On Fri, Aug 31, 2012 at 3:05 PM, Jamie Gritton <[email protected]> wrote: > On 08/30/12 17:05, Darek M wrote:
>> I'm curious whether the "security.jail.param.allow.quotas" sysctl is >> my missing link, and if so, why it is immutable. > > > The security.jail.param.* sysctls are part of the jail_get/set system > calls, and are all immutable; they server only to define the available > jail parameters. > > So the question now comes to the allow.quotas parameter. If you set this > on a jail, then you will indeed be able to manipulate quotas inside the > jail. But the quotas still aren't per-jail - they're keyed only on > UID/GID, and would share with anyone outside the jail using the same > UID/GID. That's fine if the jail has its own filesystem, but not if it > shares with other jails or (especially) with the host system. > > - Jamie Indeed, this looks to be my missing piece. Using distinct UIDs on each jail should be easily doable, and would be cleaner than using zfs, etc.. However, I tried setting "security.jail.param.allow.quotas" to 1 inside the jail via /etc/sysctl.conf and /boot/loader.conf and it remains at 0. Am I trying to enable it the wrong way? -- Darek _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[email protected]"
