Date: Tue, 4 Sep 2012 14:40:44 -0400 From: Darek M <fafaforza@gmail.com> To: Jamie Gritton <jamie@freebsd.org> Cc: FreeBSD-Jail <freebsd-jail@freebsd.org> Subject: Re: Quotas inside jails Message-ID: <CANDt73d3Ywu0_xMOftT4yEz%2BvWvf9nU8PfkYO1aMk_118yVNrQ@mail.gmail.com> In-Reply-To: <50410B12.6050606@FreeBSD.org> References: <CANDt73drFBbfmNN8ZYkn9VdUuDO60JEn8Ks1ZFgsaiDqnbpxLA@mail.gmail.com> <6B11ADF9-5B11-41CD-BDAC-6F8236FC1E4C@jnielsen.net> <CANDt73e92Kewx7KsXaCmZaRPO%2BCNsXBmT4T3Adt8A3wCOVWv5A@mail.gmail.com> <50410B12.6050606@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 31, 2012 at 3:05 PM, Jamie Gritton <jamie@freebsd.org> wrote: > On 08/30/12 17:05, Darek M wrote: >> I'm curious whether the "security.jail.param.allow.quotas" sysctl is >> my missing link, and if so, why it is immutable. > > > The security.jail.param.* sysctls are part of the jail_get/set system > calls, and are all immutable; they server only to define the available > jail parameters. > > So the question now comes to the allow.quotas parameter. If you set this > on a jail, then you will indeed be able to manipulate quotas inside the > jail. But the quotas still aren't per-jail - they're keyed only on > UID/GID, and would share with anyone outside the jail using the same > UID/GID. That's fine if the jail has its own filesystem, but not if it > shares with other jails or (especially) with the host system. > > - Jamie Indeed, this looks to be my missing piece. Using distinct UIDs on each jail should be easily doable, and would be cleaner than using zfs, etc.. However, I tried setting "security.jail.param.allow.quotas" to 1 inside the jail via /etc/sysctl.conf and /boot/loader.conf and it remains at 0. Am I trying to enable it the wrong way? -- Darek
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANDt73d3Ywu0_xMOftT4yEz%2BvWvf9nU8PfkYO1aMk_118yVNrQ>