Miroslav Lachman
2009-Apr-21 22:40 UTC
changing cpuset of jail from inside of jail - is it feature?
I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11
09:56:08 CET 2009) hosting few jails.
The machine has dual core CPU and some jails are set to run only on one
core (core 0 in this example):
host# cpuset -l 0 -j 25
As I tested today, root user inside the jail can change this by the same
command as I am doing it from the host system:
injail# cpuset -l 0,1 -j 25
And from now, jail with JID 25 is running on both cores.
Is it expected behavior of cpuset to allow user inside the jail change
cpuset of the jail itself or is it a bug?
It seems to me as undesirable.
Miroslav Lachman
Bjoern A. Zeeb
2009-Apr-22 09:50 UTC
changing cpuset of jail from inside of jail - is it feature?
On Wed, 22 Apr 2009, Miroslav Lachman wrote: Hi,> I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 09:56:08 CET > 2009) hosting few jails. > The machine has dual core CPU and some jails are set to run only on one core > (core 0 in this example): > > host# cpuset -l 0 -j 25 > > As I tested today, root user inside the jail can change this by the same > command as I am doing it from the host system: > > injail# cpuset -l 0,1 -j 25 > > And from now, jail with JID 25 is running on both cores. > > Is it expected behavior of cpuset to allow user inside the jail change cpuset > of the jail itself or is it a bug? > > It seems to me as undesirable.it is (undesirable) and it seems to be a bug as even if you do host# cpuset -l 0 -r -j 25 you can get back to 0,1 from within the jail. I'll check how/why this is possible. /bz PS: moving this to freebsd-jail@ -- Bjoern A. Zeeb The greatest risk is not taking one.