From owner-freebsd-jail@freebsd.org  Mon Feb 17 17:14:27 2020
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D4B8023FA5D
 for <freebsd-jail@mailman.nyi.freebsd.org>;
 Mon, 17 Feb 2020 17:14:27 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70])
 by mx1.freebsd.org (Postfix) with ESMTP id 48LrFG30QLz4Ly1
 for <freebsd-jail@freebsd.org>; Mon, 17 Feb 2020 17:14:26 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from [128.135.52.252] (unknown [128.135.52.252])
 (Authenticated sender: galtsev)
 by kicp.uchicago.edu (Postfix) with ESMTPSA id 4557F4E6B9;
 Mon, 17 Feb 2020 11:14:25 -0600 (CST)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
Subject: Re: jails with quota
From: Valeri Galtsev <galtsev@kicp.uchicago.edu>
In-Reply-To: <20200217165135.GF60273@post.wayne47.com>
Date: Mon, 17 Feb 2020 11:14:25 -0600
Cc: freebsd-jail@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0EF25B11-D54E-4D3C-8C1E-336547EC22E6@kicp.uchicago.edu>
References: <5E46EC97.5080609@gmail.com>
 <20200217165135.GF60273@post.wayne47.com>
To: Mike Wayne <FreeBSD_jail@wayne47.com>
X-Mailer: Apple Mail (2.3608.60.0.2.5)
X-Rspamd-Queue-Id: 48LrFG30QLz4Ly1
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org; dkim=none;
 dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu
 (policy=none); 
 spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF
 policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu
X-Spamd-Result: default: False [-1.09 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none]; 
 NEURAL_HAM_MEDIUM(-0.82)[-0.822,0]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; MV_CASE(0.50)[];
 NEURAL_HAM_LONG(-0.99)[-0.991,0]; MIME_GOOD(-0.10)[text/plain];
 IP_SCORE(0.12)[ip: (0.35), ipnet: 128.135.0.0/16(0.17), asn: 160(0.14),
 country: US(-0.05)]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCPT_COUNT_TWO(0.00)[2];
 RCVD_IN_DNSWL_NONE(0.00)[70.20.135.128.list.dnswl.org : 127.0.10.0];
 R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2020 17:14:27 -0000



> On Feb 17, 2020, at 10:51 AM, Mike Wayne <FreeBSD_jail@wayne47.com> =
wrote:
>=20
> On Fri, Feb 14, 2020 at 01:53:11PM -0500, Ernie Luzar wrote:
>>=20
>> But after starting the fulljail with the allow.quotas option in=20
>> jail.config and entering the root console I get this
>> edquota -uh daddy message "NO quotas on any filesystem
>> repquota -ah gives nothing
>> quota -h daddy  message Disk quotas for user daddy (uid1001): none
>>=20
>> I see that quota had bug fixed in 12.0 that is now in 12.1 release =
that=20
>> I am running on my host. Did that fix screw up jail quotas? Does the=20=

>> /etc/fstab file in fulljail need a entry? If so what should it look =
like.
>=20
> I spent a lot of time messing with this and came to the conclusion
> that quotas no longer work in jails. I've been doing quotas in jails
> for many years, while it has always been a hack, it used to work
> well.  Current releases seem to have completely broken quotas for
> jails.

I am sure jail restricts commands related to filesystem management and =
information on purpose. Therefore all commands related to quotas if =
executed inside jail will fail [or rather not provide any information. =
Quotas, however, will still be enforced, as filesystem I/O operations =
are being passed over to be executed on actual filesystem outside on the =
jail.

The above sentiment is related to the way I mount filesystem to have =
quota restrictions inside jail.

I mount actual filesysten with quotas into

/some/place

and enable quotas on the as usually. Then I mount that nullfs inside =
jails (have line in /etc/fstab resembling the following mount command):

mount -t nullfs /some/place /place/inside/jail/mountpoint


And users inside jail are being restricted to the qutas defined for =
their userid=E2=80=99s.

I hope, this helps.

Valeri

> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to =
"freebsd-jail-unsubscribe@freebsd.org"

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++