From owner-freebsd-hackers@FreeBSD.ORG Tue Jul 12 10:12:18 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D88D516A41C for ; Tue, 12 Jul 2005 10:12:18 +0000 (GMT) (envelope-from dom@goodforbusiness.co.uk) Received: from mail.helenmarks.co.uk (mail.helenmarks.co.uk [82.68.196.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F6F043D48 for ; Tue, 12 Jul 2005 10:12:17 +0000 (GMT) (envelope-from dom@goodforbusiness.co.uk) Received: from localhost (localhost [127.0.0.1]) by mail.helenmarks.co.uk (Postfix) with ESMTP id E9C842710C03; Tue, 12 Jul 2005 11:12:16 +0100 (BST) Received: from mail.helenmarks.co.uk ([127.0.0.1]) by localhost (mail.helenmarks.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67163-05; Tue, 12 Jul 2005 11:12:11 +0100 (BST) Received: from egg (egg.helenmarks.co.uk [192.168.15.3]) by mail.helenmarks.co.uk (Postfix) with ESMTP id 4779B2710C01; Tue, 12 Jul 2005 11:12:11 +0100 (BST) From: Dominic Marks To: freebsd-hackers@freebsd.org Date: Tue, 12 Jul 2005 11:14:41 +0100 User-Agent: KMail/1.8 References: <20050712095048.60122.qmail@web15007.mail.cnb.yahoo.com> In-Reply-To: <20050712095048.60122.qmail@web15007.mail.cnb.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200507121114.42653.dom@goodforbusiness.co.uk> X-Virus-Scanned: By ClamAV 0.85.1 X-Mailman-Approved-At: Tue, 12 Jul 2005 12:33:11 +0000 Cc: Jone Jas Subject: Re: limit jail disk space X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 10:12:19 -0000 On Tuesday 12 July 2005 10:50, Jone Jas wrote: > Hi hackers, > As far as I know, there is no limit of the disk space that a jail > can use. As for the Linux VServer(similar to jail), its dlimit does > such thing for the "security context". I read the dlimit code and > find that it achieves that by limiting the number of inodes and data > blocks the vserver can get. The hooks are inserted in the functions > such as ext2_new_inode, ext2_free_inode, ext2_new_block and > ext2_free_block. My question is if we can do such thing to the jail. > If so, where should we insert the hooks? It seems that the FreeBSD > inode/block allocation/free functions are not so explicit as Linux. > There are serveral places, I'm not sure which are the correct ones: > for inodes: ffs_valloc, ffs_vfree > for blocks: ffs_alloc, ffs_freeblk, > or ufs_balloc_ufs1/2 > > Any reply or hints is appreciated! > Regards! One method which does not require hacking any code: # dd if=3D/dev/zero of=3Djail.file bs=3D1k count=3D1m 1048576+0 records in 1048576+0 records out 1073741824 bytes transferred in 23.940393 secs (44850635 bytes/sec) # ls -lh jail.file=20 =2Drw-r--r-- 1 dom dom 1.0G Jul 12 11:08 jail.file # mdconfig -a -t vnode -f jail.file=20 md0 # newfs -U /dev/md0=20 /dev/md0: 1024.0MB (2097152 sectors) block size 16384, fragment size=20 2048 using 6 cylinder groups of 183.44MB, 11740 blks, 23488 inodes. with soft updates super-block backups (for fsck -b #) at: 160, 375840, 751520, 1127200, 1502880, 1878560 # mount /dev/md0 /mnt # df -ih =46ilesystem Size Used Avail Capacity iused ifree %iused Mounted on /dev/md0 989M 4.0K 910M 0% 2 140924 0% /mnt Now just install your jail into /mnt and it will be confined to the size of disc you create. Expect slightly reduced disc performance using this technique. > Jas > > > > --------------------------------- > DO YOU YAHOO!? > =D1=C5=BB=A2=C3=E2=B7=D1G=D3=CA=CF=E4=A3=AD=D6=D0=B9=FA=B5=DA=D2=BB=BE= =F8=CE=DE=C0=AC=BB=F8=D3=CA=BC=FE=C9=A7=C8=C5=B3=AC=B4=F3=D3=CA=CF=E4 > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to > "freebsd-hackers-unsubscribe@freebsd.org" HTH, =2D-=20 Dominic Marks