From owner-freebsd-jail@FreeBSD.ORG Thu Aug 30 23:05:31 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CAAF01065670 for ; Thu, 30 Aug 2012 23:05:31 +0000 (UTC) (envelope-from fafaforza@gmail.com) Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by mx1.freebsd.org (Postfix) with ESMTP id 5A4A78FC16 for ; Thu, 30 Aug 2012 23:05:30 +0000 (UTC) Received: by wicr5 with SMTP id r5so727585wic.13 for ; Thu, 30 Aug 2012 16:05:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=YoOFs+wClvM0I9ByQj1eeVquKVrMegzR+ZqSJeDPgPs=; b=afpG65IpZ+vOPlrOcFU1ObNfQOIPZxhoGR+D6m+KqSL2N9pydu+Mc5d92AEecJg5VJ mHCu5+rgDS7DAG9AeRBc7rKx8YJz1vw498mFH/FhgLMxGRFru/TuZVl4yn5oU/LDgq7X rng4eCkgd9pcHO9WqpZ6vqrUbhZC7YivdRPt9D4R2RIGdcbsRc4Ne22Ds7a6cxWWZpua IbMIPkfP4y+JcpL8/QR7vLrLZ/rIcrS0UwUUwKxo7hOHajXz1UspID4IBnhuiL0r9l7R Tdzw9X18HrFxZbac4QaJ7Vo25XxVg4aYta55kLE1MShS54eI92/c+R7BQtDhlHSqBx+L xbMQ== MIME-Version: 1.0 Received: by 10.180.81.165 with SMTP id b5mr215056wiy.17.1346367930059; Thu, 30 Aug 2012 16:05:30 -0700 (PDT) Received: by 10.217.2.204 with HTTP; Thu, 30 Aug 2012 16:05:30 -0700 (PDT) In-Reply-To: <6B11ADF9-5B11-41CD-BDAC-6F8236FC1E4C@jnielsen.net> References: <6B11ADF9-5B11-41CD-BDAC-6F8236FC1E4C@jnielsen.net> Date: Thu, 30 Aug 2012 19:05:30 -0400 Message-ID: From: Darek M To: John Nielsen Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-jail@freebsd.org Subject: Re: Quotas inside jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Aug 2012 23:05:31 -0000 On Thu, Aug 30, 2012 at 5:32 PM, John Nielsen wrote: > On Aug 30, 2012, at 2:52 PM, Darek M wrote: > >> playing around with setting quotas inside a jail. Configured and >> tested them on the host, configured a quota for a jail user, but it >> isn't being enforced. I attempted to set >> security.jail.param.allow.quotas to 1, from command line, from >> /etc/sysctl.conf, and from /boot/loader.conf, but it remains set to >> '0'. >> >> Am I looking at the right sysctl? If not, where should I be looking? >> If yes, why does it appear to be immutable? > > I'm assuming you have basically one UFS filesystem for all your jails. Is= that the case? If so, do you have quotas enabled on the host? See the hand= book if you haven't already: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/quotas.html Yup, verified that quotas on the host work fine. >> I'm doing this on a 9.0-RELEASE system > > Another way to set hard quotas for jails is to give each one its own file= system of fixed size. This is trivially easy with zfs--just create a zfs fo= r each jail and set the quota property. To use UFS you can create image fil= es of whatever size you want, make them md(4) devices, and then newfs(8) an= d mount(8) them. Unlike the method in the handbook, neither of these option= s requires kernel quota support. But these would be a quota for the entire jail. I'm interested in having per-user quotas for users inside a jail. I'm curious whether the "security.jail.param.allow.quotas" sysctl is my missing link, and if so, why it is immutable. --=20 Darek > JN >