From owner-p4-projects@FreeBSD.ORG  Tue Jul 25 09:16:56 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id A10CB16A4DE; Tue, 25 Jul 2006 09:16:56 +0000 (UTC)
X-Original-To: perforce@FreeBSD.org
Delivered-To: perforce@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DB8EA16A4DA
	for <perforce@FreeBSD.org>; Tue, 25 Jul 2006 09:16:55 +0000 (UTC)
	(envelope-from cdjones@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A8A9643D4C
	for <perforce@FreeBSD.org>; Tue, 25 Jul 2006 09:16:55 +0000 (GMT)
	(envelope-from cdjones@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k6P9GtW4019909
	for <perforce@FreeBSD.org>; Tue, 25 Jul 2006 09:16:55 GMT
	(envelope-from cdjones@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k6P9GtAY019902
	for perforce@freebsd.org; Tue, 25 Jul 2006 09:16:55 GMT
	(envelope-from cdjones@FreeBSD.org)
Date: Tue, 25 Jul 2006 09:16:55 GMT
Message-Id: <200607250916.k6P9GtAY019902@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	cdjones@FreeBSD.org using -f
From: Chris Jones <cdjones@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 102356 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jul 2006 09:16:56 -0000

http://perforce.freebsd.org/chv.cgi?CH=102356

Change 102356 by cdjones@cdjones-impulse on 2006/07/25 09:16:19

	Add memory limit argument to jail(8).

Affected files ...

.. //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#10 edit
.. //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#11 edit
.. //depot/projects/soc2006/cdjones_jail/src/usr.sbin/jail/jail.c#5 edit

Differences ...

==== //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#10 (text+ko) ====

@@ -162,6 +162,7 @@
 	pr->pr_linux = NULL;
 	pr->pr_priority = j.priority;
 	pr->pr_securelevel = securelevel;
+	pr->pr_mem_limit = j.mem_limit;
 
 	/* Determine next pr_id and add prison to allprison list. */
 	mtx_lock(&allprison_mtx);
@@ -446,6 +447,7 @@
     }
 
     /* Get memory usage (see vm/vm_map.h). */
+    /* TODO maybe use vm_swrss? */
     mem_used += (p->p_vmspace)->vm_tsize; /* text size (pages) */
     mem_used += (p->p_vmspace)->vm_dsize; /* data size (pages) */
     mem_used += (p->p_vmspace)->vm_ssize; /* stack size (pages) */

==== //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#11 (text+ko) ====

@@ -19,6 +19,7 @@
 	char		*hostname;
 	u_int32_t	ip_number;
 	unsigned int	priority;
+        unsigned int    mem_limit;
 /*        struct thread   *scheduler;
  CJ TODO --- add reference to preferred scheduler, e.g. by name? */
 };
@@ -30,6 +31,7 @@
 	char 		 pr_host[MAXHOSTNAMELEN];
 	u_int32_t	 pr_ip;
         unsigned int     priority;
+        unsigned int     mem_limit;
   /*        struct thread    *scheduler; */
 };
 #define	XPRISON_VERSION	1
@@ -38,6 +40,8 @@
 #define JAIL_MINIMUM_PRIORITY 1
 #define JAIL_MAXIMUM_PRIORITY 100
 
+#define JAIL_DEFAULT_MEM_LIMIT 256 * 1024 * 1024
+
 #define J_SCHED_TD_ACTIVE 0x01
 #define J_SCHED_TD_DIE    0x02
 #define J_SCHED_TD_DEAD   0x04

==== //depot/projects/soc2006/cdjones_jail/src/usr.sbin/jail/jail.c#5 (text+ko) ====

@@ -56,6 +56,7 @@
 	struct in_addr in;
 	gid_t groups[NGROUPS];
 	int ch, i, iflag, Jflag, lflag, ngroups, securelevel, uflag, Uflag;
+	unsigned int mem_limit, priority;
 	char path[PATH_MAX], *ep, *username, *JidFile;
 	static char *cleanenv;
 	const char *shell, *p = NULL;
@@ -63,12 +64,13 @@
 	FILE *fp;
 
 	iflag = Jflag = lflag = uflag = Uflag = 0;
+	mem_limit = JAIL_DEFAULT_MEM_LIMIT;
 	priority = JAIL_DEFAULT_PRIORITY;
 	securelevel = -1;
 	username = JidFile = cleanenv = NULL;
 	fp = NULL;
 
-	while ((ch = getopt(argc, argv, "ilp:s:u:U:J:")) != -1) {
+	while ((ch = getopt(argc, argv, "ilp:m:s:u:U:J:")) != -1) {
 		switch (ch) {
 		case 'i':
 			iflag = 1;
@@ -77,6 +79,9 @@
 			JidFile = optarg;
 			Jflag = 1;
 			break;
+		case 'm':
+			mem_limit = atoi(optarg);
+			break;
 		case 'p':
 			priority = atoi(optarg);
 			if (priority < JAIL_MINIMUM_PRIORITY || 
@@ -125,6 +130,7 @@
 	if (inet_aton(argv[2], &in) == 0)
 		errx(1, "Could not make sense of ip-number: %s", argv[2]);
 	j.ip_number = ntohl(in.s_addr);
+	j.mem_limit = mem_limit;
 	j.priority = priority;
 	if (Jflag) {
 		fp = fopen(JidFile, "w");
@@ -190,8 +196,9 @@
 usage(void)
 {
 
-	(void)fprintf(stderr, "%s%s%s\n",
-	     "usage: jail [-i] [-J jid_file] [-p priority] [-s securelevel]",
+	(void)fprintf(stderr, "%s%s%s%s\n",
+	     "usage: jail [-i] [-J jid_file] [-m mem_limit] ",
+             "[-p priority] [-s securelevel]",
              " [-l -u ",
 	     "username | -U username]",
 	     " path hostname ip-number command ...");