tags:

views:

128

answers:

1
Q: 

Linux group scheduling for user not being applied to setuid-ed process

On the 2.6.28-11 Linux kernel, I am using setpriority to bias the amount of cpu time different user processes receive. User 1 is to receive double the CPU power of user 2. Using Linux's setpriority, I have assigned user 2 a lower priority (higher in terms of nice values). When I run the exact same program via the shell with the computer under load, user 2's execution takes twice as long as user 1's. However, if I run the program as root, and then use setuid, seteuid, setgid, setegid, and setgroups to become user 2 (once again the computer is under load with the exact same program being run by user 1 in the same manner), the programs take the exact same amount of time to execute; User 2's process was not being scheduled any less than user 1's. How can I get around this? Do I need to set anything else for the scheduler to realize that the process is now part of a different user?

The program being run is in Python.

+1  A: 

Right, this is the designed behavior, even if it's not what you want. You can update your own priority to match what you should have inherited, if you were started normally:

/* C */
#include <sys/resource.h>
int proc_prio = getpriority(PRIO_PROCESS, getpid()),
    pgrp_prio = getpriority(PRIO_PGRP, getpgrp()),
    user_prio = getpriority(PRIO_USER, getuid());
setpriority(PRIO_PROCESS, getpid(),
    proc_prio < pgrp_prio ? pgrp_prio < user_prio ? user_prio
                                                  : pgrp_prio
                          : proc_prio < user_prio ? user_prio
                                                  : proc_prio);

# Python
import ctypes
import os
PRIO_PROCESS, PRIO_PGRP, PRIO_USER = 0, 1, 2
libc = ctypes.CDLL('libc.so.6')
libc.setpriority(PRIO_PROCESS, os.getpid(),
    max(libc.getpriority(PRIO_PROCESS, os.getpid()),
        libc.getpriority(PRIO_PGRP, os.getpgrp()),
        libc.getpriority(PRIO_USER, os.getuid())))

Or of course you could fix another process's priority, with appropriate privileges.

ephemient  2009-12-17 21:48:16
Thanks for the clarification. Do you have any good reading material that covers how Linux handles and prioritizes priorities? Given your solution above, which does work, it seems that it is not possible to ensure that all of user 1's processes only use up x% of the cpu if they have any processes that come from a fork-ed root process that was setuid-ed. Is this true?
BrainCore  2009-12-18 00:40:21
don't have any good reading material, but the only thing checked by `setuid` is "am I root* and does the target UID have less than `RLIMIT_NPROC` processes?". Other resource limits and priority are not checked or touched. *(actually the check is "unless forbidden by LSM, do I have `CAP_SETUID` and if I'm actually changing real UID does the target have less than `RLIMIT_NPROC` processes, or is the specified UID equal to current real UID or saved UID?")
ephemient  2009-12-18 00:59:34
To an extent, you can watch the netlink connector for `PROC_EVENT_UID` events to apply these fixes, but it I think what you really want are UID-based cpusets and cgroup-based scheduling.
ephemient  2009-12-18 01:08:08
I had already implemented my desired system using the process events connector via netlink as you suggested. When I discovered that there was reliable user group scheduling in the CFS (Completely Fair Scheduler), I figured it was worth further examination. I'll be sure to check out cgroup-based scheduling. Thanks again.
BrainCore  2009-12-18 12:07:16

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?