FreeBSD allows for quite comprehensive resource limitation for one or more jails. Beyond the official documentation, there is a good description in MWL's book. There's also an interesting article from Klara Systems that describes some functionalities.
Sometimes, however, we only need the processes running within a specific jail to have a specific priority - higher or lower than others.
There are many methods to achieve this, but the simplest one, in my opinion, is to leverage the properties of the nice(1) command. The main property, in fact, is to transmit the set priority to child processes, so all processes launched by the command that received a different level of "niceness" will inherit its priority.
For example, to give the minimum priority to the services launched within a jail, just modify the .conf file of the jail (in the case of a standard BastilleBSD installation, the file will be /usr/local/bastille/jails/jailname/jail.conf) and change the command
exec.start = '/bin/sh /etc/rc';
to:
exec.start = '/usr/bin/nice -n 20 /bin/sh /etc/rc';
In this way, when rc starts at the jail's boot, it will have a niceness of 20 and will transmit it to all the processes that rc itself launches (thus all the services of the jail).
Note: This will only apply to child processes of rc, not to:
- Commands manually launched from the jail console
- Services launched by running
service servicename start(or restart) from the jail shell. This is because, in this case, the process will not be a child ofrcbut will derive directly from the console in use.
Using the nice command to set the priority of processes within a FreeBSD jail is a simple and effective method. However, it is important to be aware of the limitations of this approach and ensure that manually executed commands are managed accordingly.