changing cpuset of jail from inside of jail - is it feature?

Bjoern A. Zeeb bzeeb-lists at
Wed Apr 22 09:50:08 UTC 2009

On Wed, 22 Apr 2009, Miroslav Lachman wrote:


> I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 09:56:08 CET 
> 2009) hosting few jails.
> The machine has dual core CPU and some jails are set to run only on one core 
> (core 0 in this example):
>    host# cpuset -l 0 -j 25
> As I tested today, root user inside the jail can change this by the same 
> command as I am doing it from the host system:
>   injail# cpuset -l 0,1 -j 25
> And from now, jail with JID 25 is running on both cores.
> Is it expected behavior of cpuset to allow user inside the jail change cpuset 
> of the jail itself or is it a bug?
> It seems to me as undesirable.

it is (undesirable) and it seems to be a bug as even if you do

     host# cpuset -l 0 -r -j 25

you can get back to 0,1 from within the jail.

I'll check how/why this is possible.


PS: moving this to freebsd-jail@

Bjoern A. Zeeb                      The greatest risk is not taking one.

More information about the freebsd-stable mailing list