Date: Thu, 30 Aug 2012 19:05:30 -0400 From: Darek M <fafaforza@gmail.com> To: John Nielsen <lists@jnielsen.net> Cc: freebsd-jail@freebsd.org Subject: Re: Quotas inside jails Message-ID: <CANDt73e92Kewx7KsXaCmZaRPO%2BCNsXBmT4T3Adt8A3wCOVWv5A@mail.gmail.com> In-Reply-To: <6B11ADF9-5B11-41CD-BDAC-6F8236FC1E4C@jnielsen.net> References: <CANDt73drFBbfmNN8ZYkn9VdUuDO60JEn8Ks1ZFgsaiDqnbpxLA@mail.gmail.com> <6B11ADF9-5B11-41CD-BDAC-6F8236FC1E4C@jnielsen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 30, 2012 at 5:32 PM, John Nielsen <lists@jnielsen.net> wrote: > On Aug 30, 2012, at 2:52 PM, Darek M <fafaforza@gmail.com> wrote: > >> playing around with setting quotas inside a jail. Configured and >> tested them on the host, configured a quota for a jail user, but it >> isn't being enforced. I attempted to set >> security.jail.param.allow.quotas to 1, from command line, from >> /etc/sysctl.conf, and from /boot/loader.conf, but it remains set to >> '0'. >> >> Am I looking at the right sysctl? If not, where should I be looking? >> If yes, why does it appear to be immutable? > > I'm assuming you have basically one UFS filesystem for all your jails. Is= that the case? If so, do you have quotas enabled on the host? See the hand= book if you haven't already: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/quotas.html Yup, verified that quotas on the host work fine. >> I'm doing this on a 9.0-RELEASE system > > Another way to set hard quotas for jails is to give each one its own file= system of fixed size. This is trivially easy with zfs--just create a zfs fo= r each jail and set the quota property. To use UFS you can create image fil= es of whatever size you want, make them md(4) devices, and then newfs(8) an= d mount(8) them. Unlike the method in the handbook, neither of these option= s requires kernel quota support. But these would be a quota for the entire jail. I'm interested in having per-user quotas for users inside a jail. I'm curious whether the "security.jail.param.allow.quotas" sysctl is my missing link, and if so, why it is immutable. --=20 Darek > JN >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANDt73e92Kewx7KsXaCmZaRPO%2BCNsXBmT4T3Adt8A3wCOVWv5A>