On 03/17/13 05:59, Nicolas de Bari Embriz Garcia Rojas wrote:
Hi, all, I am start using the jail.conf for running my jails, in rc.local I
have this line jail -c this to start my jails at boot time (any better ideas)
Now checking the man pages for the jail I found a option that cough my
attention, 'cpuset.id' any idea of how to use it ?
I would like to found a way to prevent a root user within a jail to run a
'fork-bum' and freeze the host server.
Take a look at cpuset(1). You use that utility (in the host environment)
to change the CPUs available to a jail. Don't worry about the cpuset.id
parameter itself - you don't need it. Just use cpuset's "-j" flag to
specify the jail itself (by jid only). When you're starting jails in rc,
add the appropriate cpuset commands an exec_poststart option. Such as:
jail_backtest_poststart0="cpuset -c -l1,3-7 -j`cat
/var/run/jail_backtest.id`"
- Jamie
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
