466df976ba
Recent changes have made it such that attaching to a jail will augment the attaching process' cpu mask with the jail's cpuset. While this is convenient for allowing the administrator to cpuset arbitrary programs that will attach to a jail, this is decidedly not convenient for executing long-running daemons during jail creation. This change inserts a reset of the process cpuset to the root cpuset between the fork and attach to execute a command. This allows commands executed to have the widest mask possible, and the administrator can cpuset(1) it back down inside the jail as needed. With this applied, one should be able to change a jail's cpuset at exec.poststart in addition to exec.created. The former was made difficult if jail(8) itself was running with a constrained set, as then some processes may have been spawned inside the jail with a non-root set. The latter is the preferred option so that processes starting in the jail are constrained appropriately up front. Note that all system commands are still run with the process' initial cpuset applied. PR: 253724 MFC after: 3 days Reviewed by: jamie Differential Revision: https://reviews.freebsd.org/D29008 |
||
|---|---|---|
| .. | ||
| tests | ||
| command.c | ||
| config.c | ||
| jail.8 | ||
| jail.c | ||
| jail.conf.5 | ||
| jaillex.l | ||
| jailp.h | ||
| jailparse.y | ||
| Makefile | ||
| Makefile.depend | ||
| state.c | ||