changing cpuset of jail from inside of jail - is it feature?
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Wed Apr 22 09:50:08 UTC 2009
On Wed, 22 Apr 2009, Miroslav Lachman wrote:
> I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 09:56:08 CET
> 2009) hosting few jails.
> The machine has dual core CPU and some jails are set to run only on one core
> (core 0 in this example):
> host# cpuset -l 0 -j 25
> As I tested today, root user inside the jail can change this by the same
> command as I am doing it from the host system:
> injail# cpuset -l 0,1 -j 25
> And from now, jail with JID 25 is running on both cores.
> Is it expected behavior of cpuset to allow user inside the jail change cpuset
> of the jail itself or is it a bug?
> It seems to me as undesirable.
it is (undesirable) and it seems to be a bug as even if you do
host# cpuset -l 0 -r -j 25
you can get back to 0,1 from within the jail.
I'll check how/why this is possible.
PS: moving this to freebsd-jail@
Bjoern A. Zeeb The greatest risk is not taking one.
More information about the freebsd-stable