From owner-freebsd-hackers Sat Nov 30 9:23:11 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF7F737B401 for ; Sat, 30 Nov 2002 09:23:09 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6882943E4A for ; Sat, 30 Nov 2002 09:23:09 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.6/8.12.5) with SMTP id gAUHN3BF025391; Sat, 30 Nov 2002 12:23:03 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sat, 30 Nov 2002 12:23:03 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Terry Lambert Cc: Stefanos Kiakas , freebsd-hackers@freebsd.org Subject: Re: jail In-Reply-To: <3DE66834.B2333404@mindspring.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 28 Nov 2002, Terry Lambert wrote: > Stefanos Kiakas wrote: > > Jean Milanez Melo wrote: > > > I run a number of jail enviroments in a public server, so, i would like to > > > limit the disk usage of each jail to, say, X GB. Lets think of a practical > > > issue. I have 40GB storage space, and what i want is to limit disk usage > > > to 5GB each jail. > > I believe it has been discussed on one of these lists before. > > > > Create a file that is 5G and use vnconfig to define pseudo disk > > device, create a new file system using newfs, then create the jail. > > > Note that the vnode file code is moderately broken, with regard to locks > and GEOM and all that. > > To avoid lockups if you do this, make sure each 5G file lives in its own > subdirectory, and does not share a subdirectory with another file that > is also being used as a device. > > Otherwise, it's fairly easy to lock up, and in fact, the cron job for > the security notification's "find" in the main vs. the jailed system > will cause it to lock hard. Hmm. The only bug like that I know about in -current was corrected in one of Kirk or Jeff's passes through getnewvnode() a few months ago, and involved a race condition when rotating logs in the same directory during a newsyslog call during heavy recursive directory activity -- specifically, the security script. Do you have any more practical details about the nature of the hang? In particular, the results of show locks and show lockedvnods would be useful for interesting processes, as well as their wait channels. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message