On 09/04/12 12:40, Darek M wrote:
On Fri, Aug 31, 2012 at 3:05 PM, Jamie Gritton<[email protected]> wrote:
On 08/30/12 17:05, Darek M wrote:
I'm curious whether the "security.jail.param.allow.quotas" sysctl is
my missing link, and if so, why it is immutable.
The security.jail.param.* sysctls are part of the jail_get/set system
calls, and are all immutable; they server only to define the available
jail parameters.
So the question now comes to the allow.quotas parameter. If you set this
on a jail, then you will indeed be able to manipulate quotas inside the
jail. But the quotas still aren't per-jail - they're keyed only on
UID/GID, and would share with anyone outside the jail using the same
UID/GID. That's fine if the jail has its own filesystem, but not if it
shares with other jails or (especially) with the host system.
- Jamie
Indeed, this looks to be my missing piece. Using distinct UIDs on
each jail should be easily doable, and would be cleaner than using
zfs, etc..
However, I tried setting "security.jail.param.allow.quotas" to 1
inside the jail via /etc/sysctl.conf and /boot/loader.conf and it
remains at 0. Am I trying to enable it the wrong way?
Yes. You need to set the "allow.quotas" parameter in the jail. There's
not a good way to do that from rc at this moment, but a "jail -m
jid=<jid> allow.quotas" should do the trick after the jail is up and
running.
- Jamie
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[email protected]"
