limit jail disk space
Dominic Marks
dom at goodforbusiness.co.uk
Tue Jul 12 13:24:42 GMT 2005
On Tuesday 12 July 2005 13:44, Robert Atkinson wrote:
> On 7/12/05, Dominic Marks <dom at goodforbusiness.co.uk> wrote:
> > On Tuesday 12 July 2005 10:50, Jone Jas wrote:
> > > Hi hackers,
> > > As far as I know, there is no limit of the disk space that a jail
> > > can use. As for the Linux VServer(similar to jail), its dlimit
> > > does such thing for the "security context". I read the dlimit
> > > code and find that it achieves that by limiting the number of
> > > inodes and data blocks the vserver can get. The hooks are
> > > inserted in the functions such as ext2_new_inode,
> > > ext2_free_inode, ext2_new_block and ext2_free_block. My question
> > > is if we can do such thing to the jail. If so, where should we
> > > insert the hooks? It seems that the FreeBSD inode/block
> > > allocation/free functions are not so explicit as Linux. There are
> > > serveral places, I'm not sure which are the correct ones: for
> > > inodes: ffs_valloc, ffs_vfree
> > > for blocks: ffs_alloc, ffs_freeblk,
> > > or ufs_balloc_ufs1/2
> > >
> > > Any reply or hints is appreciated!
> > > Regards!
> >
> > One method which does not require hacking any code:
> >
> > # dd if=/dev/zero of=jail.file bs=1k count=1m
> > 1048576+0 records in
> > 1048576+0 records out
> > 1073741824 bytes transferred in 23.940393 secs (44850635 bytes/sec)
> >
> > # ls -lh jail.file
> > -rw-r--r-- 1 dom dom 1.0G Jul 12 11:08 jail.file
> >
> > # mdconfig -a -t vnode -f jail.file
> > md0
> >
> > # newfs -U /dev/md0
> > /dev/md0: 1024.0MB (2097152 sectors) block size 16384, fragment
> > size 2048
> > using 6 cylinder groups of 183.44MB, 11740 blks, 23488 inodes.
> > with soft updates
> > super-block backups (for fsck -b #) at:
> > 160, 375840, 751520, 1127200, 1502880, 1878560
> >
> > # mount /dev/md0 /mnt
> >
> > # df -ih
> > Filesystem Size Used Avail Capacity iused ifree %iused Mounted on
> > /dev/md0 989M 4.0K 910M 0% 2 140924 0% /mnt
> >
> > Now just install your jail into /mnt and it will be confined to the
> > size of disc you create. Expect slightly reduced disc performance
> > using this technique.
>
> Under 4.X there doesn't appear to be much loss at all, but with 5.X
> the difference is -huge-.
For most (of my) applications the limiting factor is not
sequential IO. It is not ideal, but I think you'll find that
most jails performance is not impacted too much by this, I
suppose it all depends what you are doing in your jails.
If you need full-speed access there is a workaround. Create
your jail-in-a-file system, before 'booting' it use a nullfs
mount to map a local filesystem inside your jail. Use this
filesystem for your IO heavy tasks. This way you can fit
each jail-in-a-file system in 128MB or 256MB depending on
how many packages you require. The area you map in should be
its own partition which is sized appropriately, or you get
back to where you started.
That is not to say that I wouldn't like it to be fixed.
> A topic came in about a month ago, and I saw a long list of
> performance tests that 4.X seemed to have nearly twice the speed of 5
> (VN versus MD).
>
> Nothing we tried was able to get MD up to par.
>
> > Jas
> >
> > > ---------------------------------
> > > DO YOU YAHOO!?
> > > 雅虎免费G邮箱-中国第一绝无垃圾邮件骚扰超大邮箱
> > > _______________________________________________
> > > freebsd-hackers at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> > > To unsubscribe, send any mail to
> > > "freebsd-hackers-unsubscribe at freebsd.org"
> >
> > HTH,
> > --
> > Dominic Marks
> > _______________________________________________
> > freebsd-hackers at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> > To unsubscribe, send any mail to
> > "freebsd-hackers-unsubscribe at freebsd.org"
--
Dominic Marks
More information about the freebsd-hackers
mailing list