Date: Tue, 25 Jul 2006 09:16:55 GMT From: Chris Jones <cdjones@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 102356 for review Message-ID: <200607250916.k6P9GtAY019902@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=102356 Change 102356 by cdjones@cdjones-impulse on 2006/07/25 09:16:19 Add memory limit argument to jail(8). Affected files ... .. //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#10 edit .. //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#11 edit .. //depot/projects/soc2006/cdjones_jail/src/usr.sbin/jail/jail.c#5 edit Differences ... ==== //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#10 (text+ko) ==== @@ -162,6 +162,7 @@ pr->pr_linux = NULL; pr->pr_priority = j.priority; pr->pr_securelevel = securelevel; + pr->pr_mem_limit = j.mem_limit; /* Determine next pr_id and add prison to allprison list. */ mtx_lock(&allprison_mtx); @@ -446,6 +447,7 @@ } /* Get memory usage (see vm/vm_map.h). */ + /* TODO maybe use vm_swrss? */ mem_used += (p->p_vmspace)->vm_tsize; /* text size (pages) */ mem_used += (p->p_vmspace)->vm_dsize; /* data size (pages) */ mem_used += (p->p_vmspace)->vm_ssize; /* stack size (pages) */ ==== //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#11 (text+ko) ==== @@ -19,6 +19,7 @@ char *hostname; u_int32_t ip_number; unsigned int priority; + unsigned int mem_limit; /* struct thread *scheduler; CJ TODO --- add reference to preferred scheduler, e.g. by name? */ }; @@ -30,6 +31,7 @@ char pr_host[MAXHOSTNAMELEN]; u_int32_t pr_ip; unsigned int priority; + unsigned int mem_limit; /* struct thread *scheduler; */ }; #define XPRISON_VERSION 1 @@ -38,6 +40,8 @@ #define JAIL_MINIMUM_PRIORITY 1 #define JAIL_MAXIMUM_PRIORITY 100 +#define JAIL_DEFAULT_MEM_LIMIT 256 * 1024 * 1024 + #define J_SCHED_TD_ACTIVE 0x01 #define J_SCHED_TD_DIE 0x02 #define J_SCHED_TD_DEAD 0x04 ==== //depot/projects/soc2006/cdjones_jail/src/usr.sbin/jail/jail.c#5 (text+ko) ==== @@ -56,6 +56,7 @@ struct in_addr in; gid_t groups[NGROUPS]; int ch, i, iflag, Jflag, lflag, ngroups, securelevel, uflag, Uflag; + unsigned int mem_limit, priority; char path[PATH_MAX], *ep, *username, *JidFile; static char *cleanenv; const char *shell, *p = NULL; @@ -63,12 +64,13 @@ FILE *fp; iflag = Jflag = lflag = uflag = Uflag = 0; + mem_limit = JAIL_DEFAULT_MEM_LIMIT; priority = JAIL_DEFAULT_PRIORITY; securelevel = -1; username = JidFile = cleanenv = NULL; fp = NULL; - while ((ch = getopt(argc, argv, "ilp:s:u:U:J:")) != -1) { + while ((ch = getopt(argc, argv, "ilp:m:s:u:U:J:")) != -1) { switch (ch) { case 'i': iflag = 1; @@ -77,6 +79,9 @@ JidFile = optarg; Jflag = 1; break; + case 'm': + mem_limit = atoi(optarg); + break; case 'p': priority = atoi(optarg); if (priority < JAIL_MINIMUM_PRIORITY || @@ -125,6 +130,7 @@ if (inet_aton(argv[2], &in) == 0) errx(1, "Could not make sense of ip-number: %s", argv[2]); j.ip_number = ntohl(in.s_addr); + j.mem_limit = mem_limit; j.priority = priority; if (Jflag) { fp = fopen(JidFile, "w"); @@ -190,8 +196,9 @@ usage(void) { - (void)fprintf(stderr, "%s%s%s\n", - "usage: jail [-i] [-J jid_file] [-p priority] [-s securelevel]", + (void)fprintf(stderr, "%s%s%s%s\n", + "usage: jail [-i] [-J jid_file] [-m mem_limit] ", + "[-p priority] [-s securelevel]", " [-l -u ", "username | -U username]", " path hostname ip-number command ...");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607250916.k6P9GtAY019902>