PERFORCE change 102356 for review

Chris Jones cdjones at FreeBSD.org
Tue Jul 25 09:16:56 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=102356

Change 102356 by cdjones at cdjones-impulse on 2006/07/25 09:16:19

	Add memory limit argument to jail(8).

Affected files ...

.. //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#10 edit
.. //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#11 edit
.. //depot/projects/soc2006/cdjones_jail/src/usr.sbin/jail/jail.c#5 edit

Differences ...

==== //depot/projects/soc2006/cdjones_jail/src/sys/kern/kern_jail.c#10 (text+ko) ====

@@ -162,6 +162,7 @@
 	pr->pr_linux = NULL;
 	pr->pr_priority = j.priority;
 	pr->pr_securelevel = securelevel;
+	pr->pr_mem_limit = j.mem_limit;
 
 	/* Determine next pr_id and add prison to allprison list. */
 	mtx_lock(&allprison_mtx);
@@ -446,6 +447,7 @@
     }
 
     /* Get memory usage (see vm/vm_map.h). */
+    /* TODO maybe use vm_swrss? */
     mem_used += (p->p_vmspace)->vm_tsize; /* text size (pages) */
     mem_used += (p->p_vmspace)->vm_dsize; /* data size (pages) */
     mem_used += (p->p_vmspace)->vm_ssize; /* stack size (pages) */

==== //depot/projects/soc2006/cdjones_jail/src/sys/sys/jail.h#11 (text+ko) ====

@@ -19,6 +19,7 @@
 	char		*hostname;
 	u_int32_t	ip_number;
 	unsigned int	priority;
+        unsigned int    mem_limit;
 /*        struct thread   *scheduler;
  CJ TODO --- add reference to preferred scheduler, e.g. by name? */
 };
@@ -30,6 +31,7 @@
 	char 		 pr_host[MAXHOSTNAMELEN];
 	u_int32_t	 pr_ip;
         unsigned int     priority;
+        unsigned int     mem_limit;
   /*        struct thread    *scheduler; */
 };
 #define	XPRISON_VERSION	1
@@ -38,6 +40,8 @@
 #define JAIL_MINIMUM_PRIORITY 1
 #define JAIL_MAXIMUM_PRIORITY 100
 
+#define JAIL_DEFAULT_MEM_LIMIT 256 * 1024 * 1024
+
 #define J_SCHED_TD_ACTIVE 0x01
 #define J_SCHED_TD_DIE    0x02
 #define J_SCHED_TD_DEAD   0x04

==== //depot/projects/soc2006/cdjones_jail/src/usr.sbin/jail/jail.c#5 (text+ko) ====

@@ -56,6 +56,7 @@
 	struct in_addr in;
 	gid_t groups[NGROUPS];
 	int ch, i, iflag, Jflag, lflag, ngroups, securelevel, uflag, Uflag;
+	unsigned int mem_limit, priority;
 	char path[PATH_MAX], *ep, *username, *JidFile;
 	static char *cleanenv;
 	const char *shell, *p = NULL;
@@ -63,12 +64,13 @@
 	FILE *fp;
 
 	iflag = Jflag = lflag = uflag = Uflag = 0;
+	mem_limit = JAIL_DEFAULT_MEM_LIMIT;
 	priority = JAIL_DEFAULT_PRIORITY;
 	securelevel = -1;
 	username = JidFile = cleanenv = NULL;
 	fp = NULL;
 
-	while ((ch = getopt(argc, argv, "ilp:s:u:U:J:")) != -1) {
+	while ((ch = getopt(argc, argv, "ilp:m:s:u:U:J:")) != -1) {
 		switch (ch) {
 		case 'i':
 			iflag = 1;
@@ -77,6 +79,9 @@
 			JidFile = optarg;
 			Jflag = 1;
 			break;
+		case 'm':
+			mem_limit = atoi(optarg);
+			break;
 		case 'p':
 			priority = atoi(optarg);
 			if (priority < JAIL_MINIMUM_PRIORITY || 
@@ -125,6 +130,7 @@
 	if (inet_aton(argv[2], &in) == 0)
 		errx(1, "Could not make sense of ip-number: %s", argv[2]);
 	j.ip_number = ntohl(in.s_addr);
+	j.mem_limit = mem_limit;
 	j.priority = priority;
 	if (Jflag) {
 		fp = fopen(JidFile, "w");
@@ -190,8 +196,9 @@
 usage(void)
 {
 
-	(void)fprintf(stderr, "%s%s%s\n",
-	     "usage: jail [-i] [-J jid_file] [-p priority] [-s securelevel]",
+	(void)fprintf(stderr, "%s%s%s%s\n",
+	     "usage: jail [-i] [-J jid_file] [-m mem_limit] ",
+             "[-p priority] [-s securelevel]",
              " [-l -u ",
 	     "username | -U username]",
 	     " path hostname ip-number command ...");

More information about the p4-projects mailing list