Reply-To: <20160928233222.GH57400@pf-bsd.local> --VJD2gqc3MRFk1qbMNPPmTdOnpKjb7QTfp Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2016-09-28 19:32, Petr Fischer wrote: > Hello, >=20 > I need to run some smalltalk VM (linux binary), that uses thread with h= igher priority for something like "heartbeat", and when I run this binary= (VM) as regular user, this error occurs: >=20 > pthread_setschedparam failed: Operation not permitted >=20 > When I run it with "sudo" (as root user), everything is OK. >=20 > So I thought, OK, if it needs root access, it's a security risk and I w= ill run it in isolated jail (created by ezjail)! But, there is another pr= oblem - in a jail, it does not work even with root permissions (sudo, roo= t user inside jail), this error again: >=20 > pthread_setschedparam failed: Operation not permitted >=20 > Can I do something with this situation, I listed all sysctl vars, but n= othing interesting, there is for example "security.bsd.unprivileged_idpri= o", but that is for idle priority, not realtime priority (not found somet= hing like *.rtprio). >=20 > Any ideas please? Thanks! pf > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 This is expected. A regular user cannot set a negative priority, or renice a process to a 'lower' nice level (higher priority) than it was started with. Even root in jails cannot do this (basically jails are restricted the same as a regular unprivileged user on the host). This prevents a user, or a malicious jail, from setting a process to high priority and starving the rest of the processes. Your best bet might be to run the other processes with a higher nice level, and leave the heartbeat process at the default priority. This can be done as a regular user. --=20 Allan Jude --VJD2gqc3MRFk1qbMNPPmTdOnpKjb7QTfp-- --sRcutw96e2FPm92935k36cmI5t2lvBjMI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJX7FRHAAoJEBmVNT4SmAt+WqoQAKKn7cnN316N053n9c00chbI +vNEIv1w+U/PlTOQNyjREUoi7NWiUYeuaTZtIV0NJEZmaoy+4ZeOwZuD5R6wqtbp c+PlWgjmIFtPWFn//IJYB2a4ZviFerl0fzCH6G5HLYxAbI2BSlBOyIRQWwIe5ZBU VEtnexCIrmg0/gk7ntfChZkUcdvw5IoEOjbNNKV8bF4EpOGO7WbqG4KLUL77pm+s /3oocBYd5bRafk+N7EFlpUOjSm8fVep0Gxs2aFrCGxMJnkoYccs9TAICEyIsUxlb eQ03bwVaC/Rg/bK3VCNaCw5K/Mf6u7ZR1t3uA0umAGEX6cpAomleLWSuVQleqicc Fr8teZ16F+TFUEKfd3a9agPbD+oF+cnvL1SeccPY9Q/+VGI4MXQ2ngXsHolNog4W mVsVFHTj7HrScSsfPUQZgPB2DeJI03vbJnHOlAs82censx7Zicr5gdce7UN+GwFI IYkCKTU9So5XuU7rhU3f+Yr4h86XfazW2SZyN9de7O6tqaeipwE+m47EnLiWvXv6 y8PHB6ZuAs7/bGkqqxbbxZi+ejBC3+qZwvrUaDHbRQkuBPcs1t0C+pdfaXqA8F8I ahEkCGodXKTgcPy9loPZRgOvVCy/iD5KhJ4Acq5bhqovNGaFPo+42ODiLfv4OkWk NepNl4pW9Lwqm6aEmzUl =tg9+ -----END PGP SIGNATURE----- --sRcutw96e2FPm92935k36cmI5t2lvBjMI-- From owner-freebsd-jail@freebsd.org Fri Sep 30 03:37:48 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3EA0C03651 for ; Fri, 30 Sep 2016 03:37:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E38BE1D4 for ; Fri, 30 Sep 2016 03:37:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8U3blOA040279 for ; Fri, 30 Sep 2016 03:37:47 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 212077] [11.0-RC1][jail][ipfw] adding table causes kernel panic Date: Fri, 30 Sep 2016 03:37:48 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: dep_changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: vimage X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Sep 2016 03:37:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212077 Bug 212077 depends on bug 212105, which changed state. Bug 212105 Summary: ipfw dumps core after adding rule with table https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212105 What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed Resolution|--- |FIXED --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Fri Sep 30 03:40:23 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 715FAC037BD for ; Fri, 30 Sep 2016 03:40:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 60CC5329 for ; Fri, 30 Sep 2016 03:40:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8U3eMsI011346 for ; Fri, 30 Sep 2016 03:40:23 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 212077] [11.0-RC1][jail][ipfw] adding table causes kernel panic Date: Fri, 30 Sep 2016 03:40:23 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: vimage X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Sep 2016 03:40:23 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212077 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org Resolution|--- |FIXED Status|Open |Closed --- Comment #2 from Andrey V. Elsukov --- Fixed in head/ and stable/11. Thanks! --=20 You are receiving this mail because: You are on the CC list for the bug.=