Re: performance of jailed processes

• Previous message: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• In reply to: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Next in thread: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Reply: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 31 Mar 2004 00:21:02 +0200
To: Dag-Erling Sm?rgrav <des@des.no>

On Tue, Mar 30, 2004 at 11:17:39PM +0200, Dag-Erling Sm?rgrav wrote:
+> Robert Watson <rwatson@freebsd.org> writes:
+> > On Tue, 30 Mar 2004, Dag-Erling Sm?rgrav wrote:
+> > > although the query only returns one row, it's a pretty big row, so 13
+> > > seconds could be explained by per-syscall or per-packet overhead.
+> > Theory goes that there should be no per-read/write system call change in
+> > behavior for TCP with jail. Jail impacts bind/connect, and potentially
+> > each I/O on UDP for an unbound socket using sendto.
+>
+> root@outside /# /usr/bin/time -- sh -c 'echo "my sql query;" | mysql -command -line -arguments >/dev/null'
+> 0.06 real 0.00 user 0.03 sys
+> root@outside /# jexec 55 zsh
+> root@inside /# /usr/bin/time -- sh -c 'echo "my sql query;" | mysql -command -line -arguments >/dev/null'
+> 13.65 real 0.01 user 0.04 sys
+>
+> so it's definitely not CPU overhead - more likely a scheduling problem.

Could you try chroot to / ? By doing:

        # jail / test <YOUR_IP> `which zsh`
        # <your test>

?

-- 
Pawel Jakub Dawidek                       http://www.FreeBSD.org
pjd@FreeBSD.org                           http://garage.freebsd.pl
FreeBSD committer                         Am I Evil? Yes, I Am!

• application/pgp-signature attachment: stored

• Previous message: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• In reply to: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Next in thread: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Reply: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: new feature: private IPC for every jail ... Robert Watson wrote: ... 4.x patch for having private IPC in a jail ... ... allow the administrator in the host environment to monitor and control ... (freebsd-current) Re: new feature: private IPC for every jail ... Robert Watson wrote: ... 4.x patch for having private IPC in a jail ... ... allow the administrator in the host environment to monitor and control ... (freebsd-stable) Re: Consistent file system hang with RELENG_6 of today ... ... On Fri, 29 Jul 2005, Robert Watson wrote: ... >> because I'm mounting devfs within the 4.x jail, but even then, it shouldn't ... > The output of 'trace' for the currently running thread, ... > trace that process. ... (freebsd-stable) Re: Phantom Jails ... in prison list, even after they deceased. ... sockets hold a lock on the ucred structure of the calling process 2) This ucred structure in turn keeps a lock on the prison struct representing the jail this process belongs to 3) The prison struct in turn keeps a handle to jails root directory. ... If a process holding a tcp connection is killed, the connection is being inherited by the kernel. ... However the above case happens regularly with my mail server jail that holds hundreds of imap-connections, one disconnected dsl-user can prevent tcp tear down to happen successfully thus forcing me to force umount the mail server. ... (freebsd-hackers) Re: jailed "system" needs IPV4 access ... 00600 allow tcp from any to any established ... 01300 allow udp from any to 1.0.0. ... > the net to your IP and bind the jail IPs as aliases to lo0: ... (comp.unix.bsd.freebsd.misc)