changing cpuset of jail from inside of jail - is it feature?

Wed Apr 22 10:48:02 UTC 2009

Bjoern A. Zeeb wrote:

> On Wed, 22 Apr 2009, Miroslav Lachman wrote:
> 
> Hi,
> 
>> I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 
>> 09:56:08 CET 2009) hosting few jails.
>> The machine has dual core CPU and some jails are set to run only on 
>> one core (core 0 in this example):
>>
>>    host# cpuset -l 0 -j 25
>>
>> As I tested today, root user inside the jail can change this by the 
>> same command as I am doing it from the host system:
>>
>>   injail# cpuset -l 0,1 -j 25
>>
>> And from now, jail with JID 25 is running on both cores.
>>
>> Is it expected behavior of cpuset to allow user inside the jail change 
>> cpuset of the jail itself or is it a bug?
>>
>> It seems to me as undesirable.
> 
> 
> it is (undesirable) and it seems to be a bug as even if you do
> 
>     host# cpuset -l 0 -r -j 25
> 
> you can get back to 0,1 from within the jail.
> 
> I'll check how/why this is possible.
> 
> /bz
> 
> PS: moving this to freebsd-jail@

I found this behavior as result of your reply to my e-mail from March
http://lists.freebsd.org/pipermail/freebsd-jail/2009-March/000751.html

You are suggesting jail_<jname>_exec_afterstart to use it for cpuset of 
starting jails, but as I look in to /etc/rc.d/jail, it seems this 
command is executed inside of the jail:

while [ true ]; do
	eval out=\"\${_exec_afterstart${i}:-''}\"

	if [ -z "$out" ]; then
		break;
	fi

	jexec "${_jail_id}" ${out}
	i=$((i + 1))
done

So I was confused if cpuset behavior i expected or not and if not, I 
don't know how to use current rc.d/jail + rc.conf to start jails on 
choosen cores or in particular set of cpus/cores.
That was the reason to my suggestion - write patch for rc.d/jail to 
support something like:

jail_<jname>_cpuset_list="0,3,5"	# start jail on cores 0, 3 and 5

It should be something like:

_cpuset="cpuset -l ${_cpuset_list}"

eval ${_cpuset} ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
		\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1

(I didn't test the example above, so I don't know if it is valid)

or something like:

if [ -n "$_cpuset_list" ]; then
	cpuset -l ${_cpuset_list} -j ${_jail_id}
fi

(^ this seems more simpler)

I don't know what is better, or if there is another way to set cpuset of 
jails from rc.conf

But the first problem is as I previously posted - cpuset of jail should 
not be changed from within jail...

Miroslav Lachman