limit jail disk space

Dominic Marks dom at goodforbusiness.co.uk
Tue Jul 12 10:12:19 GMT 2005 

On Tuesday 12 July 2005 10:50, Jone Jas wrote:
> Hi hackers,
>    As far as I know, there is no limit of the disk space that a jail
> can use. As for the Linux VServer(similar to jail), its dlimit does
> such thing for the "security context". I read the dlimit code and
> find that it achieves that by limiting the number of inodes and data
> blocks the vserver can get. The hooks are inserted in the functions
> such as ext2_new_inode, ext2_free_inode, ext2_new_block and
> ext2_free_block. My question is if we can do such thing to the jail.
> If so, where should we insert the hooks? It seems that the FreeBSD
> inode/block allocation/free functions are not so explicit as Linux.
> There are serveral places, I'm not sure which are the correct ones:
> for inodes: ffs_valloc, ffs_vfree
>    for blocks: ffs_alloc, ffs_freeblk,
>                or ufs_balloc_ufs1/2
>
>   Any reply or hints is appreciated!
>   Regards!

One method which does not require hacking any code:

# dd if=3D/dev/zero of=3Djail.file bs=3D1k count=3D1m
1048576+0 records in
1048576+0 records out
1073741824 bytes transferred in 23.940393 secs (44850635 bytes/sec)

# ls -lh jail.file=20
=2Drw-r--r--  1 dom  dom   1.0G Jul 12 11:08 jail.file

# mdconfig -a -t vnode -f jail.file=20
md0

# newfs -U /dev/md0=20
/dev/md0: 1024.0MB (2097152 sectors) block size 16384, fragment size=20
2048
        using 6 cylinder groups of 183.44MB, 11740 blks, 23488 inodes.
        with soft updates
super-block backups (for fsck -b #) at:
 160, 375840, 751520, 1127200, 1502880, 1878560

# mount /dev/md0 /mnt

# df -ih
=46ilesystem  Size  Used  Avail Capacity iused    ifree %iused  Mounted on
/dev/md0    989M   4.0K  910M     0%       2   140924    0%   /mnt

Now just install your jail into /mnt and it will be confined to the
size of disc you create. Expect slightly reduced disc performance using
this technique.

>   Jas
>
>
>
> ---------------------------------
> DO YOU YAHOO!?
>   =D1=C5=BB=A2=C3=E2=B7=D1G=D3=CA=CF=E4=A3=AD=D6=D0=B9=FA=B5=DA=D2=BB=BE=
=F8=CE=DE=C0=AC=BB=F8=D3=CA=BC=FE=C9=A7=C8=C5=B3=AC=B4=F3=D3=CA=CF=E4
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to
> "freebsd-hackers-unsubscribe at freebsd.org"

HTH,
=2D-=20
Dominic Marks

More information about the freebsd-hackers mailing list