From owner-freebsd-current@FreeBSD.ORG Mon Oct 5 19:02:26 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 725181065694 for ; Mon, 5 Oct 2009 19:02:26 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (skuns.zoral.com.ua [91.193.166.194]) by mx1.freebsd.org (Postfix) with ESMTP id C08388FC1B for ; Mon, 5 Oct 2009 19:02:25 +0000 (UTC) Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id n95J2DDr045925 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Oct 2009 22:02:13 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.3/8.14.3) with ESMTP id n95J2Dc7094613; Mon, 5 Oct 2009 22:02:13 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.3/8.14.3/Submit) id n95J2DLu094612; Mon, 5 Oct 2009 22:02:13 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Mon, 5 Oct 2009 22:02:13 +0300 From: Kostik Belousov To: Tom Judge Message-ID: <20091005190213.GV2259@deviant.kiev.zoral.com.ua> References: <4ACA0549.7030404@tomjudge.com> <4ACA2E0F.5010800@elischer.org> <4ACA3146.9090402@tomjudge.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="r+TdwuXy+OXS8TUs" Content-Disposition: inline In-Reply-To: <4ACA3146.9090402@tomjudge.com> User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: freebsd-current@freebsd.org, Julian Elischer Subject: Re: Per Jail Memory Limits X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2009 19:02:26 -0000 --r+TdwuXy+OXS8TUs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 05, 2009 at 05:47:50PM +0000, Tom Judge wrote: > Julian Elischer wrote: > >Tom Judge wrote: > >>Hi, > >> > >>Does anyone know of a patch that will add per jail memory limits so=20 > >>that a jail can't swallow the resources of the entire box? > >> > >> > >>Thanks > >> > >>Tom > >>_______________________________________________ > >>freebsd-current@freebsd.org mailing list > >>http://lists.freebsd.org/mailman/listinfo/freebsd-current > >>To unsubscribe, send any mail to=20 > >>"freebsd-current-unsubscribe@freebsd.org" > > > > > >not yet.. > > >=20 > I started to port this to 7.1 today: >=20 > http://wiki.freebsd.org/JailResourceLimits >=20 >=20 > What are the peoples opinions on this patch? Since r194766, we have precise accounting for the anonymous memory, both globally and per-uid. If current jails infrastructure allows to set per-jail limits (and I suspect that it is), then you should just match these two facilities. The seemingly problematic thing is processes changing their jails. It can be done similar to how the uid accounting is done currently, by remembering which jail was charged in corresponding vm map entry and object. --r+TdwuXy+OXS8TUs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAkrKQrQACgkQC3+MBN1Mb4jzcwCeP/t+PM0oHHSpULzh8sAJxJ51 9PYAmwenDGcBWDinZcZ2nU2v8kRtKsZ2 =kyp7 -----END PGP SIGNATURE----- --r+TdwuXy+OXS8TUs--