From owner-freebsd-hackers@FreeBSD.ORG  Fri May 25 16:48:53 2012
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 948AD106564A
	for <freebsd-hackers@freebsd.org>; Fri, 25 May 2012 16:48:53 +0000 (UTC)
	(envelope-from seanbru@yahoo-inc.com)
Received: from mrout1-b.corp.bf1.yahoo.com (mrout1-b.corp.bf1.yahoo.com
	[98.139.253.104])
	by mx1.freebsd.org (Postfix) with ESMTP id 518A88FC0C
	for <freebsd-hackers@freebsd.org>; Fri, 25 May 2012 16:48:53 +0000 (UTC)
Received: from [IPv6:::1] (rideseveral.corp.yahoo.com [10.73.160.231])
	by mrout1-b.corp.bf1.yahoo.com (8.14.4/8.14.4/y.out) with ESMTP id
	q4PGmZcK035262
	for <freebsd-hackers@freebsd.org>; Fri, 25 May 2012 09:48:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yahoo-inc.com;
	s=cobra; t=1337964515;
	bh=8J8FSD3+4d6lfwwl4IpAh9T3vCCTvXhCo5xJwU3+yOI=;
	h=Subject:From:Reply-To:To:Content-Type:Date:Message-ID:
	Mime-Version:Content-Transfer-Encoding;
	b=iU4yPI1JR9MIXp72z0mVdrrF4UpzUs6vTE+zfzAWQfROq/ZiFD5veegYGP8vLD26T
	8aLuL1ZP6PAveIXW5wkLoIyuw/LXJsZp46KKNxKap488TkKxtRZS/CAU8rKJ8Y07Ko
	y7n7Ibhz9MLJqVrzPn1sEqg8Y4HZRM9RP5NIsM48=
From: Sean Bruno <seanbru@yahoo-inc.com>
To: FreeBSD Hackers <freebsd-hackers@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
Date: Fri, 25 May 2012 09:48:34 -0700
Message-ID: <1337964514.8951.2.camel@powernoodle-l7.corp.yahoo.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
X-Milter-Version: master.31+4-gbc07cd5+
X-CLX-ID: 964515003
Subject: [jail] Allowing root privledged users to renice
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: sbruno@freebsd.org
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2012 16:48:53 -0000

I've been toying with the idea of letting jails renice processes ... how
dangerous and/or stupid is this idea?

==== //depot/yahoo/ybsd_9/src/sys/kern/kern_jail.c#5 -
/home/seanbru/ybsd_9/src/sys/kern/kern_jail.c ====
270a271,275
+ int   jail_allow_renice = 0;
+ SYSCTL_INT(_security_jail, OID_AUTO, allow_renice, CTLFLAG_RW,
+    &jail_allow_renice, 0,
+    "Prison root can renice processes");
 
3857a3863,3865
+      case PRIV_SCHED_SETPRIORITY:
+              if (!jail_allow_renice)
+                       return (EPERM);