[jail] Allowing root privledged users to renice
Sean Bruno
seanbru at yahoo-inc.com
Fri May 25 16:48:53 UTC 2012
I've been toying with the idea of letting jails renice processes ... how
dangerous and/or stupid is this idea?
==== //depot/yahoo/ybsd_9/src/sys/kern/kern_jail.c#5 -
/home/seanbru/ybsd_9/src/sys/kern/kern_jail.c ====
270a271,275
+ int jail_allow_renice = 0;
+ SYSCTL_INT(_security_jail, OID_AUTO, allow_renice, CTLFLAG_RW,
+ &jail_allow_renice, 0,
+ "Prison root can renice processes");
3857a3863,3865
+ case PRIV_SCHED_SETPRIORITY:
+ if (!jail_allow_renice)
+ return (EPERM);
More information about the freebsd-hackers
mailing list