From owner-freebsd-jail@FreeBSD.ORG  Mon Sep  3 17:13:00 2012
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 917241065729
	for <freebsd-jail@FreeBSD.org>; Mon,  3 Sep 2012 17:13:00 +0000 (UTC)
	(envelope-from jamie@FreeBSD.org)
Received: from m2.gritton.org (gritton.org [199.192.164.235])
	by mx1.freebsd.org (Postfix) with ESMTP id 2369B8FC0C
	for <freebsd-jail@FreeBSD.org>; Mon,  3 Sep 2012 17:12:59 +0000 (UTC)
Received: from glorfindel.gritton.org (c-174-52-130-208.hsd1.ut.comcast.net
	[174.52.130.208]) (authenticated bits=0)
	by m2.gritton.org (8.14.5/8.14.5) with ESMTP id q83HCqS9057763;
	Mon, 3 Sep 2012 11:12:52 -0600 (MDT)
	(envelope-from jamie@FreeBSD.org)
Message-ID: <5044E512.6090209@FreeBSD.org>
Date: Mon, 03 Sep 2012 11:12:50 -0600
From: Jamie Gritton <jamie@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.2.24) Gecko/20120129 Thunderbird/3.1.16
MIME-Version: 1.0
To: freebsd-jail@FreeBSD.org
References: <CANDt73drFBbfmNN8ZYkn9VdUuDO60JEn8Ks1ZFgsaiDqnbpxLA@mail.gmail.com>	<6B11ADF9-5B11-41CD-BDAC-6F8236FC1E4C@jnielsen.net>	<CANDt73e92Kewx7KsXaCmZaRPO+CNsXBmT4T3Adt8A3wCOVWv5A@mail.gmail.com>
	<20120831204129.GP30681@www.jail.lambertfam.org>
In-Reply-To: <20120831204129.GP30681@www.jail.lambertfam.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Re: Quotas inside jails
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Sep 2012 17:13:00 -0000

On 08/31/12 14:41, Scott Lambert wrote:
> On Thu, Aug 30, 2012 at 07:05:30PM -0400, Darek M wrote:
>> On Thu, Aug 30, 2012 at 5:32 PM, John Nielsen<lists@jnielsen.net>  wrote:
>>>
>>> Another way to set hard quotas for jails is to give each one its
>>> own filesystem of fixed size. This is trivially easy with zfs--just
>>> create a zfs for each jail and set the quota property. To use UFS
>>> you can create image files of whatever size you want, make them
>>> md(4) devices, and then newfs(8) and mount(8) them. Unlike the
>>> method in the handbook, neither of these options requires kernel
>>> quota support.
>>
>> But these would be a quota for the entire jail.  I'm interested in
>> having per-user quotas for users inside a jail.
>>
>> I'm curious whether the "security.jail.param.allow.quotas" sysctl is
>> my missing link, and if so, why it is immutable.
>
> If using ZFS, you *could* create a file system with quota for each
> user's home directory in the jail.  I'm not saying it would be
> pretty....
>
> With UFS, I think you would have to ensure that UID/GIDs do not
> overlap between jails, at least for the users you want to be affected
> by quotas.  That could be as ugly as the thousands of ZFS file
> systems.

Well, you could if you trusted the jail admins not to use other UID/GIDs
(which he likely isn't even aware of). But the whole point of jails is
that you *don't* have to trust the admin.

- Jamie