Date: Tue, 12 Jul 2005 14:27:07 +0100 From: Dominic Marks <dom@goodforbusiness.co.uk> To: Robert Atkinson <phreaki@gmail.com> Cc: freebsd-hackers@freebsd.org, Jone Jas <jas_arlerr@yahoo.com.cn> Subject: Re: limit jail disk space Message-ID: <200507121427.07823.dom@goodforbusiness.co.uk> In-Reply-To: <6fb2b46505071205442c5b79b@mail.gmail.com> References: <20050712095048.60122.qmail@web15007.mail.cnb.yahoo.com> <200507121114.42653.dom@goodforbusiness.co.uk> <6fb2b46505071205442c5b79b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 12 July 2005 13:44, Robert Atkinson wrote: > On 7/12/05, Dominic Marks <dom@goodforbusiness.co.uk> wrote: > > On Tuesday 12 July 2005 10:50, Jone Jas wrote: > > > Hi hackers, > > > As far as I know, there is no limit of the disk space that a jail > > > can use. As for the Linux VServer(similar to jail), its dlimit > > > does such thing for the "security context". I read the dlimit > > > code and find that it achieves that by limiting the number of > > > inodes and data blocks the vserver can get. The hooks are > > > inserted in the functions such as ext2_new_inode, > > > ext2_free_inode, ext2_new_block and ext2_free_block. My question > > > is if we can do such thing to the jail. If so, where should we > > > insert the hooks? It seems that the FreeBSD inode/block > > > allocation/free functions are not so explicit as Linux. There are > > > serveral places, I'm not sure which are the correct ones: for > > > inodes: ffs_valloc, ffs_vfree > > > for blocks: ffs_alloc, ffs_freeblk, > > > or ufs_balloc_ufs1/2 > > > > > > Any reply or hints is appreciated! > > > Regards! > > > > One method which does not require hacking any code: > > > > # dd if=3D/dev/zero of=3Djail.file bs=3D1k count=3D1m > > 1048576+0 records in > > 1048576+0 records out > > 1073741824 bytes transferred in 23.940393 secs (44850635 bytes/sec) > > > > # ls -lh jail.file > > -rw-r--r-- 1 dom dom 1.0G Jul 12 11:08 jail.file > > > > # mdconfig -a -t vnode -f jail.file > > md0 > > > > # newfs -U /dev/md0 > > /dev/md0: 1024.0MB (2097152 sectors) block size 16384, fragment > > size 2048 > > using 6 cylinder groups of 183.44MB, 11740 blks, 23488 inodes. > > with soft updates > > super-block backups (for fsck -b #) at: > > 160, 375840, 751520, 1127200, 1502880, 1878560 > > > > # mount /dev/md0 /mnt > > > > # df -ih > > Filesystem Size Used Avail Capacity iused ifree %iused Mounted on > > /dev/md0 989M 4.0K 910M 0% 2 140924 0% /mnt > > > > Now just install your jail into /mnt and it will be confined to the > > size of disc you create. Expect slightly reduced disc performance > > using this technique. > > Under 4.X there doesn't appear to be much loss at all, but with 5.X > the difference is -huge-. =46or most (of my) applications the limiting factor is not sequential IO. It is not ideal, but I think you'll find that most jails performance is not impacted too much by this, I suppose it all depends what you are doing in your jails. If you need full-speed access there is a workaround. Create your jail-in-a-file system, before 'booting' it use a nullfs mount to map a local filesystem inside your jail. Use this filesystem for your IO heavy tasks. This way you can fit each jail-in-a-file system in 128MB or 256MB depending on how many packages you require. The area you map in should be its own partition which is sized appropriately, or you get back to where you started. That is not to say that I wouldn't like it to be fixed. > A topic came in about a month ago, and I saw a long list of > performance tests that 4.X seemed to have nearly twice the speed of 5 > (VN versus MD). > > Nothing we tried was able to get MD up to par. > > > Jas > > > > > --------------------------------- > > > DO YOU YAHOO!? > > > =E9=9B=85=E8=99=8E=E5=85=8D=E8=B4=B9G=E9=82=AE=E7=AE=B1=EF=BC=8D=E4= =B8=AD=E5=9B=BD=E7=AC=AC=E4=B8=80=E7=BB=9D=E6=97=A0=E5=9E=83=E5=9C=BE=E9=82= =AE=E4=BB=B6=E9=AA=9A=E6=89=B0=E8=B6=85=E5=A4=A7=E9=82=AE=E7=AE=B1 > > > _______________________________________________ > > > freebsd-hackers@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > > To unsubscribe, send any mail to > > > "freebsd-hackers-unsubscribe@freebsd.org" > > > > HTH, > > -- > > Dominic Marks > > _______________________________________________ > > freebsd-hackers@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to > > "freebsd-hackers-unsubscribe@freebsd.org" =2D-=20 Dominic Marks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507121427.07823.dom>