PERFORCE change 102356 for review
Chris Jones
cdjones at FreeBSD.org
Tue Jul 25 09:16:56 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=102356
Change 102356 by cdjones at cdjones-impulse on 2006/07/25 09:16:19
Add memory limit argument to jail(8).
Affected files ...
.. //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#10 edit
.. //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#11 edit
.. //depot/projects/soc2006/cdjones_jail/src/usr.sbin/jail/jail.c#5 edit
Differences ...
==== //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#10 (text+ko) ====
@@ -162,6 +162,7 @@
pr->pr_linux = NULL;
pr->pr_priority = j.priority;
pr->pr_securelevel = securelevel;
+ pr->pr_mem_limit = j.mem_limit;
/* Determine next pr_id and add prison to allprison list. */
mtx_lock(&allprison_mtx);
@@ -446,6 +447,7 @@
}
/* Get memory usage (see vm/vm_map.h). */
+ /* TODO maybe use vm_swrss? */
mem_used += (p->p_vmspace)->vm_tsize; /* text size (pages) */
mem_used += (p->p_vmspace)->vm_dsize; /* data size (pages) */
mem_used += (p->p_vmspace)->vm_ssize; /* stack size (pages) */
==== //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#11 (text+ko) ====
@@ -19,6 +19,7 @@
char *hostname;
u_int32_t ip_number;
unsigned int priority;
+ unsigned int mem_limit;
/* struct thread *scheduler;
CJ TODO --- add reference to preferred scheduler, e.g. by name? */
};
@@ -30,6 +31,7 @@
char pr_host[MAXHOSTNAMELEN];
u_int32_t pr_ip;
unsigned int priority;
+ unsigned int mem_limit;
/* struct thread *scheduler; */
};
#define XPRISON_VERSION 1
@@ -38,6 +40,8 @@
#define JAIL_MINIMUM_PRIORITY 1
#define JAIL_MAXIMUM_PRIORITY 100
+#define JAIL_DEFAULT_MEM_LIMIT 256 * 1024 * 1024
+
#define J_SCHED_TD_ACTIVE 0x01
#define J_SCHED_TD_DIE 0x02
#define J_SCHED_TD_DEAD 0x04
==== //depot/projects/soc2006/cdjones_jail/src/usr.sbin/jail/jail.c#5 (text+ko) ====
@@ -56,6 +56,7 @@
struct in_addr in;
gid_t groups[NGROUPS];
int ch, i, iflag, Jflag, lflag, ngroups, securelevel, uflag, Uflag;
+ unsigned int mem_limit, priority;
char path[PATH_MAX], *ep, *username, *JidFile;
static char *cleanenv;
const char *shell, *p = NULL;
@@ -63,12 +64,13 @@
FILE *fp;
iflag = Jflag = lflag = uflag = Uflag = 0;
+ mem_limit = JAIL_DEFAULT_MEM_LIMIT;
priority = JAIL_DEFAULT_PRIORITY;
securelevel = -1;
username = JidFile = cleanenv = NULL;
fp = NULL;
- while ((ch = getopt(argc, argv, "ilp:s:u:U:J:")) != -1) {
+ while ((ch = getopt(argc, argv, "ilp:m:s:u:U:J:")) != -1) {
switch (ch) {
case 'i':
iflag = 1;
@@ -77,6 +79,9 @@
JidFile = optarg;
Jflag = 1;
break;
+ case 'm':
+ mem_limit = atoi(optarg);
+ break;
case 'p':
priority = atoi(optarg);
if (priority < JAIL_MINIMUM_PRIORITY ||
@@ -125,6 +130,7 @@
if (inet_aton(argv[2], &in) == 0)
errx(1, "Could not make sense of ip-number: %s", argv[2]);
j.ip_number = ntohl(in.s_addr);
+ j.mem_limit = mem_limit;
j.priority = priority;
if (Jflag) {
fp = fopen(JidFile, "w");
@@ -190,8 +196,9 @@
usage(void)
{
- (void)fprintf(stderr, "%s%s%s\n",
- "usage: jail [-i] [-J jid_file] [-p priority] [-s securelevel]",
+ (void)fprintf(stderr, "%s%s%s%s\n",
+ "usage: jail [-i] [-J jid_file] [-m mem_limit] ",
+ "[-p priority] [-s securelevel]",
" [-l -u ",
"username | -U username]",
" path hostname ip-number command ...");
More information about the p4-projects
mailing list