Bug 219055

Summary: nice jail anomoly - values not passed into jailed processes when using jexec -U username
Product: Base System Reporter: dewayne
Component: binAssignee: freebsd-jail (Nobody) <jail>
Status: New ---    
Severity: Affects Some People CC: fk
Priority: ---    
Version: 11.0-STABLE   
Hardware: Any   
OS: Any   

Description dewayne 2017-05-04 04:23:30 UTC 
While trying to find a "nice" way to adjust the process priority within a jail, I noticed that setting the username of the executing software within a jail - didn't adopt the required niceness.  Please note the NI value below.  The first example is what I would expect with the other options.

# nice -n -11  jexec b2 ps -l
UID  PID  PPID CPU PRI  NI   VSZ  RSS MWCHAN STAT TT     TIME COMMAND
  0 7264 47997   0  61 -11 21140 2560 -      R<+J  2  0:00.00 ps -l
# nice -n -11  jexec -U root b2 ps -l
UID   PID  PPID CPU PRI NI   VSZ  RSS MWCHAN STAT TT     TIME COMMAND
  0 11134 47997   0  72  0 21140 2556 -      R+J   2  0:00.00 ps -l
# nice -n -11  jexec -u root b2 ps -l
UID   PID  PPID CPU PRI NI   VSZ  RSS MWCHAN STAT TT     TIME COMMAND
  0 13759 47997   0  72  0 16660 4532 -      R+J   2  0:00.00 ps -l

The intent is to run a process within a jail by a specific username at a specified priority.

A workaround could be to define a class within login.conf.  But... this forces all processes with that username to run at that priority, which is undesirable. 

Interestingly I do run longstanding processes at idle and they do acquire the "nice" value (please note the PRI value) below:

# idprio 0 jexec -U root b6 ps -l
UID   PID  PPID CPU PRI NI   VSZ  RSS MWCHAN STAT TT     TIME COMMAND
  0 49946 48878   0 124  0 21140 2548 -      R+J   2  0:00.00 ps -l
# idprio 24 jexec -U root b6 ps -l
UID   PID  PPID CPU PRI NI   VSZ  RSS MWCHAN STAT TT     TIME COMMAND
  0 51714 48878   0 148  0 21140 2548 -      R+J   2  0:00.00 ps -l

It looks like the nice value via /bin/sh (nor bin/tcsh) isn't passed via jexec to the jailed process.
Comment 1 Fabian Keil 2017-05-04 13:28:32 UTC 
If one of its options is set, jexec(8) uses the login class information
which overrides the initial priority of jexec(8) itself.

While the man page could make this more obvious (I had to look at
the code), this is the "expected" behaviour and not a bug in the tool.

I frequently use commands like:
sudo jexec -U root poudriere env PS1='\u@\h \w \$' nice -n 20 /usr/local/bin/bash

They work as expected and don't rely on any "workarounds"
or undocumented jexec(8) behaviour.
Comment 2 dewayne 2017-05-05 06:54:53 UTC 
(In reply to Fabian Keil from comment #1)
Thanks Fabian, you're quite right.  And the example that you provided did have the same successful outcome for me.  Unfortunately I'm trying to elevate the priority of a database over all other activies.  So setting any priority less than 0 doesn't work, whether I use 

JAIL=b2 in my base or for you, (hint to cut/paste) ;)
JAIL=poudriere 
nice -n -1 jexec -U root $JAIL ps -l
or 
jexec -U root $JAIL nice -n -1 ps -l

The NI and PRI values remain 0 and 72 respectively, that is default (no nice) value.  I kinda get it that within the jail context the priority can't be elevated, but with executing the process from within the context of the base system should work.

This successful result also suggests that elevating via nice should work.
# rtprio 0 jexec -U root b2 ps -l
UID   PID  PPID CPU PRI NI   VSZ  RSS MWCHAN STAT TT     TIME COMMAND
  0 97468 90697   0 -52  0 21140 2276 -      R+J   7  0:00.00 ps -l