Re: jail.conf & cpuset.id

Sat, 31 Aug 2013 12:25:31 -0700 

Jamie Gritton wrote:

On 03/17/13 05:59, Nicolas de Bari Embriz Garcia Rojas wrote:

Hi, all, I am start using the jail.conf for running my jails, in
rc.local I have this line jail -c this to start my jails at boot time
(any better ideas)

Now checking the man pages for the jail I found a option that cough my
attention, 'cpuset.id' any idea of how to use it ?

I would like to found a way to prevent a root user within a jail to
run a 'fork-bum' and freeze the host server.


Take a look at cpuset(1). You use that utility (in the host environment)
to change the CPUs available to a jail. Don't worry about the cpuset.id
parameter itself - you don't need it. Just use cpuset's "-j" flag to
specify the jail itself (by jid only). When you're starting jails in rc,
add the appropriate cpuset commands an exec_poststart option. Such as:

jail_backtest_poststart0="cpuset -c -l1,3-7 -j`cat
/var/run/jail_backtest.id`"


Hi Jamie,
I tried your suggestion with exec_poststart for setting the cpuset.
It doesn't work. I don't know if it worked for you with any older version of FreeBSD. I tried it on FreeBSD 9.1-RELESE. 

I have this in rc.conf

jail_fox_exec_poststart0="cpuset -c -l 5-6 -j `cat /var/run/jail_fox.id`"

With rc_debug="YES", I get this error

# service jail start fox
cat: /var/run/jail_fox.id: No such file or directory
cat: /var/run/jail_fox.id: No such file or directory

[snip]

/etc/rc.d/jail: DEBUG: fox exec post-start #1: cpuset -c -l 5-6 -j

[snip]

 fox.example.comcpuset: option requires an argument -- j
usage: cpuset [-l cpu-list] [-s setid] cmd ...
       cpuset [-l cpu-list] [-s setid] -p pid
       cpuset [-c] [-l cpu-list] -C -p pid
cpuset [-cr] [-l cpu-list] [-j jailid | -p pid | -t tid | -s setid | -x irq] 
       cpuset [-cgir] [-j jailid | -p pid | -t tid | -s setid | -x irq]
I think the problem is, that the command is evaluated befor the jail is started. 

Or am I doing something wrong?

I also tried following with no luck:

jail_fox_exec_poststart0="cpuset -c -l 5-6 -j `jls -j fox jid`"


Miroslav Lachman
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"

Reply via email to