From owner-freebsd-hackers@FreeBSD.ORG Mon Mar 14 19:12:47 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7D4016A4CE for ; Mon, 14 Mar 2005 19:12:47 +0000 (GMT) Received: from smtphost.cis.strath.ac.uk (smtphost.cis.strath.ac.uk [130.159.196.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1028243D2D for ; Mon, 14 Mar 2005 19:12:47 +0000 (GMT) (envelope-from chodgins@cis.strath.ac.uk) Received: from [192.168.0.4] (chrishodgins.force9.co.uk [84.92.20.141]) j2EJBtDp019927; Mon, 14 Mar 2005 19:11:55 GMT Message-ID: <4235E343.2000900@cis.strath.ac.uk> Date: Mon, 14 Mar 2005 19:17:23 +0000 From: Chris Hodgins User-Agent: Mozilla Thunderbird 1.0 (X11/20050204) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Anish Mistry References: <1107178792.613.22.camel@spirit> <200503131524.16075.mistry.7@osu.edu> <200503140915.53619.freebsd-hackers@evilcode.net> <200503141346.41722.mistry.7@osu.edu> In-Reply-To: <200503141346.41722.mistry.7@osu.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-CIS-MailScanner-Information: Please contact support@cis.strath.ac.uk for more information X-CIS-MailScanner: Found to be clean X-CIS-MailScanner-SpamCheck: not spam, SpamAssassin (score=-4.9, required 6, BAYES_00 -4.90) X-CIS-MailScanner-From: chodgins@cis.strath.ac.uk cc: freebsd-hackers@freebsd.org cc: "Samuel J. Greear" Subject: Re: Idea about 'skeleton jail X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Mar 2005 19:12:48 -0000 Anish Mistry wrote: > On Monday 14 March 2005 10:15 am, Samuel J. Greear wrote: > >>On Sunday 13 March 2005 14:24, Anish Mistry wrote: >> >>>On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote: >>> >>>>Samuel J. Greear wrote: >>>> >>>>>Not a bad 'idea' at all, although I won't comment on >>>>>semantics. I had something implemented using fs stacking (in >>>>>a very hackish way, and I believe it's lost now, so don't ask >>>>>to see it...) to implement per-jail quota's that seemed to >>>>>work quite well. >>>>> >>>>>Sam >>>> >>>>Feel free to comment on the semantics. As I said before, I am >>>>not very knowledgable about filesystems and any insight or >>>>alternative implementation you can provide would be interesting >>>>I'm sure to everyone. >>> >>>Yeah, if there was jailfs that was setup automatically for the >>>jails that supported quotas out of the box that would kill my >>>major gripe about setting up jails. >> >>Chris, your concept looks reasonable to me. I think I would >>probably do something along those lines but borrow some idea's from >>my 'jail-build' script. It has the concept of both includes and >>excludes, but it also handles another directory for what I call >>overrides. My overrides directories are per-jail and typically >>include nothing more than config. files, but it works pretty >>handily. The overrides may best be implemented in a seperate >>layer... and I don't even know that I would call something like >>this a jailfs, more like a globfs or something... I can see >>potential uses beyond jails. >> I like the idea of the overrides directory. That would work nicely. If you made the overrides directory the actual jail root that might make sense. Then when the [jail|glob]fs is mounted it will simply choose the file in the jail root directory instead of the one on the normal file system. If we implemented a sort of copy of write architecture we could add to the exceptions list on the fly. That is everything from the host (everything allowed by the config file that is) is available as a copy of the host system. When you edit a file, the filesystem simply creates its own copy for the overrides directory and we edit that. That would be very neat. Imagine that working on the ports system!! :) What do you think? >>The reasons that I never finished implementing my jailfs with quota >>support were primarily, that stackable filesystems seem to be >>somewhat of a black-art. Secondarily, I concluded that the time >>would be better spent implementing filesystem agnostic quota's in >>the vfs layer. A proper design should enable you to do a lot of >>fun things, I was thinking something along the lines of just a >>simple aggregator that a module could hand function pointers to and >>register interest in events, with options like.. just-notify-me >>and dont-continue-without-my-approval. Throw in some helpers for >>synchronizing module state to disk. The kernel side of this >>shouldn't really be very hard, but all of the userland quota >>utilities would need to be rewritten as they are tied to UFS at the >>block level. This all from about 3 years ago, and I haven't >>implemented any of it. I rock! Sounds, very interesting. >> >>Sam > > Would you be able to write up some design specs for getting all this > done? This might be a prime example of something to try to get > funding for development. > I would be willing to donate some time to work on designing and building this. Especially if working with someone who knows a lot more about filesystems than me. :) Chris