From owner-freebsd-questions@FreeBSD.ORG Sun Sep 22 17:15:28 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 3B1638F4 for ; Sun, 22 Sep 2013 17:15:28 +0000 (UTC) (envelope-from fbsd8@a1poweruser.com) Received: from relay.mailchannels.net (go-003-i83.relay.mailchannels.net [204.187.13.94]) by mx1.freebsd.org (Postfix) with ESMTP id DA9412B96 for ; Sun, 22 Sep 2013 17:15:26 +0000 (UTC) X-Sender-Id: demandmedia|env-sender|fbsd8@a1poweruser.com Received: from mail-24.name-services.com (ip-10-255-7-74.us-west-2.compute.internal [10.255.7.74]) by relay.mailchannels.net (Postfix) with ESMTPA id 696C4665E; Sun, 22 Sep 2013 13:45:52 +0000 (UTC) X-Sender-Id: demandmedia|env-sender|fbsd8@a1poweruser.com Received: from mail-24.name-services.com (mail-24.name-services.com [10.255.21.250]) (using TLSv1 with cipher AES128-SHA) by 0.0.0.0:2500 (trex/5.0.11); Sun, 22 Sep 2013 13:45:52 GMT X-MC-Relay: Neutral X-MailChannels-Auth-Id: demandmedia Received: from [10.0.10.1] (cpe-173-88-219-204.neo.res.rr.com [173.88.219.204]) by mail-24.name-services.com with SMTP; Sun, 22 Sep 2013 06:45:45 -0700 Message-ID: <523EF48A.9090007@a1poweruser.com> Date: Sun, 22 Sep 2013 09:45:46 -0400 From: Fbsd8 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: David Demelier , FreeBSD Questions Subject: Re: rctl within jail References: <5236B4A2.4000103@gmail.com> In-Reply-To: <5236B4A2.4000103@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Sep 2013 17:15:28 -0000 David Demelier wrote: > Hello there, > > I wanted to use rctl within a jail to add more fine grained setting for > some users, and default ones to. But it does not seem to work. Is it > supported? Do we need to add a special flag to the jail creation? > > # rctl -a loginclass:default:maxproc:deny=30 > rctl: rctl_add_rule: Operation not permitted > > Regards, > > David The rctl command is brand new. It does not have a group of users yet, so that is why you have not received any replies to your post. As far as I know you can not issue the "rctl" command from within the running jail. The "rctl" command is issued on the HOST only. You can apply rules to an entire jail if you want to, for example; to limit the amount of memory a jail can use: # rctl -a jail::memoryuse:deny=1G (where is the name of your jail). This would make sure the jail can't use more than (approximately) 1 gigabyte of memory. To enable rctl on the host, you need to compile a custom kernel that contains the following 2 parameters; options RACCT options RCTL I think your rctl command would look like this when issued from the host rctl -a jail::loginclass:default:maxproc:deny=30