From owner-svn-src-all@FreeBSD.ORG  Sun Jan 11 18:40:57 2009
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0A7791065692;
	Sun, 11 Jan 2009 18:40:57 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id EADA78FC20;
	Sun, 11 Jan 2009 18:40:56 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n0BIeuLb035548;
	Sun, 11 Jan 2009 18:40:56 GMT (envelope-from bz@svn.freebsd.org)
Received: (from bz@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n0BIeuG6035547;
	Sun, 11 Jan 2009 18:40:56 GMT (envelope-from bz@svn.freebsd.org)
Message-Id: <200901111840.n0BIeuG6035547@svn.freebsd.org>
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Sun, 11 Jan 2009 18:40:56 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r187059 - head/usr.sbin/jail
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jan 2009 18:40:58 -0000

Author: bz
Date: Sun Jan 11 18:40:56 2009
New Revision: 187059
URL: http://svn.freebsd.org/changeset/base/187059

Log:
  Add a short section talking about jails and file systems; mention the
  mountand jail-aware file systems as well as quota.
  
  PR:		kern/68192
  Reviewed by:	simon
  MFC after:	2 weeks

Modified:
  head/usr.sbin/jail/jail.8

Modified: head/usr.sbin/jail/jail.8
==============================================================================
--- head/usr.sbin/jail/jail.8	Sun Jan 11 17:11:01 2009	(r187058)
+++ head/usr.sbin/jail/jail.8	Sun Jan 11 18:40:56 2009	(r187059)
@@ -33,7 +33,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd November 29, 2008
+.Dd January 11, 2009
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -480,6 +480,29 @@ pkill -j 3
 or:
 .Pp
 .Dl "killall -j 3"
+.Ss "Jails and File Systems"
+It is not possible to
+.Xr mount 8
+or
+.Xr unmount 8
+any file system inside a jail unless the file system is marked
+jail-friendly.
+See
+.Va security.jail.mount_allowed
+in the
+.Va "Sysctl MIB Entries"
+section.
+.Pp
+Multiple jails sharing the same file system can influence each other.
+For example a user in one jail can fill the file system also
+leaving no space for processes in the other jail.
+Trying to use
+.Xr quota 1
+to prevent this will not work either as the file system quotas
+are not aware of jails but only look at the user and group IDs.
+This means the same user ID in two jails share the same file
+system quota.
+One would need to use one file system per jail to make this working.
 .Ss "Sysctl MIB Entries"
 Certain aspects of the jail containments environment may be modified from
 the host environment using
@@ -614,6 +637,7 @@ and
 .Xr pgrep 1 ,
 .Xr pkill 1 ,
 .Xr ps 1 ,
+.Xr quota 1 ,
 .Xr chroot 2 ,
 .Xr jail 2 ,
 .Xr jail_attach 2 ,
@@ -626,6 +650,7 @@ and
 .Xr jexec 8 ,
 .Xr jls 8 ,
 .Xr mount 8 ,
+.Xr unmount 8 ,
 .Xr named 8 ,
 .Xr reboot 8 ,
 .Xr rpcbind 8 ,