From owner-freebsd-hackers@FreeBSD.ORG Tue May 26 13:44:46 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51E261065673 for ; Tue, 26 May 2009 13:44:46 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: from mail-ew0-f164.google.com (mail-ew0-f164.google.com [209.85.219.164]) by mx1.freebsd.org (Postfix) with ESMTP id CDE508FC08 for ; Tue, 26 May 2009 13:44:45 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: by ewy8 with SMTP id 8so302390ewy.43 for ; Tue, 26 May 2009 06:44:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=80vrfur26c2PQoxrhLXULY0aMKxc2f3CwF65wttTF2o=; b=POV8VDQBZJE4SJZcV3vsz1eUw0tLyzoNlUcg6UzvZTAFSGiW4+zZZVzYtgGxK2qktZ bVGd48FLL+uNE10iCGkT+RIs7wTGDQ01GRtDvm+iiIGSsYbIHJlOh9mN/RUowE2LTa+x hW+T+hnZ/osYxiND3NxJPrneTpmYPil6e0Z3g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer:content-transfer-encoding; b=uXWPwneHoj7/zllbtROgdyvIl5XTo+Z2dMVjXuWBKFjlViWnfRpO0wO6VxrGPxFlM3 Wqkzz5Sk9rOn7DxqLyCPoIdxdQeQ3xGVAusX5Eq20LrtEnQtXZF0h2Q1Y6P9By4NaBRz XkCV8s05ziOK4dd3reDy6qufg+FcPgWdx+T2s= Received: by 10.210.18.8 with SMTP id 8mr278888ebr.53.1243344265131; Tue, 26 May 2009 06:24:25 -0700 (PDT) Received: from ?127.0.0.1? (87-194-39-182.bethere.co.uk [87.194.39.182]) by mx.google.com with ESMTPS id 28sm8562204eyg.24.2009.05.26.06.24.24 (version=SSLv3 cipher=RC4-MD5); Tue, 26 May 2009 06:24:24 -0700 (PDT) From: Tom Evans To: Menshikov Konstantin In-Reply-To: <4A1BE827.2030303@peterhost.ru> References: <4A1B8CF8.7030102@peterhost.ru> <20090526120313.GA1927@deviant.kiev.zoral.com.ua> <4A1BE1F8.9050804@peterhost.ru> <20090526123632.GB1927@deviant.kiev.zoral.com.ua> <4A1BE827.2030303@peterhost.ru> Content-Type: text/plain Date: Tue, 26 May 2009 14:24:23 +0100 Message-Id: <1243344263.9871.2.camel@strangepork.london.mintel.ad> Mime-Version: 1.0 X-Mailer: Evolution 2.26.1.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org Subject: Re: Disk quota for Jail. Discussion. X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 May 2009 13:44:46 -0000 On Tue, 2009-05-26 at 17:01 +0400, Menshikov Konstantin wrote: > Kostik Belousov wrote: > > On Tue, May 26, 2009 at 04:35:04PM +0400, Menshikov Konstantin wrote: > > > >> Kostik Belousov wrote: > >> > >>> On Tue, May 26, 2009 at 10:32:24AM +0400, Menshikov Konstantin wrote: > >>> > >>>> In structure prison it is added structures containing disk quotas and > >>>> usage. > >>>> At start Jail, we calculate the size root path and number of files in > >>>> it, thus receiving current use of a disk. > >>>> In functions of allocation of disk blocks and inode, we check quotas and > >>>> we increase current use. > >>>> > >>>> > >>> UFS cannot determine whether the new allocation goes under the jail > >>> root or not. > >>> > >>> > >> Yes. But jail cannot allocate block and inode above root path. In > >> allocation functions, whether for example ffs_alloc we have access to > >> ucred process and we can check up there is a process in jail. > >> > > > > Yes, you can check this for jailed process. Think about non-jailed processes > > that can do allocation below the jail root. > > > Processes out of jail are not considered. > I do not understand, these processes have what relation to disk to > quotas for jail. Please explain more in detail A process outside of the jail can still write to the file system that you consider to be jailed, depending upon permissions. If all your quota calculations are only triggered by jailed processes writing to the file system, then you can exceed quota trivially. Tom