In .NET processor affinity and priority class for all threads and child processes can be set using Process.ProcessorAffinity and Process.PriorityClass properties. Using a job object it seems that the same can be set using JOB_OBJECT_LIMIT_AFFINITY and JOB_OBJECT_LIMIT_PRIORITY_CLASS flags.
So, what’s the difference between setting certain limitations like the above on a job object vs a process?
EDIT: Once I set the limits on the job object to something lower, a low-priveleged process can still overwrite them. Does it mean the job object limits are not reinforced? How can I restrict the low-priveleged account/process from overwriting them?
What is set:
JOBOBJECT_BASIC_LIMIT_INFORMATION jobBasicInfo = {0};
jobBasicInfo.LimitFlags = JOB_OBJECT_LIMIT_AFFINITY;
jobBasicInfo.Affinity = (ULONG_PTR) (1); // affinitize to processor 1
jobBasicInfo.LimitFlags = JOB_OBJECT_LIMIT_SCHEDULING_CLASS;
jobBasicInfo.SchedulingClass = 4; // below normal priority class
SetInformationJobObject( hJob,
JobObjectBasicLimitInformation,
&jobBasicInfo,
sizeof(jobBasicInfo));
How it is overriden by a low-priveleged process:
Process process = Process.GetCurrentProcess();
process.PriorityClass = ProcessPriorityClass.High;
// all processors mask
process.ProcessorAffinity = new IntPtr((int)Math.Pow(2, Environment.ProcessorCount) - 1);
There is one big difference and some special cases. The big difference is that limits on the job object are just that: limits, while setting e.g. process priority always has an immediate effect. It’s not the same to limit the process priority to high (job object) and to set it to high (
PriorityClass). The special cases arise when a process trying to give itself greater leeway than the job object allows; in which case the related API calls return success but actually do nothing, which is not the normal behavior.