rctl within jail
Fbsd8
fbsd8 at a1poweruser.com
Sun Sep 22 17:15:28 UTC 2013
David Demelier wrote:
> Hello there,
>
> I wanted to use rctl within a jail to add more fine grained setting for
> some users, and default ones to. But it does not seem to work. Is it
> supported? Do we need to add a special flag to the jail creation?
>
> # rctl -a loginclass:default:maxproc:deny=30
> rctl: rctl_add_rule: Operation not permitted
>
> Regards,
>
> David
The rctl command is brand new. It does not have a group of users yet, so
that is why you have not received any replies to your post.
As far as I know you can not issue the "rctl" command from within the
running jail.
The "rctl" command is issued on the HOST only.
You can apply rules to an entire jail if you want to, for example; to
limit the amount of memory a jail can use:
# rctl -a jail:<jailname>:memoryuse:deny=1G
(where <jailname> is the name of your jail). This would make sure the
jail can't use more than (approximately) 1 gigabyte of memory.
To enable rctl on the host, you need to compile a custom kernel that
contains the following 2 parameters;
options RACCT
options RCTL
I think your rctl command would look like this when issued from the host
rctl -a jail:<jailname>:loginclass:default:maxproc:deny=30
More information about the freebsd-questions
mailing list