restoring nice value after incrementing it? - Linux

This is a discussion on restoring nice value after incrementing it? - Linux ; I have a transaction processing system that uses a pool of processes to handle incoming requests. Depending on the nature of the request, I may want to reduce my priority. But when I'm done, I'd like to be able to ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: restoring nice value after incrementing it?

  1. restoring nice value after incrementing it?

    I have a transaction processing system that uses a pool of processes
    to handle incoming requests. Depending on the nature of the request,
    I may want to reduce my priority. But when I'm done, I'd like to be
    able to restore it. Problem is, nice won't let me do that without
    being root. Hell, I could even see cases where it would be nice to
    dynamically adjust the priority of a process up and down while it's
    running different phases of a single transaction. For now, I just
    exit and respawn after renicing, but that carries some overhead and
    complexity, and it doesn't handle dynamic renicing during selected
    processing phases.

    I can see where you wouldn't want user processes decrementing their
    nice values, but once a process has incremented its nice value, what's
    the harm in allowing it to decrement it back to its original level?

    Is this something that's viewed as undesirable? Or would it be too
    tricky to implement in the Linux kernel? Or is it just a case of
    following the POSIX rules, however bad they may occasionally be.

    Thanks,
    Rob

  2. Re: restoring nice value after incrementing it?

    On Jun 27, 12:46*pm, "Rob Y." wrote:

    > I can see where you wouldn't want user processes decrementing their
    > nice values, but once a process has incremented its nice value, what's
    > the harm in allowing it to decrement it back to its original level?


    Obviously, if the process incremented its nice value and that same
    logic wants to go back to the original level, there's no harm in
    allowing it. The problem is if one piece of logic increments the nice
    level and then some other piece of logic that is not trusted to run at
    the original nice level tries to decrement the nice level.

    It's very safe to let untrusted code throw away privileges. It's not
    so safe to let untrusted code ask for privileges 'back', since trusted
    code may have taken them away before invoking untrusted code.

    > Is this something that's viewed as undesirable? *Or would it be too
    > tricky to implement in the Linux kernel? *Or is it just a case of
    > following the POSIX rules, however bad they may occasionally be.


    The correct solution to your problem is to do three things:

    1) Develop a policy that determines when a non-root process is allowed
    to change its nice level and how much it is allowed to change it.

    2) Write a daemon that runs as root the will accept requests to change
    the nice level of other processes, consult the policy from step 1, and
    change the nice level of those processes.

    3) Code your own processes to send requests to that daemon.

    That is, if 'root' chooses to allow processes to change their nice
    level in those ways, Linux provides all the tools to do it. The base
    assumption is that untrusted processes are not allowed to increase
    their priority, ever.

    DS

  3. Re: restoring nice value after incrementing it?

    > The base
    > assumption is that untrusted processes are not allowed to increase
    > their priority, ever.
    >


    I was hoping that the system knows (or could be made to know) what
    nice value the process started with. Decreasing could be made okay as
    long as you don't go below that original value. Presumably, only a
    process with the same owner as the running process could do this.

    As far as writing a special root process to do the renice for me, I
    guess that's easy enough to do (kind of like 'sudo'). As it is, I
    have the ability to ask to be respawned, and that essentially works
    well enough (not even sure it costs much more than signaling another
    process to renice me). I just thought the semantics of nice are a bit
    too rigid, and other than POSIX compliance, I don't see why Linux
    can't loosen them up a bit. Of course POSIX compliance is nothing to
    sneeze at...

    Rob

  4. Re: restoring nice value after incrementing it?

    Real message restored

    Rob Y. wrote:
    > > The base
    > > assumption is that untrusted processes are not allowed to increase
    > > their priority, ever.
    > >

    >
    > I was hoping that the system knows (or could be made to know) what
    > nice value the process started with. Decreasing could be made okay as
    > long as you don't go below that original value. Presumably, only a
    > process with the same owner as the running process could do this.
    >
    > As far as writing a special root process to do the renice for me, I
    > guess that's easy enough to do (kind of like 'sudo'). As it is, I
    > have the ability to ask to be respawned, and that essentially works
    > well enough (not even sure it costs much more than signaling another
    > process to renice me). I just thought the semantics of nice are a bit
    > too rigid, and other than POSIX compliance, I don't see why Linux
    > can't loosen them up a bit. Of course POSIX compliance is nothing to
    > sneeze at...
    >
    > Rob


+ Reply to Thread