From owner-freebsd-jail@freebsd.org Mon Feb 17 18:15:36 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 49C642417EA for ; Mon, 17 Feb 2020 18:15:36 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48Lsbq0Hnyz4JhB for ; Mon, 17 Feb 2020 18:15:34 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io1-xd36.google.com with SMTP id n21so7278403ioo.10 for ; Mon, 17 Feb 2020 10:15:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=mtzUheTwddbUUu9DHH08s3SfX2hcaMqZJW1ESA7EpVA=; b=Qv22X5fD2f2/mWB5rDRhjXBJ+2dqs911Vhl3KcJHfMJVnm5PFw9Qmwbz9lz0/loM7k 2oQbzIty27S5CtFNfneP7sIv9JKujx+z8WCsVQFwu0Uh+zpjS866Z6+60MDDApdx/78X GrKhFxT7wNAH8JHoI8YMmM7Vq/d7amoDyOzwq7whKCGqVaJymQoS9hOlam4k5sgs+Q9C /uSBWfHfB668QGdw3y7I+KKwRubcK+fzp+1Zy7r1dEcVgu2S+odzuynlUcxQq9Nv65jg xQF/WC4L0GYneLXbobdAIXSLmyVDznWRtDVpg6JKYqIb1fDm1yyeJZJ4dBudKJlLizc5 95GQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=mtzUheTwddbUUu9DHH08s3SfX2hcaMqZJW1ESA7EpVA=; b=qFyAeorZw2LUY4WR5ibw58FfDDApGhAB81l1ZRaOyeyIMHBmaqYHkAveJAfGJ8XlMA aa2s+ok2J6gnOfmyB5aC0EyStDxLbNC0WjWJzqHyKTaRJs7B/wC8/WQOfVql7f+EdYB+ FT8GZmGq78uaIuOoRvWRoYWlkn7C5dLSusE0KcuegOmeyhDrYel4/MAK8rzsPwS/G8AQ OmGD5EXMJNC7r0qiAzTnLV1WjbnmIXA173gicwZUg1yG9R4a/euf5JG9YEj6/16ZM42q SNw/aMuhp4rWUFgPOQh/PsFE9tdK5baX1uVOY9ZynycWmi47Tq5NkzXUeifiETgyftTg eIgQ== X-Gm-Message-State: APjAAAX6VVdeXXmVGL5CboAQtssltky+5f1+OYs0OerBvjCn3r1YT/h9 jdxAZmgz5dYnVL6xzAfZgNpk03np X-Google-Smtp-Source: APXvYqykFPnLucqDKsOVRMbi4lg4cEw3APSitdIIo7WKX+c8VFUbL+WOQ1wiswCJohlNtYDUTQ3mKA== X-Received: by 2002:a6b:7d01:: with SMTP id c1mr12817280ioq.172.1581963333619; Mon, 17 Feb 2020 10:15:33 -0800 (PST) Received: from [10.0.10.8] (cpe-65-25-53-210.neo.res.rr.com. [65.25.53.210]) by smtp.googlemail.com with ESMTPSA id w15sm224368iol.86.2020.02.17.10.15.32 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 17 Feb 2020 10:15:32 -0800 (PST) Message-ID: <5E4AD843.3010300@gmail.com> Date: Mon, 17 Feb 2020 13:15:31 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Valeri Galtsev CC: Mike Wayne , freebsd-jail@freebsd.org Subject: Re: jails with quota References: <5E46EC97.5080609@gmail.com> <20200217165135.GF60273@post.wayne47.com> <0EF25B11-D54E-4D3C-8C1E-336547EC22E6@kicp.uchicago.edu> In-Reply-To: <0EF25B11-D54E-4D3C-8C1E-336547EC22E6@kicp.uchicago.edu> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 48Lsbq0Hnyz4JhB X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Qv22X5fD; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luzar722@gmail.com designates 2607:f8b0:4864:20::d36 as permitted sender) smtp.mailfrom=luzar722@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RECEIVED_SPAMHAUS_PBL(0.00)[210.53.25.65.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[6.3.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(0.00)[ip: (-6.42), ipnet: 2607:f8b0::/32(-1.89), asn: 15169(-1.68), country: US(-0.05)]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Feb 2020 18:15:36 -0000 Valeri Galtsev wrote: > >> On Feb 17, 2020, at 10:51 AM, Mike Wayne wrote: >> >> On Fri, Feb 14, 2020 at 01:53:11PM -0500, Ernie Luzar wrote: >>> But after starting the fulljail with the allow.quotas option in >>> jail.config and entering the root console I get this >>> edquota -uh daddy message "NO quotas on any filesystem >>> repquota -ah gives nothing >>> quota -h daddy message Disk quotas for user daddy (uid1001): none >>> >>> I see that quota had bug fixed in 12.0 that is now in 12.1 release that >>> I am running on my host. Did that fix screw up jail quotas? Does the >>> /etc/fstab file in fulljail need a entry? If so what should it look like. >> I spent a lot of time messing with this and came to the conclusion >> that quotas no longer work in jails. I've been doing quotas in jails >> for many years, while it has always been a hack, it used to work >> well. Current releases seem to have completely broken quotas for >> jails. > > I am sure jail restricts commands related to filesystem management and information on purpose. Therefore all commands related to quotas if executed inside jail will fail [or rather not provide any information. Quotas, however, will still be enforced, as filesystem I/O operations are being passed over to be executed on actual filesystem outside on the jail. > > The above sentiment is related to the way I mount filesystem to have quota restrictions inside jail. > > I mount actual filesysten with quotas into > > /some/place > > and enable quotas on the as usually. Then I mount that nullfs inside jails (have line in /etc/fstab resembling the following mount command): > > mount -t nullfs /some/place /place/inside/jail/mountpoint > > > And users inside jail are being restricted to the qutas defined for their userid’s. > > I hope, this helps. > > Valeri > What you are doing is a work around where you make each directory tree jail look like a filesystem. This same thing can also be done using mdconfig command. This solution is not documented as a requirement of jails with quota. If you look at bugzilla you will see many bug reports about quota not working going back to 2017 and release 9.0. quota is antique software developed when ufs was the only filesystem available. It's obvious that quota has not gotten the maintenance it needs to stay current with changing times. The FreeBSd Foundation needs to provide funding to attract someone to put the effort into quota to bring it up to current standards. Then again quota has such a small user group because it only works on ufs filesystem that it should have never been added to the base release kernel no longer requiring a kernel compile to enable it.