From owner-freebsd-jail@FreeBSD.ORG Mon Apr 20 11:06:54 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B77641065670 for ; Mon, 20 Apr 2009 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A4B5D8FC26 for ; Mon, 20 Apr 2009 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n3KB6s71033062 for ; Mon, 20 Apr 2009 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n3KB6sk2033058 for freebsd-jail@FreeBSD.org; Mon, 20 Apr 2009 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 20 Apr 2009 11:06:54 GMT Message-Id: <200904201106.n3KB6sk2033058@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Apr 2009 11:06:55 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/132092 jail [jail] jail can listen on *:port when jail_socket_unix o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 5 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Apr 20 15:18:14 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D8C25106564A for ; Mon, 20 Apr 2009 15:18:14 +0000 (UTC) (envelope-from k.menshikov@peterhost.ru) Received: from mail.z8.ru (mail.z8.ru [80.93.58.56]) by mx1.freebsd.org (Postfix) with ESMTP id 01E9B8FC16 for ; Mon, 20 Apr 2009 15:18:12 +0000 (UTC) (envelope-from k.menshikov@peterhost.ru) Received: from [85.235.196.139] (helo=kostjn.pht) by mail.z8.ru with esmtpa (Exim 4.67 (FreeBSD)) (envelope-from ) id 1LvvG5-0002qV-H3 for freebsd-jail@freebsd.org; Mon, 20 Apr 2009 19:18:10 +0400 Message-ID: <49EC926D.6020404@peterhost.ru> Date: Mon, 20 Apr 2009 19:19:09 +0400 From: =?UTF-8?B?0JzQtdC90YzRiNC40LrQvtCyINCa0L7QvdGB0YLQsNC90YLQuNC9?= User-Agent: Thunderbird 2.0.0.18 (X11/20090328) MIME-Version: 1.0 To: freebsd-jail@freebsd.org Content-Type: multipart/mixed; boundary="------------010407030304050405020607" Subject: CPU limit for Jails(patch for ULE scheduler) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Apr 2009 15:18:15 -0000 This is a multi-part message in MIME format. --------------010407030304050405020607 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello all! Many users want have limits on resourse for jail, for examle cpu and memory limit. I`m rewrire original cdjones patch for cpu limit for jail under ULE scheduler. So, this work simple. We count cpu usage for all jails, and if jail use cpu more than have shared cpu, we move his threads to IDLE queue and return to TIMESHARE in reverse case. Jailed thread can use all avaliable cpu time, if system has avaliable cpu. If system under heavy load, jailed thread can`t use cpu long as ratio (shared cpu for jail/ all shared cpu) < (estimate usage cpu for jail / all usage cpu) . Unjailed thread and interactive thread are not subject to this regime. Add 2 sysctl kern.sched.total_sched_shares - total count shares cpu in system, increase if we have more cpu kern.sched.flush_estcpu_interval - flush estcpu interval in ticks, default is 2560 = 2 * 128 * 10, NCPU*stathz*sec, increase if we have more cpu For use cpu limit, you need use flag -S NSharedCPU in /usr/sbin/jail program. My example jail -S100 /usr/jails/root/ root.kostjn.pht 192.168.0.245 /bin/csh I`m tested this under 10 simultaneous process in jail and in main system. test program is infinity cycle an 8 core xeon, use RELENG_7. First run process in jail, and after in main system. This one process tracking cpu usage Jail root 1052 0.0 0.0 3692 784 p1 RJ 7:38PM 0:00.39 /test.o root 1052 21.2 0.0 3692 784 p1 RJ 7:38PM 0:02.40 /test.o root 1052 35.6 0.0 3692 784 p1 RJ 7:38PM 0:04.40 /test.o root 1052 47.5 0.0 3692 784 p1 RJ 7:38PM 0:06.41 /test.o root 1052 39.9 0.0 3692 784 p1 RJ 7:38PM 0:06.62 /test.o root 1052 33.2 0.0 3692 784 p1 RJ 7:38PM 0:06.62 /test.o root 1052 27.6 0.0 3692 784 p1 RJ 7:38PM 0:06.62 /test.o root 1052 22.9 0.0 3692 784 p1 RJ 7:38PM 0:06.62 /test.o root 1052 19.0 0.0 3692 784 p1 RJ 7:38PM 0:06.62 /test.o root 1052 15.8 0.0 3692 784 p1 RJ 7:38PM 0:06.62 /test.o root 1052 13.0 0.0 3692 784 p1 RJ 7:38PM 0:06.62 /test.o root 1052 10.8 0.0 3692 784 p1 RJ 7:38PM 0:06.62 /test.o root 1052 8.9 0.0 3692 784 p1 RJ 7:38PM 0:06.62 /tes Main system root 1088 14.9 0.0 3692 780 p0 R 7:38PM 0:01.57 /root/test.o root 1088 30.8 0.0 3692 780 p0 R 7:38PM 0:03.60 /root/test.o root 1088 43.8 0.0 3692 780 p0 R 7:38PM 0:05.60 /root/test.o root 1088 51.0 0.0 3692 780 p0 R 7:38PM 0:07.25 /root/test.o root 1088 50.8 0.0 3692 780 p0 R 7:38PM 0:08.28 /root/test.o root 1088 49.1 0.0 3692 780 p0 R 7:38PM 0:09.21 /root/test.o root 1088 48.1 0.0 3692 780 p0 R 7:38PM 0:10.24 /root/test.o root 1088 46.2 0.0 3692 780 p0 R 7:38PM 0:11.17 /root/test.o root 1088 42.9 0.0 3692 780 p0 R 7:38PM 0:11.95 /root/test.o So we see, that after run in main system, jailed process can`t usage cpu. Please communicate me about all problem in this patch. This is initial version, without tune jail parameter in runtime. So, this work. But i`m not sure, that is best way. Attempt increase priority for jailed thread not work, because non interactive thread (that utilize many cpu) already have small prioriry(numerical high). Attempt decrease number ticks in cpu time slice, also not good idea, because, this increase number context switching on high load. May be you see other way for do this? Share you idea. Thank. Original cdjones cpu and memory limit patch http://wiki.freebsd.org/JailResourceLimits --------------010407030304050405020607 Content-Type: text/plain; name="patch-jail-limit-7RELENG" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="patch-jail-limit-7RELENG" ZGlmZiAtVTMgLXIgLS1zaG93LWMtZnVuY3Rpb24gLS1pZ25vcmUtYWxsLXNwYWNlIC0taWdu b3JlLXRhYi1leHBhbnNpb24gLS1pZ25vcmUtYmxhbmstbGluZXMgc3lzL2tlcm4va2Vybl9q YWlsLmMgc3lzLm5ldy9rZXJuL2tlcm5famFpbC5jCi0tLSBzeXMva2Vybi9rZXJuX2phaWwu YwkyMDA5LTAzLTEwIDIyOjMzOjUwLjAwMDAwMDAwMCArMDMwMAorKysgc3lzLm5ldy9rZXJu L2tlcm5famFpbC5jCTIwMDktMDQtMTcgMTg6NTE6MzQuMDAwMDAwMDAwICswNDAwCkBAIC01 MzEsNiArNTMyLDcgQEAga2Vybl9qYWlsKHN0cnVjdCB0aHJlYWQgKnRkLCBzdHJ1Y3QgamFp bAogCX0KICNlbmRpZgogCXByLT5wcl9saW51eCA9IE5VTEw7CisgICAgcHItPnByX3NjaGVk X3NoYXJlcyA9IGotPnNjaGVkX3NoYXJlczsKIAlwci0+cHJfc2VjdXJlbGV2ZWwgPSBzZWN1 cmVsZXZlbDsKIAlpZiAocHJpc29uX3NlcnZpY2Vfc2xvdHMgPT0gMCkKIAkJcHItPnByX3Ns b3RzID0gTlVMTDsKZGlmZiAtVTMgLXIgLS1zaG93LWMtZnVuY3Rpb24gLS1pZ25vcmUtYWxs LXNwYWNlIC0taWdub3JlLXRhYi1leHBhbnNpb24gLS1pZ25vcmUtYmxhbmstbGluZXMgc3lz L2tlcm4vc2NoZWRfdWxlLmMgc3lzLm5ldy9rZXJuL3NjaGVkX3VsZS5jCi0tLSBzeXMva2Vy bi9zY2hlZF91bGUuYwkyMDA5LTAzLTMwIDIzOjIwOjU2LjAwMDAwMDAwMCArMDQwMAorKysg c3lzLm5ldy9rZXJuL3NjaGVkX3VsZS5jCTIwMDktMDQtMTcgMTk6MTA6MDcuMDAwMDAwMDAw ICswNDAwCkBAIC02MSw2ICs2MSw3IEBAIF9fRkJTRElEKCIkRnJlZUJTRDogc3JjL3N5cy9r ZXJuL3NjaGVkX3UKICNpbmNsdWRlIDxzeXMvdW10eC5oPgogI2luY2x1ZGUgPHN5cy92bW1l dGVyLmg+CiAjaW5jbHVkZSA8c3lzL2NwdXNldC5oPgorI2luY2x1ZGUgPHN5cy9qYWlsLmg+ CiAjaWZkZWYgS1RSQUNFCiAjaW5jbHVkZSA8c3lzL3Vpby5oPgogI2luY2x1ZGUgPHN5cy9r dHJhY2UuaD4KQEAgLTE4Niw2ICsxODcsMjIgQEAgc3RhdGljIGludCBzY2hlZF9pbnRlcmFj dCA9IFNDSEVEX0lOVEVSQQogc3RhdGljIGludCByZWFsc3RhdGh6Owogc3RhdGljIGludCB0 aWNraW5jcjsKIHN0YXRpYyBpbnQgc2NoZWRfc2xpY2U7CisKKyNkZWZpbmUgRVNUQ1BVX1NI SUZUCTEwCisvKgorICogZXN0Y3B1OgkJCQkJR2xvYmFsIGNvdW50ZXIgdGlja3MgZnJvbSBz dGF0IHRpbWVyIAorICogZmx1c2hfZXN0Y3B1X2ludGVydmFsOiAgIE51bWJlciB0aWNrcywg YWZ0ZXIgdGhhdCB3ZSB0byB6ZXJvIGVzdGNwdSwKKyAqICAgICAgICAgICAgICAgICAgICAg ICAgICBmbHVzaF9lc3RjcHVfaW50ZXJ2YWwgPSBtcF9uY3B1cypzdGF0aHoqMTAsIAorICoJ CQkJCQkJZGVmYXVsdCAyKjEyOCoxMCA9IDI1NjAKKyAqIHRvdGFsX3NjaGVkX3NoYXJlczog ICAgICBUb3RhbCBjb3VudCBzaGFyZXMgY3B1LCAxMDAwIHBlciBjb3JlLCAKKyAqCQkJCQkJ CWRlZmF1bHQgMioxMDAwID0gMjAwMCAKKyovCisKKworc3RhdGljIGludCBlc3RjcHU7Citz dGF0aWMgaW50IGZsdXNoX2VzdGNwdV9pbnRlcnZhbCA9IDI1NjA7CitzdGF0aWMgaW50IHRv dGFsX3NjaGVkX3NoYXJlcyA9IDIwMDA7CisKICNpZmRlZiBQUkVFTVBUSU9OCiAjaWZkZWYg RlVMTF9QUkVFTVBUSU9OCiBzdGF0aWMgaW50IHByZWVtcHRfdGhyZXNoID0gUFJJX01BWF9J RExFOwpAQCAtMjIwMCw2ICsyMjE5LDcgQEAgc2NoZWRfY2xvY2soc3RydWN0IHRocmVhZCAq dGQpCiB7CiAJc3RydWN0IHRkcSAqdGRxOwogCXN0cnVjdCB0ZF9zY2hlZCAqdHM7CisJc3Ry dWN0IHByaXNvbiAqcHIgPSB0ZC0+dGRfcHJvYy0+cF91Y3JlZC0+Y3JfcHJpc29uOwogCiAJ VEhSRUFEX0xPQ0tfQVNTRVJUKHRkLCBNQV9PV05FRCk7CiAJdGRxID0gVERRX1NFTEYoKTsK QEAgLTIyMzQsNiArMjI1NCwyMCBAQCBzY2hlZF9jbG9jayhzdHJ1Y3QgdGhyZWFkICp0ZCkK IAkJdGQtPnRkX3NjaGVkLT50c19ydW50aW1lICs9IHRpY2tpbmNyOwogCQlzY2hlZF9pbnRl cmFjdF91cGRhdGUodGQpOwogCX0KKworCS8qIEluY3JlYXNlIGNvdW50ZXIgYW5kIGZsdXNo IGlmIG5lZWQgKi8KKwllc3RjcHUrKzsKKwlpZiAocHIgIT0gTlVMTCkKKwkJcHItPnByX2Vz dGNwdSsrOworCisJaWYgKGVzdGNwdSA+IGZsdXNoX2VzdGNwdV9pbnRlcnZhbCl7CisJCWVz dGNwdSA9IDA7CisJCUxJU1RfRk9SRUFDSChwciwgJmFsbHByaXNvbiwgcHJfbGlzdCkgewor CQkJcHItPnByX2VzdGNwdSA9IDA7CisJCX0KKwkJQ1RSMChLVFJfU0NIRUQsIkZsdXNoIGVz dGNwdSBhbmQgcHJfZXN0Y3B1IGZvciBhbGwgamFpbHMiKTsKKwl9CisKIAkvKgogCSAqIFdl IHVzZWQgdXAgb25lIHRpbWUgc2xpY2UuCiAJICovCkBAIC0yMzc1LDYgKzI0MDksOCBAQCB0 ZHFfYWRkKHN0cnVjdCB0ZHEgKnRkcSwgc3RydWN0IHRocmVhZCAqCiAJaW50IGNwdW1hc2s7 CiAjZW5kaWYKIAorICAgIHN0cnVjdCBwcmlzb24gKnByID0gdGQtPnRkX3Byb2MtPnBfdWNy ZWQtPmNyX3ByaXNvbjsKKwogCVREUV9MT0NLX0FTU0VSVCh0ZHEsIE1BX09XTkVEKTsKIAlL QVNTRVJUKCh0ZC0+dGRfaW5oaWJpdG9ycyA9PSAwKSwKIAkgICAgKCJzY2hlZF9hZGQ6IHRy eWluZyB0byBydW4gaW5oaWJpdGVkIHRocmVhZCIpKTsKQEAgLTIzODMsNiArMjQxOSwzMiBA QCB0ZHFfYWRkKHN0cnVjdCB0ZHEgKnRkcSwgc3RydWN0IHRocmVhZCAqCiAJS0FTU0VSVCh0 ZC0+dGRfZmxhZ3MgJiBUREZfSU5NRU0sCiAJICAgICgic2NoZWRfYWRkOiB0aHJlYWQgc3dh cHBlZCBvdXQiKSk7CiAKKyAgICAgICAgLyogV2UgbW92ZSB0aHJlYWQgaW4gSURMRSBxdWV1 ZSBpZiBwcmlzb24gZXN0aW1hdGUgY3B1IG1vcmUgdGhhbiBzaGFyZXMKKwkJICogY3B1IGFu ZCB0aHJlYWQgaXMgbm90IGludGVyYWN0aXZlLiBVc2UgRVNUQ1BVX1NISUZUIHRvIGF2b2lk CisJCSAqIHJvdW5kaW5nIGF3YXkgcmVzdWx0cyAqLworICAgIGlmKHByICE9IE5VTEwpCisg ICAgCUNUUjYoS1RSX1NDSEVELCJwaWQgJWksIHByaXNvbiAlaSwgcHJfZXN0Y3B1ICVpLFwK KwkJCQkJCWVzdGNwdSAlaSBzaGFyZXMgJWkgaW50ZXJhY3QgJWkiLAorICAgICAgICAgICAg ICAgICAgIAkJdGQtPnRkX3Byb2MtPnBfcGlkLHByLT5wcl9pZCxwci0+cHJfZXN0Y3B1LAor CQkJCQkJZXN0Y3B1LCBwci0+cHJfc2NoZWRfc2hhcmVzLCBzY2hlZF9pbnRlcmFjdF9zY29y ZSh0ZCkpOworICAgIGlmIChwciAhPSBOVUxMICYmIHByLT5wcl9zY2hlZF9zaGFyZXMgIT0g MCAmJgorICAgICAgICBzY2hlZF9pbnRlcmFjdF9zY29yZSh0ZCkgPiBzY2hlZF9pbnRlcmFj dCAmJgorCQllc3RjcHUgIT0gMCAmJiB0b3RhbF9zY2hlZF9zaGFyZXMgIT0gMCl7CisKKyAg ICAJaWYgKChwci0+cHJfZXN0Y3B1ICAgICAgICAgIDw8IEVTVENQVV9TSElGVCkgIC8gKGVz dGNwdSkgPgorICAgICAgICAgIAkocHItPnByX3NjaGVkX3NoYXJlcyAgICA8PCBFU1RDUFVf U0hJRlQpICAvICh0b3RhbF9zY2hlZF9zaGFyZXMpKQorICAgICAgICB7CisgICAgICAgICAg CXRkLT50ZF9wcmlvcml0eSAgPSBQUklfTUlOX0lETEU7IAorCQkJdGQtPnRkX3ByaV9jbGFz cyA9IFBSSV9JRExFOworICAgICAgICAgICAgQ1RSMihLVFJfU0NIRUQsInByaXNvbiAlaSBl eGNlc3MgY3B1IGxpbWl0ISEhIG5ldyBwcmkgPSAlaSAiLHByLT5wcl9pZCx0ZC0+dGRfcHJp b3JpdHkpOworCisgICAgICAgIH0gZWxzZSB7CisgICAgICAgICAgICBDVFIxKEtUUl9TQ0hF RCwicHJpc29uICVpIHVzZSBjcHUgbGVzcyBsaW1pdCIscHItPnByX2lkKTsgICAgIAorCQkJ c2NoZWRfcHJpb3JpdHkodGQpOworCQkJdGQtPnRkX3ByaV9jbGFzcyA9IFBSSV9USU1FU0hB UkU7CisgICAgICAgIH0KKyAgICB9CisKIAl0cyA9IHRkLT50ZF9zY2hlZDsKIAljbGFzcyA9 IFBSSV9CQVNFKHRkLT50ZF9wcmlfY2xhc3MpOwogICAgICAgICBURF9TRVRfUlVOUSh0ZCk7 CkBAIC0yNzQ2LDYgKzI4MDgsMTAgQEAgU1lTQ1RMX0lOVChfa2Vybl9zY2hlZCwgT0lEX0FV VE8sIGludGVyYQogICAgICAiSW50ZXJhY3Rpdml0eSBzY29yZSB0aHJlc2hvbGQiKTsKIFNZ U0NUTF9JTlQoX2tlcm5fc2NoZWQsIE9JRF9BVVRPLCBwcmVlbXB0X3RocmVzaCwgQ1RMRkxB R19SVywgJnByZWVtcHRfdGhyZXNoLAogICAgICAwLCJNaW4gcHJpb3JpdHkgZm9yIHByZWVt cHRpb24sIGxvd2VyIHByaW9yaXRpZXMgaGF2ZSBncmVhdGVyIHByZWNlZGVuY2UiKTsKK1NZ U0NUTF9JTlQoX2tlcm5fc2NoZWQsIE9JRF9BVVRPLCBmbHVzaF9lc3RjcHVfaW50ZXJ2YWws IENUTEZMQUdfUlcsICZmbHVzaF9lc3RjcHVfaW50ZXJ2YWwsCisgICAgIDAsIk51bWJlciB0 aWNrcyBzdGF0IHRpbWVyIGFmdGVyIHRoYXIgd2UgemVybyBlc3RjcHUgY291bnRlciIpOwor U1lTQ1RMX0lOVChfa2Vybl9zY2hlZCwgT0lEX0FVVE8sIHRvdGFsX3NjaGVkX3NoYXJlcywg Q1RMRkxBR19SVywgJnRvdGFsX3NjaGVkX3NoYXJlcywKKyAgICAgMCwiVG90YWwgbnVtYmVy IHNoYXJlZCBjcHUgZm9yIHN5c3RlbSIpOwogI2lmZGVmIFNNUAogU1lTQ1RMX0lOVChfa2Vy bl9zY2hlZCwgT0lEX0FVVE8sIHBpY2tfcHJpLCBDVExGTEFHX1JXLCAmcGlja19wcmksIDAs CiAgICAgIlBpY2sgdGhlIHRhcmdldCBjcHUgYmFzZWQgb24gcHJpb3JpdHkgcmF0aGVyIHRo YW4gbG9hZC4iKTsKZGlmZiAtVTMgLXIgLS1zaG93LWMtZnVuY3Rpb24gLS1pZ25vcmUtYWxs LXNwYWNlIC0taWdub3JlLXRhYi1leHBhbnNpb24gLS1pZ25vcmUtYmxhbmstbGluZXMgc3lz L3N5cy9qYWlsLmggc3lzLm5ldy9zeXMvamFpbC5oCi0tLSBzeXMvc3lzL2phaWwuaAkyMDA5 LTAyLTE4IDIzOjEyOjA4LjAwMDAwMDAwMCArMDMwMAorKysgc3lzLm5ldy9zeXMvamFpbC5o CTIwMDktMDQtMTcgMTg6NTM6NDMuMDAwMDAwMDAwICswNDAwCkBAIC0zMSw2ICszMSw3IEBA IHN0cnVjdCBqYWlsIHsKIAl1aW50MzJfdAlpcDZzOwogCXN0cnVjdCBpbl9hZGRyCSppcDQ7 CiAJc3RydWN0IGluNl9hZGRyCSppcDY7CisJdWludDMyX3QJc2NoZWRfc2hhcmVzOwogfTsK ICNkZWZpbmUJSkFJTF9BUElfVkVSU0lPTiAyCiAKQEAgLTEzMiw2ICsxMzMsOSBAQCBzdHJ1 Y3QgcHJpc29uIHsKIAlzdHJ1Y3QgdGFzawkgcHJfdGFzazsJCQkvKiAoZCkgZGVzdHJveSB0 YXNrICovCiAJc3RydWN0IG10eAkgcHJfbXR4OwogCXZvaWQJCSoqcHJfc2xvdHM7CQkJLyog KHApIGFkZGl0aW9uYWwgZGF0YSAqLworCXVpbnQzMl90CXByX2VzdGNwdTsJCQkvKiAocCkg Y3B1IHVzYWdlICovCisJdWludDMyX3QJcHJfc2NoZWRfc2hhcmVzOwkvKiAoYykgbnVtYmVy IHZpcnR1YWwgY3B1ICovCisKIAlpbnQJCSBwcl9pcDRzOwkJCS8qIChjKSBudW1iZXIgb2Yg djQgSVBzICovCiAJc3RydWN0IGluX2FkZHIJKnByX2lwNDsJCQkvKiAoYykgdjQgSVBzIG9m IGphaWwgKi8KIAlpbnQJCSBwcl9pcDZzOwkJCS8qIChjKSBudW1iZXIgb2YgdjYgSVBzICov CmRpZmYgLVUzIC1yIC0tc2hvdy1jLWZ1bmN0aW9uIC0taWdub3JlLWFsbC1zcGFjZSAtLWln bm9yZS10YWItZXhwYW5zaW9uIC0taWdub3JlLWJsYW5rLWxpbmVzIHVzci5zYmluL2phaWwv amFpbC5jIHVzci5zYmluLm5ldy9qYWlsL2phaWwuYwotLS0gdXNyLnNiaW4vamFpbC9qYWls LmMJMjAwOS0wMi0wNyAxNjoxOTowOC4wMDAwMDAwMDAgKzAzMDAKKysrIHVzci5zYmluLm5l dy9qYWlsL2phaWwuYwkyMDA5LTA0LTE3IDE4OjU3OjE1LjAwMDAwMDAwMCArMDQwMApAQCAt ODMsNiArODMsNyBAQCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikKIAlpbnQgY2gsIGVy cm9yLCBpLCBuZ3JvdXBzLCBzZWN1cmVsZXZlbDsKIAlpbnQgaGZsYWcsIGlmbGFnLCBKZmxh ZywgbGZsYWcsIHVmbGFnLCBVZmxhZzsKIAljaGFyIHBhdGhbUEFUSF9NQVhdLCAqamFpbG5h bWUsICplcCwgKnVzZXJuYW1lLCAqSmlkRmlsZSwgKmlwOworCXVpbnQzMl90IHNjaGVkX3No YXJlcyA9IDA7CiAJc3RhdGljIGNoYXIgKmNsZWFuZW52OwogCWNvbnN0IGNoYXIgKnNoZWxs LCAqcCA9IE5VTEw7CiAJbG9uZyBsdG1wOwpAQCAtOTQsNyArOTUsNyBAQCBtYWluKGludCBh cmdjLCBjaGFyICoqYXJndikKIAlqYWlsbmFtZSA9IHVzZXJuYW1lID0gSmlkRmlsZSA9IGNs ZWFuZW52ID0gTlVMTDsKIAlmcCA9IE5VTEw7CiAKLQl3aGlsZSAoKGNoID0gZ2V0b3B0KGFy Z2MsIGFyZ3YsICJoaWxuOnM6dTpVOko6IikpICE9IC0xKSB7CisJd2hpbGUgKChjaCA9IGdl dG9wdChhcmdjLCBhcmd2LCAiaGlsUzpuOnM6dTpVOko6IikpICE9IC0xKSB7CiAJCXN3aXRj aCAoY2gpIHsKIAkJY2FzZSAnaCc6CiAJCQloZmxhZyA9IDE7CkBAIC0xMTUsNiArMTE2LDkg QEAgbWFpbihpbnQgYXJnYywgY2hhciAqKmFyZ3YpCiAJCQkJZXJyeCgxLCAiaW52YWxpZCBz ZWN1cmVsZXZlbDogYCVzJyIsIG9wdGFyZyk7CiAJCQlzZWN1cmVsZXZlbCA9IGx0bXA7CiAJ CQlicmVhazsKKwkJY2FzZSAnUyc6CisJCQlzY2hlZF9zaGFyZXMgPSAodWludDMyX3Qpc3Ry dG9sKG9wdGFyZyxOVUxMLDEwKTsKKwkJCWJyZWFrOwogCQljYXNlICd1JzoKIAkJCXVzZXJu YW1lID0gb3B0YXJnOwogCQkJdWZsYWcgPSAxOwpAQCAtMTUyLDYgKzE1Niw4IEBAIG1haW4o aW50IGFyZ2MsIGNoYXIgKiphcmd2KQogCWlmIChqYWlsbmFtZSAhPSBOVUxMKQogCQlqLmph aWxuYW1lID0gamFpbG5hbWU7CiAKKwlqLnNjaGVkX3NoYXJlcyA9IHNjaGVkX3NoYXJlczsK KwogCS8qIEhhbmRsZSBJUCBhZGRyZXNzZXMuIElmIHJlcXVlc3RlZCByZXNvbHZlIGhvc3Ru YW1lIHRvby4gKi8KIAliemVybygmaGludHMsIHNpemVvZihzdHJ1Y3QgYWRkcmluZm8pKTsK IAloaW50cy5haV9wcm90b2NvbCA9IElQUFJPVE9fVENQOwpAQCAtMjY0LDkgKzI3MCwxMCBA QCBzdGF0aWMgdm9pZAogdXNhZ2Uodm9pZCkKIHsKIAotCSh2b2lkKWZwcmludGYoc3RkZXJy LCAiJXMlcyVzXG4iLAorCSh2b2lkKWZwcmludGYoc3RkZXJyLCAiJXMlcyVzJXNcbiIsCiAJ ICAgICAidXNhZ2U6IGphaWwgWy1oaV0gWy1uIGphaWxuYW1lXSBbLUogamlkX2ZpbGVdICIs CiAJICAgICAiWy1zIHNlY3VyZWxldmVsXSBbLWwgLXUgdXNlcm5hbWUgfCAtVSB1c2VybmFt ZV0gIiwKKwkJICJbLVMgbnVtYmVyIHNoYXJlZCBjcHVdICIsCiAJICAgICAicGF0aCBob3N0 bmFtZSBbaXBbLC4uXV0gY29tbWFuZCAuLi4iKTsKIAlleGl0KDEpOwogfQo= --------------010407030304050405020607 Content-Type: text/plain; name="patch-jail-limit-71RELEASE" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="patch-jail-limit-71RELEASE" ZGlmZiAtVTMgLXIgLS1zaG93LWMtZnVuY3Rpb24gLS1pZ25vcmUtYWxsLXNwYWNlIC0taWdu b3JlLXRhYi1leHBhbnNpb24gLS1pZ25vcmUtYmxhbmstbGluZXMgc3lzL2tlcm4va2Vybl9q YWlsLmMgc3lzLm5ldy9rZXJuL2tlcm5famFpbC5jCi0tLSBzeXMva2Vybi9rZXJuX2phaWwu YwkyMDA4LTExLTI1IDA1OjU5OjI5LjAwMDAwMDAwMCArMDMwMAorKysgc3lzLm5ldy9rZXJu L2tlcm5famFpbC5jCTIwMDktMDQtMTcgMjA6MjM6NDAuMDAwMDAwMDAwICswNDAwCkBAIC0x NTYsNiArMTU2LDcgQEAgamFpbChzdHJ1Y3QgdGhyZWFkICp0ZCwgc3RydWN0IGphaWxfYXJn cwogCQlnb3RvIGVfZHJvcHZucmVmOwogCXByLT5wcl9pcCA9IGouaXBfbnVtYmVyOwogCXBy LT5wcl9saW51eCA9IE5VTEw7CisgICAgcHItPnByX3NjaGVkX3NoYXJlcyA9IGotPnNjaGVk X3NoYXJlczsKIAlwci0+cHJfc2VjdXJlbGV2ZWwgPSBzZWN1cmVsZXZlbDsKIAlpZiAocHJp c29uX3NlcnZpY2Vfc2xvdHMgPT0gMCkKIAkJcHItPnByX3Nsb3RzID0gTlVMTDsKZGlmZiAt VTMgLXIgLS1zaG93LWMtZnVuY3Rpb24gLS1pZ25vcmUtYWxsLXNwYWNlIC0taWdub3JlLXRh Yi1leHBhbnNpb24gLS1pZ25vcmUtYmxhbmstbGluZXMgc3lzL2tlcm4vc2NoZWRfdWxlLmMg c3lzLm5ldy9rZXJuL3NjaGVkX3VsZS5jCi0tLSBzeXMva2Vybi9zY2hlZF91bGUuYwkyMDA4 LTExLTI1IDA1OjU5OjI5LjAwMDAwMDAwMCArMDMwMAorKysgc3lzLm5ldy9rZXJuL3NjaGVk X3VsZS5jCTIwMDktMDQtMTcgMjA6MjM6NDAuMDAwMDAwMDAwICswNDAwCkBAIC02MSw2ICs2 MSw3IEBAIF9fRkJTRElEKCIkRnJlZUJTRDogc3JjL3N5cy9rZXJuL3NjaGVkX3UKICNpbmNs dWRlIDxzeXMvdW10eC5oPgogI2luY2x1ZGUgPHN5cy92bW1ldGVyLmg+CiAjaW5jbHVkZSA8 c3lzL2NwdXNldC5oPgorI2luY2x1ZGUgPHN5cy9qYWlsLmg+CiAjaWZkZWYgS1RSQUNFCiAj aW5jbHVkZSA8c3lzL3Vpby5oPgogI2luY2x1ZGUgPHN5cy9rdHJhY2UuaD4KQEAgLTE4Niw2 ICsxODcsMjIgQEAgc3RhdGljIGludCBzY2hlZF9pbnRlcmFjdCA9IFNDSEVEX0lOVEVSQQog c3RhdGljIGludCByZWFsc3RhdGh6Owogc3RhdGljIGludCB0aWNraW5jcjsKIHN0YXRpYyBp bnQgc2NoZWRfc2xpY2U7CisKKyNkZWZpbmUgRVNUQ1BVX1NISUZUCTEwCisvKgorICogZXN0 Y3B1OgkJCQkJR2xvYmFsIGNvdW50ZXIgdGlja3MgZnJvbSBzdGF0IHRpbWVyIAorICogZmx1 c2hfZXN0Y3B1X2ludGVydmFsOiAgIE51bWJlciB0aWNrcywgYWZ0ZXIgdGhhdCB3ZSB0byB6 ZXJvIGVzdGNwdSwKKyAqICAgICAgICAgICAgICAgICAgICAgICAgICBmbHVzaF9lc3RjcHVf aW50ZXJ2YWwgPSBtcF9uY3B1cypzdGF0aHoqMTAsIAorICoJCQkJCQkJZGVmYXVsdCAyKjEy OCoxMCA9IDI1NjAKKyAqIHRvdGFsX3NjaGVkX3NoYXJlczogICAgICBUb3RhbCBjb3VudCBz aGFyZXMgY3B1LCAxMDAwIHBlciBjb3JlLCAKKyAqCQkJCQkJCWRlZmF1bHQgMioxMDAwID0g MjAwMCAKKyovCisKKworc3RhdGljIGludCBlc3RjcHU7CitzdGF0aWMgaW50IGZsdXNoX2Vz dGNwdV9pbnRlcnZhbCA9IDI1NjA7CitzdGF0aWMgaW50IHRvdGFsX3NjaGVkX3NoYXJlcyA9 IDIwMDA7CisKICNpZmRlZiBQUkVFTVBUSU9OCiAjaWZkZWYgRlVMTF9QUkVFTVBUSU9OCiBz dGF0aWMgaW50IHByZWVtcHRfdGhyZXNoID0gUFJJX01BWF9JRExFOwpAQCAtMjIwMCw2ICsy MjE3LDcgQEAgc2NoZWRfY2xvY2soc3RydWN0IHRocmVhZCAqdGQpCiB7CiAJc3RydWN0IHRk cSAqdGRxOwogCXN0cnVjdCB0ZF9zY2hlZCAqdHM7CisJc3RydWN0IHByaXNvbiAqcHIgPSB0 ZC0+dGRfcHJvYy0+cF91Y3JlZC0+Y3JfcHJpc29uOwogCiAJVEhSRUFEX0xPQ0tfQVNTRVJU KHRkLCBNQV9PV05FRCk7CiAJdGRxID0gVERRX1NFTEYoKTsKQEAgLTIyMzQsNiArMjI1Miwy MCBAQCBzY2hlZF9jbG9jayhzdHJ1Y3QgdGhyZWFkICp0ZCkKIAkJdGQtPnRkX3NjaGVkLT50 c19ydW50aW1lICs9IHRpY2tpbmNyOwogCQlzY2hlZF9pbnRlcmFjdF91cGRhdGUodGQpOwog CX0KKworCS8qIEluY3JlYXNlIGNvdW50ZXIgYW5kIGZsdXNoIGlmIG5lZWQgKi8KKwllc3Rj cHUrKzsKKwlpZiAocHIgIT0gTlVMTCkKKwkJcHItPnByX2VzdGNwdSsrOworCisJaWYgKGVz dGNwdSA+IGZsdXNoX2VzdGNwdV9pbnRlcnZhbCl7CisJCWVzdGNwdSA9IDA7CisJCUxJU1Rf Rk9SRUFDSChwciwgJmFsbHByaXNvbiwgcHJfbGlzdCkgeworCQkJcHItPnByX2VzdGNwdSA9 IDA7CisJCX0KKwkJQ1RSMChLVFJfU0NIRUQsIkZsdXNoIGVzdGNwdSBhbmQgcHJfZXN0Y3B1 IGZvciBhbGwgamFpbHMiKTsKKwl9CisKIAkvKgogCSAqIFdlIHVzZWQgdXAgb25lIHRpbWUg c2xpY2UuCiAJICovCkBAIC0yMzc1LDYgKzI0MDcsOCBAQCB0ZHFfYWRkKHN0cnVjdCB0ZHEg KnRkcSwgc3RydWN0IHRocmVhZCAqCiAJaW50IGNwdW1hc2s7CiAjZW5kaWYKIAorICAgIHN0 cnVjdCBwcmlzb24gKnByID0gdGQtPnRkX3Byb2MtPnBfdWNyZWQtPmNyX3ByaXNvbjsKKwog CVREUV9MT0NLX0FTU0VSVCh0ZHEsIE1BX09XTkVEKTsKIAlLQVNTRVJUKCh0ZC0+dGRfaW5o aWJpdG9ycyA9PSAwKSwKIAkgICAgKCJzY2hlZF9hZGQ6IHRyeWluZyB0byBydW4gaW5oaWJp dGVkIHRocmVhZCIpKTsKQEAgLTIzODMsNiArMjQxNywzMiBAQCB0ZHFfYWRkKHN0cnVjdCB0 ZHEgKnRkcSwgc3RydWN0IHRocmVhZCAqCiAJS0FTU0VSVCh0ZC0+dGRfZmxhZ3MgJiBUREZf SU5NRU0sCiAJICAgICgic2NoZWRfYWRkOiB0aHJlYWQgc3dhcHBlZCBvdXQiKSk7CiAKKyAg ICAgICAgLyogV2UgbW92ZSB0aHJlYWQgaW4gSURMRSBxdWV1ZSBpZiBwcmlzb24gZXN0aW1h dGUgY3B1IG1vcmUgdGhhbiBzaGFyZXMKKwkJICogY3B1IGFuZCB0aHJlYWQgaXMgbm90IGlu dGVyYWN0aXZlLiBVc2UgRVNUQ1BVX1NISUZUIHRvIGF2b2lkCisJCSAqIHJvdW5kaW5nIGF3 YXkgcmVzdWx0cyAqLworICAgIGlmKHByICE9IE5VTEwpCisgICAgCUNUUjYoS1RSX1NDSEVE LCJwaWQgJWksIHByaXNvbiAlaSwgcHJfZXN0Y3B1ICVpLFwKKwkJCQkJCWVzdGNwdSAlaSBz aGFyZXMgJWkgaW50ZXJhY3QgJWkiLAorICAgICAgICAgICAgICAgICAgIAkJdGQtPnRkX3By b2MtPnBfcGlkLHByLT5wcl9pZCxwci0+cHJfZXN0Y3B1LAorCQkJCQkJZXN0Y3B1LCBwci0+ cHJfc2NoZWRfc2hhcmVzLCBzY2hlZF9pbnRlcmFjdF9zY29yZSh0ZCkpOworICAgIGlmIChw ciAhPSBOVUxMICYmIHByLT5wcl9zY2hlZF9zaGFyZXMgIT0gMCAmJgorICAgICAgICBzY2hl ZF9pbnRlcmFjdF9zY29yZSh0ZCkgPiBzY2hlZF9pbnRlcmFjdCAmJgorCQllc3RjcHUgIT0g MCAmJiB0b3RhbF9zY2hlZF9zaGFyZXMgIT0gMCl7CisKKyAgICAJaWYgKChwci0+cHJfZXN0 Y3B1ICAgICAgICAgIDw8IEVTVENQVV9TSElGVCkgIC8gKGVzdGNwdSkgPgorICAgICAgICAg IAkocHItPnByX3NjaGVkX3NoYXJlcyAgICA8PCBFU1RDUFVfU0hJRlQpICAvICh0b3RhbF9z Y2hlZF9zaGFyZXMpKQorICAgICAgICB7CisgICAgICAgICAgCXRkLT50ZF9wcmlvcml0eSAg PSBQUklfTUlOX0lETEU7IAorCQkJdGQtPnRkX3ByaV9jbGFzcyA9IFBSSV9JRExFOworICAg ICAgICAgICAgQ1RSMihLVFJfU0NIRUQsInByaXNvbiAlaSBleGNlc3MgY3B1IGxpbWl0ISEh IG5ldyBwcmkgPSAlaSAiLHByLT5wcl9pZCx0ZC0+dGRfcHJpb3JpdHkpOworCisgICAgICAg IH0gZWxzZSB7CisgICAgICAgICAgICBDVFIxKEtUUl9TQ0hFRCwicHJpc29uICVpIHVzZSBj cHUgbGVzcyBsaW1pdCIscHItPnByX2lkKTsgICAgIAorCQkJc2NoZWRfcHJpb3JpdHkodGQp OworCQkJdGQtPnRkX3ByaV9jbGFzcyA9IFBSSV9USU1FU0hBUkU7CisgICAgICAgIH0KKyAg ICB9CisKIAl0cyA9IHRkLT50ZF9zY2hlZDsKIAljbGFzcyA9IFBSSV9CQVNFKHRkLT50ZF9w cmlfY2xhc3MpOwogICAgICAgICBURF9TRVRfUlVOUSh0ZCk7CkBAIC0yNzQxLDYgKzI4MDEs MTAgQEAgU1lTQ1RMX0lOVChfa2Vybl9zY2hlZCwgT0lEX0FVVE8sIGludGVyYQogICAgICAi SW50ZXJhY3Rpdml0eSBzY29yZSB0aHJlc2hvbGQiKTsKIFNZU0NUTF9JTlQoX2tlcm5fc2No ZWQsIE9JRF9BVVRPLCBwcmVlbXB0X3RocmVzaCwgQ1RMRkxBR19SVywgJnByZWVtcHRfdGhy ZXNoLAogICAgICAwLCJNaW4gcHJpb3JpdHkgZm9yIHByZWVtcHRpb24sIGxvd2VyIHByaW9y aXRpZXMgaGF2ZSBncmVhdGVyIHByZWNlZGVuY2UiKTsKK1NZU0NUTF9JTlQoX2tlcm5fc2No ZWQsIE9JRF9BVVRPLCBmbHVzaF9lc3RjcHVfaW50ZXJ2YWwsIENUTEZMQUdfUlcsICZmbHVz aF9lc3RjcHVfaW50ZXJ2YWwsCisgICAgIDAsIk51bWJlciB0aWNrcyBzdGF0IHRpbWVyIGFm dGVyIHRoYXIgd2UgemVybyBlc3RjcHUgY291bnRlciIpOworU1lTQ1RMX0lOVChfa2Vybl9z Y2hlZCwgT0lEX0FVVE8sIHRvdGFsX3NjaGVkX3NoYXJlcywgQ1RMRkxBR19SVywgJnRvdGFs X3NjaGVkX3NoYXJlcywKKyAgICAgMCwiVG90YWwgbnVtYmVyIHNoYXJlZCBjcHUgZm9yIHN5 c3RlbSIpOwogI2lmZGVmIFNNUAogU1lTQ1RMX0lOVChfa2Vybl9zY2hlZCwgT0lEX0FVVE8s IHBpY2tfcHJpLCBDVExGTEFHX1JXLCAmcGlja19wcmksIDAsCiAgICAgIlBpY2sgdGhlIHRh cmdldCBjcHUgYmFzZWQgb24gcHJpb3JpdHkgcmF0aGVyIHRoYW4gbG9hZC4iKTsKZGlmZiAt VTMgLXIgLS1zaG93LWMtZnVuY3Rpb24gLS1pZ25vcmUtYWxsLXNwYWNlIC0taWdub3JlLXRh Yi1leHBhbnNpb24gLS1pZ25vcmUtYmxhbmstbGluZXMgc3lzL3N5cy9qYWlsLmggc3lzLm5l dy9zeXMvamFpbC5oCi0tLSBzeXMvc3lzL2phaWwuaAkyMDA4LTExLTI1IDA1OjU5OjI5LjAw MDAwMDAwMCArMDMwMAorKysgc3lzLm5ldy9zeXMvamFpbC5oCTIwMDktMDQtMTcgMjA6MjY6 NTQuMDAwMDAwMDAwICswNDAwCkBAIC0xOCw2ICsxOCw3IEBAIHN0cnVjdCBqYWlsIHsKIAlj aGFyCQkqcGF0aDsKIAljaGFyCQkqaG9zdG5hbWU7CiAJdV9pbnQzMl90CWlwX251bWJlcjsK Kwl1aW50MzJfdAlzY2hlZF9zaGFyZXM7CiB9OwogCiBzdHJ1Y3QgeHByaXNvbiB7CkBAIC03 NCw2ICs3NSw4IEBAIHN0cnVjdCBwcmlzb24gewogCXN0cnVjdCB0YXNrCSBwcl90YXNrOwkJ CS8qIChkKSBkZXN0cm95IHRhc2sgKi8KIAlzdHJ1Y3QgbXR4CSBwcl9tdHg7CiAJdm9pZAkJ Kipwcl9zbG90czsJCQkvKiAocCkgYWRkaXRpb25hbCBkYXRhICovCisJdWludDMyX3QJcHJf ZXN0Y3B1OwkJCS8qIChwKSBjcHUgdXNhZ2UgKi8KKwl1aW50MzJfdAlwcl9zY2hlZF9zaGFy ZXM7CS8qIChjKSBudW1iZXIgdmlydHVhbCBjcHUgKi8KIH07CiAjZW5kaWYgLyogX0tFUk5F TCB8fCBfV0FOVF9QUklTT04gKi8KIApkaWZmIC1VMyAtciAtLXNob3ctYy1mdW5jdGlvbiAt LWlnbm9yZS1hbGwtc3BhY2UgLS1pZ25vcmUtdGFiLWV4cGFuc2lvbiAtLWlnbm9yZS1ibGFu ay1saW5lcyB1c3Iuc2Jpbi9qYWlsL2phaWwuYyB1c3Iuc2Jpbi5uZXcvamFpbC9qYWlsLmMK LS0tIHVzci5zYmluL2phaWwvamFpbC5jCTIwMDgtMTEtMjUgMDU6NTk6MjkuMDAwMDAwMDAw ICswMzAwCisrKyB1c3Iuc2Jpbi5uZXcvamFpbC9qYWlsLmMJMjAwOS0wNC0xNyAyMDozMTox Ny4wMDAwMDAwMDAgKzA0MDAKQEAgLTU3LDYgKzU3LDcgQEAgbWFpbihpbnQgYXJnYywgY2hh ciAqKmFyZ3YpCiAJZ2lkX3QgZ3JvdXBzW05HUk9VUFNdOwogCWludCBjaCwgaSwgaWZsYWcs IEpmbGFnLCBsZmxhZywgbmdyb3Vwcywgc2VjdXJlbGV2ZWwsIHVmbGFnLCBVZmxhZzsKIAlj aGFyIHBhdGhbUEFUSF9NQVhdLCAqZXAsICp1c2VybmFtZSwgKkppZEZpbGU7CisJdWludDMy X3Qgc2NoZWRfc2hhcmVzID0gMDsKIAlzdGF0aWMgY2hhciAqY2xlYW5lbnY7CiAJY29uc3Qg Y2hhciAqc2hlbGwsICpwID0gTlVMTDsKIAlsb25nIGx0bXA7CkBAIC02Nyw3ICs2OCw3IEBA IG1haW4oaW50IGFyZ2MsIGNoYXIgKiphcmd2KQogCXVzZXJuYW1lID0gSmlkRmlsZSA9IGNs ZWFuZW52ID0gTlVMTDsKIAlmcCA9IE5VTEw7CiAKLQl3aGlsZSAoKGNoID0gZ2V0b3B0KGFy Z2MsIGFyZ3YsICJpbHM6dTpVOko6IikpICE9IC0xKSB7CisJd2hpbGUgKChjaCA9IGdldG9w dChhcmdjLCBhcmd2LCAiaWxTOnM6dTpVOko6IikpICE9IC0xKSB7CiAJCXN3aXRjaCAoY2gp IHsKIAkJY2FzZSAnaSc6CiAJCQlpZmxhZyA9IDE7CkBAIC04Miw2ICs4Myw5IEBAIG1haW4o aW50IGFyZ2MsIGNoYXIgKiphcmd2KQogCQkJCWVycngoMSwgImludmFsaWQgc2VjdXJlbGV2 ZWw6IGAlcyciLCBvcHRhcmcpOwogCQkJc2VjdXJlbGV2ZWwgPSBsdG1wOwogCQkJYnJlYWs7 CisJCWNhc2UgJ1MnOgorCQkJc2NoZWRfc2hhcmVzID0gKHVpbnQzMl90KXN0cnRvbChvcHRh cmcsTlVMTCwxMCk7CisJCQlicmVhazsKIAkJY2FzZSAndSc6CiAJCQl1c2VybmFtZSA9IG9w dGFyZzsKIAkJCXVmbGFnID0gMTsKQEAgLTExNSw2ICsxMTksNyBAQCBtYWluKGludCBhcmdj LCBjaGFyICoqYXJndikKIAlqLnZlcnNpb24gPSAwOwogCWoucGF0aCA9IHBhdGg7CiAJai5o b3N0bmFtZSA9IGFyZ3ZbMV07CisJai5zY2hlZF9zaGFyZXMgPSBzY2hlZF9zaGFyZXM7CiAJ aWYgKGluZXRfYXRvbihhcmd2WzJdLCAmaW4pID09IDApCiAJCWVycngoMSwgIkNvdWxkIG5v dCBtYWtlIHNlbnNlIG9mIGlwLW51bWJlcjogJXMiLCBhcmd2WzJdKTsKIAlqLmlwX251bWJl ciA9IG50b2hsKGluLnNfYWRkcik7CkBAIC0xODIsOSArMTg3LDEwIEBAIHN0YXRpYyB2b2lk CiB1c2FnZSh2b2lkKQogewogCi0JKHZvaWQpZnByaW50ZihzdGRlcnIsICIlcyVzJXNcbiIs CisJKHZvaWQpZnByaW50ZihzdGRlcnIsICIlcyVzJXMlc1xuIiwKIAkgICAgICJ1c2FnZTog amFpbCBbLWldIFstSiBqaWRfZmlsZV0gWy1zIHNlY3VyZWxldmVsXSBbLWwgLXUgIiwKIAkg ICAgICJ1c2VybmFtZSB8IC1VIHVzZXJuYW1lXSIsCisJCSAiWy1TIG51bWJlciBzaGFyZWQg Y3B1XSAiLAogCSAgICAgIiBwYXRoIGhvc3RuYW1lIGlwLW51bWJlciBjb21tYW5kIC4uLiIp OwogCWV4aXQoMSk7CiB9Cg== --------------010407030304050405020607-- From owner-freebsd-jail@FreeBSD.ORG Tue Apr 21 22:03:54 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B543106564A for ; Tue, 21 Apr 2009 22:03:54 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 185288FC16 for ; Tue, 21 Apr 2009 22:03:53 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 76F1D19E019; Wed, 22 Apr 2009 00:03:51 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 1D2A019E027; Wed, 22 Apr 2009 00:03:49 +0200 (CEST) Message-ID: <49EE42C5.3010409@quip.cz> Date: Wed, 22 Apr 2009 00:03:49 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: =?UTF-8?B?0JzQtdC90YzRiNC40LrQvtCyINCa0L7QvdGB0YLQsNC90YLQuNC9?= References: <49EC926D.6020404@peterhost.ru> In-Reply-To: <49EC926D.6020404@peterhost.ru> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-jail@freebsd.org Subject: Re: CPU limit for Jails(patch for ULE scheduler) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Apr 2009 22:03:54 -0000 Меньшиков Константин wrote: > Hello all! > Many users want have limits on resourse for jail, for examle cpu and > memory limit. > I`m rewrire original cdjones patch for cpu limit for jail under ULE > scheduler. > So, this work simple. > We count cpu usage for all jails, and if jail use cpu more than have > shared cpu, we move his threads to IDLE queue and return to TIMESHARE in > reverse case. > Jailed thread can use all avaliable cpu time, if system has avaliable cpu. > If system under heavy load, jailed thread can`t use cpu long as ratio > (shared cpu for jail/ all shared cpu) < (estimate usage cpu for jail / > all usage cpu) . > Unjailed thread and interactive thread are not subject to this regime. > Add 2 sysctl > kern.sched.total_sched_shares - total count shares cpu in system, > increase if we have more cpu > kern.sched.flush_estcpu_interval - flush estcpu interval in ticks, > default is 2560 = 2 * 128 * 10, NCPU*stathz*sec, increase if we have > more cpu > For use cpu limit, you need use flag -S NSharedCPU in /usr/sbin/jail > program. > My example jail -S100 /usr/jails/root/ root.kostjn.pht 192.168.0.245 > /bin/csh > > I`m tested this under 10 simultaneous process in jail and in main > system. test program is infinity cycle an 8 core xeon, use RELENG_7. > First run process in jail, and after in main system. > This one process tracking cpu usage [...] > So we see, that after run in main system, jailed process can`t usage cpu. > > Please communicate me about all problem in this patch. > This is initial version, without tune jail parameter in runtime. > > So, this work. But i`m not sure, that is best way. > > Attempt increase priority for jailed thread not work, because non > interactive thread (that utilize many cpu) already have small > prioriry(numerical high). > Attempt decrease number ticks in cpu time slice, also not good idea, > because, this increase number context switching on high load. > May be you see other way for do this? > Share you idea. > > Thank. > Original cdjones cpu and memory limit patch > http://wiki.freebsd.org/JailResourceLimits Hello, I can't judge your work / patch as I am not developer nor C programmer. But it is nice to see that someone is working on the resource limits. I am waiting for this feature for a years without success. The original SoC project was never done (not production ready). There were attempts by others to update cdjones patch to newer versions of FreeBSD, but still with some minor problems. The last I remember is "Memory limits on 7.0" by Christopher Thunes (e-mail in archive of this list from 2008-06-24). Unfortunately I had not time to test his patch in times of 7.0 and I am not aware of any newer version of this patch (for 7.1 or upcoming 7.2). It would be nice if independent developers can work together on this subject and do this work production / commit ready. May be you should open PR with you patch, so anybody can find it, test it and help to make it better. Or if you have own web page with this patch + some documentation, I can put the link to http://wiki.freebsd.org/Jails Can you take a look to Memory limits patch and incorporate it in to your patch? Do you have a plan to add jtune? Thanks for your work, I hope I will have time to test it in few weeks. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Wed Apr 22 08:35:07 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9D63E106564A for ; Wed, 22 Apr 2009 08:35:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4C89F8FC18 for ; Wed, 22 Apr 2009 08:35:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id E090341C751; Wed, 22 Apr 2009 10:35:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id B7CsnhwqqEsK; Wed, 22 Apr 2009 10:35:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 8782241C750; Wed, 22 Apr 2009 10:35:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 174A04448E6; Wed, 22 Apr 2009 08:34:24 +0000 (UTC) Date: Wed, 22 Apr 2009 08:34:24 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Vivek Gite In-Reply-To: <49EEB93E.9080503@nixcraft.com> Message-ID: <20090422083240.Q15361@maildrop.int.zabbadoz.net> References: <49EEB93E.9080503@nixcraft.com> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org, FreeBSD virtualization mailing list Subject: Re: Regarding multi-ip Bjoern head patch X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-jail@freebsd.org List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Apr 2009 08:35:07 -0000 On Wed, 22 Apr 2009, Vivek Gite wrote: > Hi, > > I'm running FreeBSD 7.1_AMD_P4 release with 4 jails. Recently, our ISP > provided us IPv6 and I'd like to use both multiple IPv4 and IPv6 for my > jails. According to FreeBSD wiki (http://wiki.freebsd.org/Jails) - there is a > patch http://svn.freebsd.org/viewvc/base?view=revision&revision=188281 ; > which is committed to FreeBSD. But I'm not able to use it under said > version. So I'm looking to grab this one and manually patch it up. Is there > any tar-ball to grab a patch? Is it included in FreeBSD 7.2RC1? How do I grab > HEADS UP r185435? Yes, all of FreeBSD 7.2 (BETA, RC1, upcomig RC2 and RELEASE) have and will have it. So if you are going to update your system to any of those versions you'll have it. /bz PS: in case of reply please remove the -virtualization Cc: -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Wed Apr 22 09:50:08 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 048FC106566B; Wed, 22 Apr 2009 09:50:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id B1A1A8FC0C; Wed, 22 Apr 2009 09:50:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 7FD3B41C758; Wed, 22 Apr 2009 11:50:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id ICYddnT3d3yE; Wed, 22 Apr 2009 11:50:06 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 300BC41C757; Wed, 22 Apr 2009 11:50:06 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 949EF4448E6; Wed, 22 Apr 2009 09:47:50 +0000 (UTC) Date: Wed, 22 Apr 2009 09:47:50 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: <49EE4B6B.5020005@quip.cz> Message-ID: <20090422094447.A15361@maildrop.int.zabbadoz.net> References: <49EE4B6B.5020005@quip.cz> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: Re: changing cpuset of jail from inside of jail - is it feature? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-jail@freebsd.org List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Apr 2009 09:50:08 -0000 On Wed, 22 Apr 2009, Miroslav Lachman wrote: Hi, > I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 09:56:08 CET > 2009) hosting few jails. > The machine has dual core CPU and some jails are set to run only on one core > (core 0 in this example): > > host# cpuset -l 0 -j 25 > > As I tested today, root user inside the jail can change this by the same > command as I am doing it from the host system: > > injail# cpuset -l 0,1 -j 25 > > And from now, jail with JID 25 is running on both cores. > > Is it expected behavior of cpuset to allow user inside the jail change cpuset > of the jail itself or is it a bug? > > It seems to me as undesirable. it is (undesirable) and it seems to be a bug as even if you do host# cpuset -l 0 -r -j 25 you can get back to 0,1 from within the jail. I'll check how/why this is possible. /bz PS: moving this to freebsd-jail@ -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Wed Apr 22 10:48:01 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 21CF8106566B for ; Wed, 22 Apr 2009 10:48:00 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 98D648FC1A for ; Wed, 22 Apr 2009 10:48:00 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 7FC1A19E023 for ; Wed, 22 Apr 2009 12:47:58 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 06E3319E019 for ; Wed, 22 Apr 2009 12:47:56 +0200 (CEST) Message-ID: <49EEF5DB.4030408@quip.cz> Date: Wed, 22 Apr 2009 12:47:55 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <49EE4B6B.5020005@quip.cz> <20090422094447.A15361@maildrop.int.zabbadoz.net> In-Reply-To: <20090422094447.A15361@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: changing cpuset of jail from inside of jail - is it feature? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Apr 2009 10:48:02 -0000 Bjoern A. Zeeb wrote: > On Wed, 22 Apr 2009, Miroslav Lachman wrote: > > Hi, > >> I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 >> 09:56:08 CET 2009) hosting few jails. >> The machine has dual core CPU and some jails are set to run only on >> one core (core 0 in this example): >> >> host# cpuset -l 0 -j 25 >> >> As I tested today, root user inside the jail can change this by the >> same command as I am doing it from the host system: >> >> injail# cpuset -l 0,1 -j 25 >> >> And from now, jail with JID 25 is running on both cores. >> >> Is it expected behavior of cpuset to allow user inside the jail change >> cpuset of the jail itself or is it a bug? >> >> It seems to me as undesirable. > > > it is (undesirable) and it seems to be a bug as even if you do > > host# cpuset -l 0 -r -j 25 > > you can get back to 0,1 from within the jail. > > I'll check how/why this is possible. > > /bz > > PS: moving this to freebsd-jail@ I found this behavior as result of your reply to my e-mail from March http://lists.freebsd.org/pipermail/freebsd-jail/2009-March/000751.html You are suggesting jail__exec_afterstart to use it for cpuset of starting jails, but as I look in to /etc/rc.d/jail, it seems this command is executed inside of the jail: while [ true ]; do eval out=\"\${_exec_afterstart${i}:-''}\" if [ -z "$out" ]; then break; fi jexec "${_jail_id}" ${out} i=$((i + 1)) done So I was confused if cpuset behavior i expected or not and if not, I don't know how to use current rc.d/jail + rc.conf to start jails on choosen cores or in particular set of cpus/cores. That was the reason to my suggestion - write patch for rc.d/jail to support something like: jail__cpuset_list="0,3,5" # start jail on cores 0, 3 and 5 It should be something like: _cpuset="cpuset -l ${_cpuset_list}" eval ${_cpuset} ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \ \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 (I didn't test the example above, so I don't know if it is valid) or something like: if [ -n "$_cpuset_list" ]; then cpuset -l ${_cpuset_list} -j ${_jail_id} fi (^ this seems more simpler) I don't know what is better, or if there is another way to set cpuset of jails from rc.conf But the first problem is as I previously posted - cpuset of jail should not be changed from within jail... Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Wed Apr 22 15:45:08 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F44D1065674 for ; Wed, 22 Apr 2009 15:45:08 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: from blah.sun-fish.com (blah.sun-fish.com [217.18.249.150]) by mx1.freebsd.org (Postfix) with ESMTP id 72E558FC14 for ; Wed, 22 Apr 2009 15:45:07 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: by blah.sun-fish.com (Postfix, from userid 1002) id 639361B137E8; Wed, 22 Apr 2009 17:25:55 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on malcho.cmotd.com X-Spam-Level: X-Spam-Status: No, score=-10.6 required=5.0 tests=ALL_TRUSTED,BAYES_00, HTML_MESSAGE autolearn=ham version=3.2.5 Received: from postal.dev.moneybookers.net (postal.dev.moneybookers.net [192.168.3.200]) by blah.sun-fish.com (Postfix) with ESMTP id C4D8C1B133E2; Wed, 22 Apr 2009 17:25:52 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by postal.dev.moneybookers.net (Postfix) with ESMTP id 2DF3C9366C5; Wed, 22 Apr 2009 17:25:20 +0200 (CEST) X-Virus-Scanned: amavisd-new at moneybookers.com Received: from postal.dev.moneybookers.net ([127.0.0.1]) by localhost (postal.dev.moneybookers.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id req7vN5-FwaA; Wed, 22 Apr 2009 17:25:17 +0200 (CEST) Received: from hater.cmotd.com (hater.cmotd.com [192.168.3.125]) by postal.dev.moneybookers.net (Postfix) with ESMTP id B802B936677; Wed, 22 Apr 2009 17:25:17 +0200 (CEST) Message-Id: From: Stefan Lambrev To: Bjoern A. Zeeb In-Reply-To: <20090207174104.Y93725@maildrop.int.zabbadoz.net> Mime-Version: 1.0 (Apple Message framework v930.3) Date: Wed, 22 Apr 2009 18:25:50 +0300 References: <20090207174104.Y93725@maildrop.int.zabbadoz.net> X-Mailer: Apple Mail (2.930.3) X-Virus-Scanned: ClamAV 0.94/9272/Wed Apr 22 15:07:03 2009 on blah.cmotd.com X-Virus-Status: Clean Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org, freebsd-stable@FreeBSD.org Subject: Re: HEADS UP: multi-IPv4/v6/no-IP jails now in 7-STABLE X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Apr 2009 15:45:08 -0000 Hi, Does this allow multiple network interfaces to be used by a single jail instance? On Feb 7, 2009, at 8:18 PM, Bjoern A. Zeeb wrote: > Hi, > > what has started a long time ago with patches from various people, was > started, abandoned, resumed finally found an end. > > I am happy to hereby announce that the multi-IPv4/v6/no-IP jails work > has been merged to 7-STABLE and thus can be used in FreeBSD 7 without > the need to maintain or apply patches from now on. > > This also means that the updated jails will be included in 7.2 > release. > > This update gives you (short selection): > - zero, one or multi-IP jails. > - IPv4 and IPv6 support. > - cpuset support for jails. > - jail names and states to ease administration. - 32bit compat on > 64bit, jail v1 compat, .. > > You'll find a longer summary about all the new features and how to use > them in a posting from December (you should really read it): > http://lists.freebsd.org/pipermail/freebsd-jail/2008-December/000631.html > > Since the above posting, multiple PRs had been addressed and fixes > include > - SIOCGIFADDR ioctl handling which fixes the "samba inside jails > problem" > - no more arp and ndp information disclosure > - updated rc.conf framework (fully backward compatible in 7), see > man 5 rc.conf and /etc/defaults/rc.conf. > - various documentation/man page updates > - ... > > > I'd like to thank everyone who had helped to make this possible! > > > If you like the work, mayhap even use it for your business, or just > want > to support FreeBSD, you may want to visit > http://www.freebsdfoundation.org/ > and help donating some money. > > > Enjoy your new jails! > (and don't try to escape - you sure won't succeed;) > > /bz > > -- > Bjoern A. Zeeb The greatest risk is not taking > one. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org > " -- Best Wishes, Stefan Lambrev ICQ# 24134177 From owner-freebsd-jail@FreeBSD.ORG Wed Apr 22 20:26:04 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A6D4106564A for ; Wed, 22 Apr 2009 20:26:04 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 169488FC18 for ; Wed, 22 Apr 2009 20:26:03 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 6FA0519E023; Wed, 22 Apr 2009 22:26:01 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 44EEE19E019; Wed, 22 Apr 2009 22:25:59 +0200 (CEST) Message-ID: <49EF7D57.9010307@quip.cz> Date: Wed, 22 Apr 2009 22:25:59 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: Stefan Lambrev References: <20090207174104.Y93725@maildrop.int.zabbadoz.net> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: HEADS UP: multi-IPv4/v6/no-IP jails now in 7-STABLE X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Apr 2009 20:26:04 -0000 Stefan Lambrev wrote: > Hi, > > Does this allow multiple network interfaces to be used by a single jail > instance? Yes, I am using it. root@cage ~/# jls -v JID Hostname Path Name State CPUSetID IP Address(es) 25 costa.example.com /vol0/jail/costa ALIVE 2 xxx.yy.105.31 192.168.222.57 root@costa //# ifconfig nfe0: flags=8843 metric 0 mtu 1500 options=19b ether 00:1a:24:bd:e2:0f inet 192.168.222.57 netmask 0xffffffff broadcast 192.168.222.57 media: Ethernet autoselect (100baseTX ) status: active [...] bge1: flags=8843 metric 0 mtu 1500 options=9b ether 00:1a:24:bd:e2:0e inet xxx.yy.105.31 netmask 0xffffffff broadcast xxx.yy.105.31 media: Ethernet autoselect (100baseTX ) status: active Above command (ifconfig) is inside jail, manually stripped other interfaces. (xxx.yy replaces real IP address) bge1 is used for internet connection and nfe0 for access services in LAN Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Thu Apr 23 14:25:07 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6AB441065687 for ; Thu, 23 Apr 2009 14:25:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 23FBB8FC15 for ; Thu, 23 Apr 2009 14:25:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id CB91141C6A3; Thu, 23 Apr 2009 16:25:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id NKAja+F1hBMx; Thu, 23 Apr 2009 16:25:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 6874E41C6A1; Thu, 23 Apr 2009 16:25:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 878DD4448E6; Thu, 23 Apr 2009 14:22:11 +0000 (UTC) Date: Thu, 23 Apr 2009 14:22:11 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: <49EEF5DB.4030408@quip.cz> Message-ID: <20090423141908.T15361@maildrop.int.zabbadoz.net> References: <49EE4B6B.5020005@quip.cz> <20090422094447.A15361@maildrop.int.zabbadoz.net> <49EEF5DB.4030408@quip.cz> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: changing cpuset of jail from inside of jail - is it feature? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2009 14:25:07 -0000 On Wed, 22 Apr 2009, Miroslav Lachman wrote: Hi, > Bjoern A. Zeeb wrote: > >> On Wed, 22 Apr 2009, Miroslav Lachman wrote: >> >> Hi, >> >>> I am running system FreeBSD 7.1-STABLE amd64 GENERIC (Wed Feb 11 09:56:08 >>> CET 2009) hosting few jails. >>> The machine has dual core CPU and some jails are set to run only on one >>> core (core 0 in this example): >>> >>> host# cpuset -l 0 -j 25 >>> >>> As I tested today, root user inside the jail can change this by the same >>> command as I am doing it from the host system: >>> >>> injail# cpuset -l 0,1 -j 25 >>> >>> And from now, jail with JID 25 is running on both cores. >>> >>> Is it expected behavior of cpuset to allow user inside the jail change >>> cpuset of the jail itself or is it a bug? >>> >>> It seems to me as undesirable. >> >> >> it is (undesirable) and it seems to be a bug as even if you do >> >> host# cpuset -l 0 -r -j 25 >> >> you can get back to 0,1 from within the jail. >> >> I'll check how/why this is possible. >> >> /bz >> >> PS: moving this to freebsd-jail@ Ok, I am not sure what is going wrong here; well I know but I don't know if it's intended in cpuset. Trying to talk to the right people but they seen to be AWOL atm. If you are brave, you could try: http://people.freebsd.org/~bz/20090423-01-cpuset-jails.diff I haven't even compiled it yet. It may work, it may not work, it may make your machine panicing, ... just to warn you. it should still allow you to create further sets within a jail but you should not be able to change the "root set" of the jail from inside the jail anymore (in case it works;) /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Thu Apr 23 15:16:22 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A1251106566B for ; Thu, 23 Apr 2009 15:16:22 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 5E52E8FC1B for ; Thu, 23 Apr 2009 15:16:22 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 2C68819E027; Thu, 23 Apr 2009 17:16:20 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 1A24719E019; Thu, 23 Apr 2009 17:16:18 +0200 (CEST) Message-ID: <49F08641.6060607@quip.cz> Date: Thu, 23 Apr 2009 17:16:17 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <49EE4B6B.5020005@quip.cz> <20090422094447.A15361@maildrop.int.zabbadoz.net> <49EEF5DB.4030408@quip.cz> <20090423141908.T15361@maildrop.int.zabbadoz.net> In-Reply-To: <20090423141908.T15361@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: changing cpuset of jail from inside of jail - is it feature? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2009 15:16:22 -0000 Bjoern A. Zeeb wrote: > On Wed, 22 Apr 2009, Miroslav Lachman wrote: [...] > Ok, I am not sure what is going wrong here; well I know but I don't > know if it's intended in cpuset. Trying to talk to the right people > but they seen to be AWOL atm. > > > If you are brave, you could try: > > http://people.freebsd.org/~bz/20090423-01-cpuset-jails.diff > > I haven't even compiled it yet. It may work, it may not work, it may > make your machine panicing, ... just to warn you. > > it should still allow you to create further sets within a jail but you > should not be able to change the "root set" of the jail from inside > the jail anymore (in case it works;) Thank you, I will try your patch today in Qemu testing environment and report back. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Thu Apr 23 23:22:12 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80A32106566C for ; Thu, 23 Apr 2009 23:22:12 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 3E29B8FC08 for ; Thu, 23 Apr 2009 23:22:11 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 9488D19E023; Fri, 24 Apr 2009 01:22:09 +0200 (CEST) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 3AF1919E019; Fri, 24 Apr 2009 01:22:07 +0200 (CEST) Message-ID: <49F0F81F.8050503@quip.cz> Date: Fri, 24 Apr 2009 01:22:07 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <49EE4B6B.5020005@quip.cz> <20090422094447.A15361@maildrop.int.zabbadoz.net> <49EEF5DB.4030408@quip.cz> <20090423141908.T15361@maildrop.int.zabbadoz.net> In-Reply-To: <20090423141908.T15361@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: changing cpuset of jail from inside of jail - is it feature? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2009 23:22:12 -0000 Bjoern A. Zeeb wrote: [...] > Ok, I am not sure what is going wrong here; well I know but I don't > know if it's intended in cpuset. Trying to talk to the right people > but they seen to be AWOL atm. > > > If you are brave, you could try: > > http://people.freebsd.org/~bz/20090423-01-cpuset-jails.diff > > I haven't even compiled it yet. It may work, it may not work, it may > make your machine panicing, ... just to warn you. > > it should still allow you to create further sets within a jail but you > should not be able to change the "root set" of the jail from inside > the jail anymore (in case it works;) I did just a quick test. (OK, not so quick, because compilation inside Qemu on my old PC takes 2 hours ;]) It compiles without problems and did what I expect: root@72-rc1 ~/# jls JID IP Address Hostname Path 1 alpha.test /usr/jail/alpha root@72-rc1 ~/# jexec 1 tcsh root@alpha //# cpuset -l 0 -j 1 cpuset: setaffinity: Operation not permitted root@alpha //# cpuset -l 0 -r -j 1 cpuset: setaffinity: Operation not permitted I have no real multicore machine to test it more deeply. (can't test it on production servers and spare machine is blocked by another task) Will this fix be included in 7.2-RELEASE or is it too late to commit this fix? Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Fri Apr 24 00:39:05 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 989771065675 for ; Fri, 24 Apr 2009 00:39:05 +0000 (UTC) (envelope-from kagekonjou@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.28]) by mx1.freebsd.org (Postfix) with ESMTP id 53B518FC45 for ; Fri, 24 Apr 2009 00:39:05 +0000 (UTC) (envelope-from kagekonjou@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so508069yxb.13 for ; Thu, 23 Apr 2009 17:39:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=mon4PiziEmwZPnIlIN3s1RJ8y/XxIcXXnDH0hWcAXjI=; b=wOw72i3lWzQGqdSNlkpue9ijGxdCmm3dEV1YBN241pFyBffVoaZJKiqVz17Pn1O7Vz 4LeEQ7i7EHXNd1FHEmkCZCbAxDah0mij0YTzZXm1HQgrwNANLSGY1/utrILfR0zrWgJx gmESEbujKAZSoGoxWosxHqTdVQH2LNNdFJrIM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=EItFdyJrB8U60anvD3L/vL6wJoiHkpKopyxMeQT9eyaoRf4Xu78f7jIk9MHo1/6uHG 9WN8T3FKp4k+4929VQiUGPyGGIKUyJDwFgSxie1bj+2vKggVug1hfhTXL749GJ+sY5pd zYI+1EMlrMqxZOz7THZu7zGBZI86XjMaldNNU= MIME-Version: 1.0 Received: by 10.231.19.68 with SMTP id z4mr841032iba.7.1240531758459; Thu, 23 Apr 2009 17:09:18 -0700 (PDT) In-Reply-To: <49EE42C5.3010409@quip.cz> References: <49EC926D.6020404@peterhost.ru> <49EE42C5.3010409@quip.cz> Date: Thu, 23 Apr 2009 20:09:18 -0400 Message-ID: From: Kage To: Miroslav Lachman <000.fbsd@quip.cz> Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Cc: =?KOI8-R?B?7cXO2NvJy8/XIOvPztPUwc7Uyc4=?= , freebsd-jail@freebsd.org Subject: Re: CPU limit for Jails(patch for ULE scheduler) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2009 00:39:06 -0000 I'm definitely interested in this patch. I can see some good work coming from this. However, at this time, I do not have a development FreeBSD server I can heavily test this on. I'm definitely looking forward to a "stable" patch of this, and will make use of it. Please keep us informed! 2009/4/21 Miroslav Lachman <000.fbsd@quip.cz>: > =ED=C5=CE=D8=DB=C9=CB=CF=D7 =EB=CF=CE=D3=D4=C1=CE=D4=C9=CE wrote: >> >> Hello all! >> Many users want have limits on resourse for jail, for examle cpu and >> memory limit. >> I`m rewrire original cdjones patch =9Afor cpu limit for jail under ULE >> scheduler. >> So, =9Athis work simple. >> We count cpu usage for all jails, and if jail use cpu more than have >> shared cpu, we move his threads to IDLE queue and return to TIMESHARE in >> =9Areverse case. >> Jailed thread can use all avaliable cpu time, if =9Asystem has avaliable >> cpu. >> If system under heavy load, jailed thread can`t use cpu long as ratio >> (shared cpu for jail/ all shared cpu) < (estimate usage cpu for jail / >> all usage cpu) . >> Unjailed thread and interactive thread are not subject to this regime. >> Add 2 sysctl >> kern.sched.total_sched_shares - total count shares cpu in system, >> increase if we have more cpu >> kern.sched.flush_estcpu_interval - flush estcpu interval in ticks, >> default is 2560 =3D 2 * 128 * 10, NCPU*stathz*sec, increase if we have >> more cpu >> For use cpu limit, you need use flag -S NSharedCPU in /usr/sbin/jail >> program. >> My example jail -S100 /usr/jails/root/ root.kostjn.pht =9A192.168.0.245 >> /bin/csh >> >> I`m tested this under 10 simultaneous process in jail and in main >> system. test program is infinity cycle an 8 core xeon, use RELENG_7. >> First run process in jail, and after in main system. >> This one process tracking cpu usage > > [...] > >> So we see, that after run in main system, jailed process can`t usage cpu= . >> >> Please communicate me =9Aabout all problem in this patch. >> This is initial version, without tune jail parameter in runtime. >> >> So, this work. But i`m not sure, that is best way. >> >> Attempt increase priority for jailed thread not work, because non >> interactive thread (that utilize many cpu) already have small >> prioriry(numerical high). >> Attempt decrease number ticks in cpu time slice, also not good idea, >> because, this increase number context switching on high load. >> May be you see other way for do this? >> Share you idea. >> >> Thank. >> Original cdjones =9Acpu and memory limit patch >> http://wiki.freebsd.org/JailResourceLimits > > Hello, > I can't judge your work / patch as I am not developer nor C programmer. B= ut > it is nice to see that someone is working on the resource limits. I am > waiting for this feature for a years without success. The original SoC > project was never done (not production ready). There were attempts by oth= ers > to update cdjones patch to newer versions of FreeBSD, but still with some > minor problems. The last I remember is "Memory limits on 7.0" by Christop= her > Thunes (e-mail in archive of this list from 2008-06-24). Unfortunately I = had > not time to test his patch in times of 7.0 and I am not aware of any newe= r > version of this patch (for 7.1 or upcoming 7.2). > > It would be nice if independent developers can work together on this subj= ect > and do this work production / commit ready. > > May be you should open PR with you patch, so anybody can find it, test it > and help to make it better. Or if you have own web page with this patch + > some documentation, I can put the link to http://wiki.freebsd.org/Jails > > Can you take a look to Memory limits patch and incorporate it in to your > patch? > > Do you have a plan to add jtune? > > Thanks for your work, I hope I will have time to test it in few weeks. > > Miroslav Lachman > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > --=20 ~ Kage http://vitund.com http://hackthissite.org