Idea about 'skeleton jail

Samuel J. Greear freebsd-hackers at evilcode.net
Mon Mar 14 08:12:34 PST 2005 

On Sunday 13 March 2005 14:24, Anish Mistry wrote:
> On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
> > Samuel J. Greear wrote:
> > > Not a bad 'idea' at all, although I won't comment on semantics.
> > > I had something implemented using fs stacking (in a very hackish
> > > way, and I believe it's lost now, so don't ask to see it...) to
> > > implement per-jail quota's that seemed to work quite well.
> > >
> > > Sam
> >
> > Feel free to comment on the semantics.  As I said before, I am not
> > very knowledgable about filesystems and any insight or alternative
> > implementation you can provide would be interesting I'm sure to
> > everyone.
>
> Yeah, if there was jailfs that was setup automatically for the jails
> that supported quotas out of the box that would kill my major gripe
> about setting up jails.


Chris, your concept looks reasonable to me. I think I would probably do 
something along those lines but borrow some idea's from my
'jail-build' script.  It has the concept of both includes and excludes, but
it also handles another directory for what I call overrides.  My overrides
directories are per-jail and typically include nothing more than config.
files, but it works pretty handily.  The overrides may best be implemented in 
a seperate layer...  and I don't even know that I would call something like 
this a jailfs, more like a globfs or something...  I can see potential uses 
beyond jails.

The reasons that I never finished implementing my jailfs with quota
support were primarily, that stackable filesystems seem to be somewhat
of a black-art.  Secondarily, I concluded that the time would be better
spent implementing filesystem agnostic quota's in the vfs layer.  A
proper design should enable you to do a lot of fun things, I was thinking
something along the lines of just a simple aggregator that a module
could hand function pointers to and register interest in events, with
options like..  just-notify-me and dont-continue-without-my-approval.
Throw in some helpers for synchronizing module state to disk. The kernel
side of this shouldn't really be very hard, but all of the userland
quota utilities would need to be rewritten as they are tied to UFS at the
block level.  This all from about 3 years ago, and I haven't implemented
any of it.  I rock!

Sam

More information about the freebsd-hackers mailing list