[jail] Allowing root privledged users to renice

Sean Bruno Fri, 25 May 2012 09:49:30 -0700

I've been toying with the idea of letting jails renice processes ... how
dangerous and/or stupid is this idea?


==== //depot/yahoo/ybsd_9/src/sys/kern/kern_jail.c#5 -
/home/seanbru/ybsd_9/src/sys/kern/kern_jail.c ====
270a271,275
+ int   jail_allow_renice = 0;
+ SYSCTL_INT(_security_jail, OID_AUTO, allow_renice, CTLFLAG_RW,
+    &jail_allow_renice, 0,
+    "Prison root can renice processes");
 
3857a3863,3865
+      case PRIV_SCHED_SETPRIORITY:
+              if (!jail_allow_renice)
+                       return (EPERM);




_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"

[jail] Allowing root privledged users to renice

Reply via email to