rctl within jail

[Fbsd8]

David Demelier wrote:
> Hello there,
> 
> I wanted to use rctl within a jail to add more fine grained setting for
> some users, and default ones to. But it does not seem to work. Is it
> supported? Do we need to add a special flag to the jail creation?
> 
> # rctl -a loginclass:default:maxproc:deny=30
> rctl: rctl_add_rule: Operation not permitted
> 
> Regards,
> 
> David

The rctl command is brand new. It does not have a group of users yet, so 
that is why you have not received any replies to your post.

As far as I know you can not issue the "rctl" command from within the 
running jail.

The "rctl" command is issued on the HOST only.

You can apply rules to an entire jail if you want to, for example; to 
limit the amount of memory a jail can use:

# rctl -a jail:<jailname>:memoryuse:deny=1G

(where <jailname> is the name of your jail). This would make sure the 
jail can't use more than (approximately) 1 gigabyte of memory.

To enable rctl on the host, you need to compile a custom kernel that 
contains the following 2 parameters;
options RACCT
options RCTL

I think your rctl command would look like this when issued from the host
rctl -a jail:<jailname>:loginclass:default:maxproc:deny=30