From nobody@FreeBSD.org  Tue Jun  3 20:16:53 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BEA49106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  3 Jun 2008 20:16:53 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id AD6AC8FC19
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  3 Jun 2008 20:16:53 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m53KF1ZW011362
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 3 Jun 2008 20:15:01 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m53KF1fb011361;
	Tue, 3 Jun 2008 20:15:01 GMT
	(envelope-from nobody)
Message-Id: <200806032015.m53KF1fb011361@www.freebsd.org>
Date: Tue, 3 Jun 2008 20:15:01 GMT
From: Miroslav Lachman <000.fbsd@quip.cz>
To: freebsd-gnats-submit@FreeBSD.org
Subject: adds support for nice value for rc.d/jail + rc.conf
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         124248
>Category:       conf
>Synopsis:       [jail] [patch] add support for nice value for rc.d/jail + rc.conf
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-rc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 03 20:20:02 UTC 2008
>Closed-Date:    
>Last-Modified:  Tue May 18 17:20:02 UTC 2010
>Originator:     Miroslav Lachman
>Release:        FreeBSD 7.0-RELEASE i386
>Organization:
codeLab.cz
>Environment:
FreeBSD fbsd7.quip.test 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008     root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
Adds jail_nice="5" and jail_jname_nice="5" variables to rc.conf to alter priority of processes in jail.

Based on http://lists.freebsd.org/pipermail/freebsd-security/2008-February/004682.html

It doesn't change any default behaviour.
>How-To-Repeat:

>Fix:
Apply the patch.

Patch attached with submission follows:

--- etc/defaults/rc.conf	2008-06-03 16:45:22.000000000 +0200
+++ etc/defaults/rc.conf	2008-06-03 20:44:39.000000000 +0200
@@ -605,6 +605,7 @@
 #jail_example_devfs_ruleset="ruleset_name"	# devfs ruleset to apply to jail
 #jail_example_fstab=""				# fstab(5) for mount/umount
 #jail_example_flags="-l -U root"		# flags for jail(8)
+#jail_example_nice="5"				# nice(1) for jail execution
 
 ##############################################################
 ### Define source_rc_confs, the mechanism used by /etc/rc.* ##
--- etc/rc.d/jail	2008-05-29 00:21:09.000000000 +0200
+++ etc/rc.d/jail	2008-06-03 21:03:55.000000000 +0200
@@ -83,6 +83,7 @@
 	[ -z "${_flags}" ] && _flags="-l -U root"
 	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
 	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
+	eval _nice=\"\${jail_${_j}_nice:-${jail_nice}}\"
 
 	# Debugging aid
 	#
@@ -117,6 +118,7 @@
 	debug "$_j exec stop: $_exec_stop"
 	debug "$_j flags: $_flags"
 	debug "$_j consolelog: $_consolelog"
+	debug "$_j nice: $_nice"
 
 	if [ -z "${_hostname}" ]; then
 		err 3 "$name: No hostname has been defined for ${_j}"
@@ -350,7 +352,14 @@
 			fi
 		fi
 		_tmp_jail=${_tmp_dir}/jail.$$
-		eval jail ${_flags} -i ${_rootdir} ${_hostname} \
+
+		if [ -z "${_nice}" ]; then 
+			_nice_cmd=""
+		else
+			_nice_cmd="nice -n ${_nice}"
+		fi
+
+		eval ${_nice_cmd} jail ${_flags} -i ${_rootdir} ${_hostname} \
 			${_ip} ${_exec_start} > ${_tmp_jail} 2>&1
 
 		if [ "$?" -eq 0 ] ; then
--- usr/src/share/man/man5/rc.conf.5	2008-06-03 20:47:19.000000000 +0200
+++ usr/src/share/man/man5/rc.conf.5	2008-06-03 20:35:26.000000000 +0200
@@ -3312,6 +3312,13 @@
 .Va jail_ Ns Ao Ar jname Ac Ns Va _exec_stop
 for every jail in
 .Va jail_list .
+.It Va jail_nice
+.Pq Vt int
+Unset by default.
+When set, use as default value for
+.Va jail_ Ns Ao Ar jname Ac Ns Va _nice
+for every jail in
+.Va jail_list .
 .It Va jail_ Ns Ao Ar jname Ac Ns Va _rootdir
 .Pq Vt str
 Unset by default.
@@ -3412,6 +3419,11 @@
 .Dq Li /bin/sh /etc/rc.shutdown
 by default.
 This is the command executed at jail shutdown.
+.It Va jail_ Ns Ao Ar jname Ac Ns Va _nice
+.Pq Vt int
+Unset by default.
+When set, sets the nice value to alter priority of processes in jail.
+The higher the nice value the lower its scheduling priority.
 .It Va jail_set_hostname_allow
 .Pq Vt bool
 If set to


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-rc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Jun 3 21:38:18 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=124248 

From: Charles Sprickman <spork@bway.net>
To: bug-followup@FreeBSD.org,
 000.fbsd@quip.cz
Cc:  
Subject: Re: conf/124248: [jail] [patch] add support for nice value for rc.d/jail + rc.conf
Date: Tue, 18 May 2010 02:36:28 -0400

 Just a quick note...  With a bit of rearranging, this patch still  
 applies to 8.0-RELEASE.
 
 It seems to function, but inside the jail, syslog is reporting some  
 errors when "niceness" is enabled in the jail:
 
 May 18 06:29:42 hdp1 syslogd: kernel boot file is /boot/kernel/kernel
 May 18 06:30:00 hdp1 cron[55855]: setpriority 'root' (daemon):  
 Permission denied
 May 18 06:30:03 hdp1 sshd[55875]: setpriority 'spork' (default):  
 Permission denied
 May 18 06:30:31 hdp1 su: setpriority 'root' (root): Permission denied
 May 18 06:30:31 hdp1 su: spork to root on /dev/pts/4
 May 18 06:30:39 hdp1 su: setpriority 'hadoop' (default): Permission  
 denied
 May 18 06:30:41 hdp1 sshd[55977]: setpriority 'hadoop' (default):  
 Permission denied
 May 18 06:30:43 hdp1 sshd[56044]: setpriority 'hadoop' (default):  
 Permission denied
 May 18 06:30:47 hdp1 sshd[56164]: setpriority 'hadoop' (default):  
 Permission denied
 May 18 06:33:00 hdp1 cron[56294]: setpriority 'operator' (daemon):  
 Permission denied

From: Miroslav Lachman <000.fbsd@quip.cz>
To: Charles Sprickman <spork@bway.net>
Cc: bug-followup@FreeBSD.org
Subject: Re: conf/124248: [jail] [patch] add support for nice value for rc.d/jail
 + rc.conf
Date: Tue, 18 May 2010 19:12:10 +0200

 Charles Sprickman wrote:
 > Just a quick note...  With a bit of rearranging, this patch still
 > applies to 8.0-RELEASE.
 >
 > It seems to function, but inside the jail, syslog is reporting some
 > errors when "niceness" is enabled in the jail:
 >
 > May 18 06:29:42 hdp1 syslogd: kernel boot file is /boot/kernel/kernel
 > May 18 06:30:00 hdp1 cron[55855]: setpriority 'root' (daemon):
 > Permission denied
 > May 18 06:30:03 hdp1 sshd[55875]: setpriority 'spork' (default):
 > Permission denied
 > May 18 06:30:31 hdp1 su: setpriority 'root' (root): Permission denied
 > May 18 06:30:31 hdp1 su: spork to root on /dev/pts/4
 > May 18 06:30:39 hdp1 su: setpriority 'hadoop' (default): Permission denied
 > May 18 06:30:41 hdp1 sshd[55977]: setpriority 'hadoop' (default):
 > Permission denied
 > May 18 06:30:43 hdp1 sshd[56044]: setpriority 'hadoop' (default):
 > Permission denied
 > May 18 06:30:47 hdp1 sshd[56164]: setpriority 'hadoop' (default):
 > Permission denied
 > May 18 06:33:00 hdp1 cron[56294]: setpriority 'operator' (daemon):
 > Permission denied
 
 Hmm, it's strange. I don't had this problem on 7.0. I am not using it on 
 production servers, but I may check it on test server with 7.2 if it has 
 the same problem.
 
 Miroslav Lachman
>Unformatted:
