Quotas inside jails
Jamie Gritton
jamie at FreeBSD.org
Mon Sep 3 17:13:00 UTC 2012
On 08/31/12 14:41, Scott Lambert wrote:
> On Thu, Aug 30, 2012 at 07:05:30PM -0400, Darek M wrote:
>> On Thu, Aug 30, 2012 at 5:32 PM, John Nielsen<lists at jnielsen.net> wrote:
>>>
>>> Another way to set hard quotas for jails is to give each one its
>>> own filesystem of fixed size. This is trivially easy with zfs--just
>>> create a zfs for each jail and set the quota property. To use UFS
>>> you can create image files of whatever size you want, make them
>>> md(4) devices, and then newfs(8) and mount(8) them. Unlike the
>>> method in the handbook, neither of these options requires kernel
>>> quota support.
>>
>> But these would be a quota for the entire jail. I'm interested in
>> having per-user quotas for users inside a jail.
>>
>> I'm curious whether the "security.jail.param.allow.quotas" sysctl is
>> my missing link, and if so, why it is immutable.
>
> If using ZFS, you *could* create a file system with quota for each
> user's home directory in the jail. I'm not saying it would be
> pretty....
>
> With UFS, I think you would have to ensure that UID/GIDs do not
> overlap between jails, at least for the users you want to be affected
> by quotas. That could be as ugly as the thousands of ZFS file
> systems.
Well, you could if you trusted the jail admins not to use other UID/GIDs
(which he likely isn't even aware of). But the whole point of jails is
that you *don't* have to trust the admin.
- Jamie
More information about the freebsd-jail
mailing list