changing cpuset of jail from inside of jail - is it feature?
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Mon Apr 27 21:00:11 UTC 2009
On Fri, 24 Apr 2009, Miroslav Lachman wrote:
> Bjoern A. Zeeb wrote:
>
> [...]
>
>> Ok, I am not sure what is going wrong here; well I know but I don't
>> know if it's intended in cpuset. Trying to talk to the right people
>> but they seen to be AWOL atm.
>>
>>
>> If you are brave, you could try:
>>
>> http://people.freebsd.org/~bz/20090423-01-cpuset-jails.diff
>>
>> I haven't even compiled it yet. It may work, it may not work, it may
>> make your machine panicing, ... just to warn you.
>>
>> it should still allow you to create further sets within a jail but you
>> should not be able to change the "root set" of the jail from inside
>> the jail anymore (in case it works;)
>
> I did just a quick test. (OK, not so quick, because compilation inside Qemu
> on my old PC takes 2 hours ;])
> It compiles without problems and did what I expect:
>
...
> I have no real multicore machine to test it more deeply. (can't test it on
> production servers and spare machine is blocked by another task)
>
> Will this fix be included in 7.2-RELEASE or is it too late to commit this
> fix?
FreeBSD 7/7.2 just got a BUGS entry for the man pages. The patch will
not make it; it's still waiting review for HEAD and possibly
discussion if a super user inside a jail would still be allowed to
further restrict the cpuset (but not extend it).
/bz
--
Bjoern A. Zeeb The greatest risk is not taking one.
More information about the freebsd-jail
mailing list