Adds jail_nice="5" and jail_jname_nice="5" variables to rc.conf to alter priority of processes in jail. Based on http://lists.freebsd.org/pipermail/freebsd-security/2008-February/004682.html It doesn't change any default behaviour. Fix: Apply the patch. Patch attached with submission follows:
Responsible Changed From-To: freebsd-bugs->freebsd-rc Over to maintainer(s).
Just a quick note... With a bit of rearranging, this patch still applies to 8.0-RELEASE. It seems to function, but inside the jail, syslog is reporting some errors when "niceness" is enabled in the jail: May 18 06:29:42 hdp1 syslogd: kernel boot file is /boot/kernel/kernel May 18 06:30:00 hdp1 cron[55855]: setpriority 'root' (daemon): Permission denied May 18 06:30:03 hdp1 sshd[55875]: setpriority 'spork' (default): Permission denied May 18 06:30:31 hdp1 su: setpriority 'root' (root): Permission denied May 18 06:30:31 hdp1 su: spork to root on /dev/pts/4 May 18 06:30:39 hdp1 su: setpriority 'hadoop' (default): Permission denied May 18 06:30:41 hdp1 sshd[55977]: setpriority 'hadoop' (default): Permission denied May 18 06:30:43 hdp1 sshd[56044]: setpriority 'hadoop' (default): Permission denied May 18 06:30:47 hdp1 sshd[56164]: setpriority 'hadoop' (default): Permission denied May 18 06:33:00 hdp1 cron[56294]: setpriority 'operator' (daemon): Permission denied
Charles Sprickman wrote: > Just a quick note... With a bit of rearranging, this patch still > applies to 8.0-RELEASE. > > It seems to function, but inside the jail, syslog is reporting some > errors when "niceness" is enabled in the jail: > > May 18 06:29:42 hdp1 syslogd: kernel boot file is /boot/kernel/kernel > May 18 06:30:00 hdp1 cron[55855]: setpriority 'root' (daemon): > Permission denied > May 18 06:30:03 hdp1 sshd[55875]: setpriority 'spork' (default): > Permission denied > May 18 06:30:31 hdp1 su: setpriority 'root' (root): Permission denied > May 18 06:30:31 hdp1 su: spork to root on /dev/pts/4 > May 18 06:30:39 hdp1 su: setpriority 'hadoop' (default): Permission denied > May 18 06:30:41 hdp1 sshd[55977]: setpriority 'hadoop' (default): > Permission denied > May 18 06:30:43 hdp1 sshd[56044]: setpriority 'hadoop' (default): > Permission denied > May 18 06:30:47 hdp1 sshd[56164]: setpriority 'hadoop' (default): > Permission denied > May 18 06:33:00 hdp1 cron[56294]: setpriority 'operator' (daemon): > Permission denied Hmm, it's strange. I don't had this problem on 7.0. I am not using it on production servers, but I may check it on test server with 7.2 if it has the same problem. Miroslav Lachman
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>
Created attachment 258781 [details] etcfiles.diff ^Triage: rebase patch.