linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Chris Wright <chrisw@osdl.org>
To: Arjan van de Ven <arjan@infradead.org>
Cc: utz lehmann <lkml@s2y4n2c.de>,
	LKML <linux-kernel@vger.kernel.org>,
	Chris Wright <chrisw@osdl.org>
Subject: Re: [PATCH] scheduling priorities with rlimit
Date: Sun, 9 Jan 2005 12:34:41 -0800	[thread overview]
Message-ID: <20050109123441.O469@build.pdx.osdl.net> (raw)
In-Reply-To: <1105297598.4173.52.camel@laptopd505.fenrus.org>; from arjan@infradead.org on Sun, Jan 09, 2005 at 08:06:37PM +0100

* Arjan van de Ven (arjan@infradead.org) wrote:
> On Sun, 2005-01-09 at 18:15 +0100, utz lehmann wrote:
> > Hi
> > 
> > I really like the idea of controlling the maximum settable scheduling
> > priorities via rlimit. See the Realtime LSM thread. I want to give users
> > the right to raise the priority of previously niced jobs.
> > 
> > I have modified Chris Wright's patch (against 2.6.10):
> > (http://marc.theaimsgroup.com/?l=linux-kernel&m=110513793228776&w=2)
> > 
> > - allow always to increase nice levels (lower priority).
> > - set the default for RLIMIT_PRIO to 0.
> > - add the other architectures.
> > 
> > With this the default is compatible with the old behavior.
> > 
> > With RLIMIT_PRIO > 0 a user is able to raise the priority up to the
> > value. 0-39 for nice levels 19 .. -20, 40-139 for realtime priorities
> > (0 .. 99).
> 
> this is a bit of an awkward interface don't you think?

Yes it is.  But I didn't think of a better one.

> I much rather have the rlimit match the exact nice values we communicate
> to userspace elsewhere, both to be consistent and to not expose
> scheduler internals to userpsace.

The problem is the numbers are inconsistent between user interfaces already.
RT priorities are [0, 99], nice vaules are [-20, 19].  Perhaps it'd be
simpler to break it down to just three values for the rlimit.

0: Same as now, raise nice value only.
1: Can lower nice value.
2: Can set RT policy (this includes any priority [1, 99], or optionally
max out at something lower than 99, reserving full CAP_SYS_NICE to 99).

Each level inherits the permissions of the lower level, and none of them
allow the CAP_SYS_NICE ability to affect processes other than your own.

> Also I like the idea of allowing sysadmins to make certain users/groups
> nice levels 5 and higher (think a university machine that makes all
> students nice 5 and higher only, while giving staff 0 and higher, and
> the sysadmin -5 and higher ;)

This is a separate issue.  It's about setting the default during login
which can be done with setpriority (still could be done via pam).

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

  parent reply	other threads:[~2005-01-09 20:35 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-09 17:15 [PATCH] scheduling priorities with rlimit utz lehmann
2005-01-09 19:06 ` Arjan van de Ven
2005-01-09 19:23   ` utz lehmann
2005-01-09 20:34   ` Chris Wright [this message]
2005-01-10 18:01     ` utz lehmann
2005-01-10 15:15   ` Horst von Brand

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050109123441.O469@build.pdx.osdl.net \
    --to=chrisw@osdl.org \
    --cc=arjan@infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lkml@s2y4n2c.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).