From owner-freebsd-hackers@FreeBSD.ORG Wed Jul 13 13:34:51 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57FD416A41C for ; Wed, 13 Jul 2005 13:34:51 +0000 (GMT) (envelope-from jas_arlerr@yahoo.com.cn) Received: from web15003.mail.cnb.yahoo.com (web15003.mail.cnb.yahoo.com [202.165.103.60]) by mx1.FreeBSD.org (Postfix) with SMTP id 6AF4A43D53 for ; Wed, 13 Jul 2005 13:34:44 +0000 (GMT) (envelope-from jas_arlerr@yahoo.com.cn) Received: (qmail 73083 invoked by uid 60001); 13 Jul 2005 13:34:43 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.cn; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=FbBYreKMVLOuUjUrvP42QJiZE+sQpwRncQbTuD2vDSMtX9n4RDnP5Bmaiiq4I/2yD6cWnTGjbabzblAKtdaTD5qA+56U/WfSWCyCBlpVxJQx7PaFLWR3r9eHeKygOYTKWqX6zoKN64D1yI9FVNrvSysBO1IRZghPa+BAvLNQkPA= ; Message-ID: <20050713133443.73081.qmail@web15003.mail.cnb.yahoo.com> Received: from [61.187.54.10] by web15003.mail.cnb.yahoo.com via HTTP; Wed, 13 Jul 2005 21:34:43 CST Date: Wed, 13 Jul 2005 21:34:43 +0800 (CST) From: Jone Jas To: Vlad GALU In-Reply-To: <79722fad05071303383a75e685@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd hackers Subject: Re: limit jail disk space X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2005 13:34:51 -0000 Vlad GALU 写道: > Sure. The tools may control all limits such as cpu time, >memory, bandwidth, disk space, etc. I have read the Linux >VServer dlimit code. But I am not very sure where to put the >hooks for inode/blocks control of jail in FreeBSD. This is why I >open this thread. Vlad GALU said I can look to the quota >method. I will try. Thanks. >It will most probably be tricky, because you can practically >have the same uid in both worlds (the host and the jail) with >different quota settings mapped to it. So upon granting fs >resources you'd have to check which 'world' the request came >from. If the quota for that world isn't overdue, you check for >that uid's quota inside that world and if that's still OK you >grant the resource. If we use different start number for users in jails and in the host as said on some wikis (i.e., increase the start uid for jail users), the different quota mapping will not be confused. >You will probably have to add an extra member to the prison >structure, to hold the global quota for that jail. Yes, I do think so. --------------------------------- DO YOU YAHOO!? 雅虎邮箱超强增值服务-2G超大空间、pop3收信、无限量邮件提醒