From owner-freebsd-questions@freebsd.org Thu Jan 5 19:05:48 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9965CA1BDA for ; Thu, 5 Jan 2017 19:05:48 +0000 (UTC) (envelope-from markham@ssimicro.com) Received: from barracuda.ssimicro.com (barracuda.ssimicro.com [96.46.39.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.ssimicro.com", Issuer "RapidSSL SHA256 CA - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A31A614C8 for ; Thu, 5 Jan 2017 19:05:48 +0000 (UTC) (envelope-from markham@ssimicro.com) Received: from mail.ssimicro.com (mail.ssimicro.com [64.247.129.10]) by barracuda.ssimicro.com with ESMTP id tBAc8IOfluwE9C2v (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 05 Jan 2017 13:53:52 -0500 (EST) Received: from yk-office-RESERVED-64-247-130-127.ssimicro.com (yk-office-RESERVED-64-247-130-127.ssimicro.com [64.247.130.127]) (authenticated bits=0) by mail.ssimicro.com (8.15.2/8.15.2) with ESMTPSA id v05Irp56043026 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 5 Jan 2017 11:53:51 -0700 (MST) (envelope-from markham@ssimicro.com) To: freebsd-questions@freebsd.org, freebsd-jail From: markham breitbach Subject: Resource Limits Within Jails Message-ID: <118410c1-1e3e-2388-ea5b-682515bc39f1@ssimicro.com> Date: Thu, 5 Jan 2017 11:53:55 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: by bsmtpd at ssimicro.com X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jan 2017 19:05:48 -0000 I am trying to figure out the best way to manage resource limits for a particular daemon within a jail (specifically memory usage), without having to limit the entire jail and other processes within. I have searched around and looked at the handbook and man pages for rctl and login.conf, but neither seems to really do what I want. rctl only seems to be able to operate from the jail host, and afaik can only limit a process once you have the PID, so you can't just set it somewhere and be done with it. rctl user limits only apply to the host, and not the same user within a jail, and I have not even investigated how that behaves for a process that has started as root and done a privilege drop. Similarly, login.conf seems to have no effect whatsoever within a jail, even after restarting the jail and logging in again. Is there something I am missing? Does anyone know how to do this? Thanks, -Markham