From owner-freebsd-hackers@FreeBSD.ORG Tue May 26 16:09:27 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 535831065674 for ; Tue, 26 May 2009 16:09:27 +0000 (UTC) (envelope-from kostjn@peterhost.ru) Received: from mail.z8.ru (mail.z8.ru [80.93.58.56]) by mx1.freebsd.org (Postfix) with ESMTP id 0A6808FC14 for ; Tue, 26 May 2009 16:09:26 +0000 (UTC) (envelope-from kostjn@peterhost.ru) Received: from [85.235.196.139] (helo=kostjn.pht) by mail.z8.ru with esmtpa (Exim 4.67 (FreeBSD)) (envelope-from ) id 1M8zDP-0007ig-R2 for freebsd-hackers@freebsd.org; Tue, 26 May 2009 20:09:23 +0400 Message-ID: <4A1C14A8.9010104@peterhost.ru> Date: Tue, 26 May 2009 20:11:20 +0400 From: Menshikov Konstantin User-Agent: Thunderbird 2.0.0.18 (X11/20090328) MIME-Version: 1.0 CC: freebsd-hackers@freebsd.org References: <4A1B8CF8.7030102@peterhost.ru> <20090526120313.GA1927@deviant.kiev.zoral.com.ua> <4A1BE1F8.9050804@peterhost.ru> <20090526123632.GB1927@deviant.kiev.zoral.com.ua> <4A1BE827.2030303@peterhost.ru> <1243344263.9871.2.camel@strangepork.london.mintel.ad> In-Reply-To: <1243344263.9871.2.camel@strangepork.london.mintel.ad> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Disk quota for Jail. Discussion. X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 May 2009 16:09:27 -0000 Tom Evans wrote: > On Tue, 2009-05-26 at 17:01 +0400, Menshikov Konstantin wrote: > >> Kostik Belousov wrote: >> >>> On Tue, May 26, 2009 at 04:35:04PM +0400, Menshikov Konstantin wrote: >>> >>> >>>> Kostik Belousov wrote: >>>> >>>> >>>>> On Tue, May 26, 2009 at 10:32:24AM +0400, Menshikov Konstantin wrote: >>>>> >>>>> >>>>>> In structure prison it is added structures containing disk quotas and >>>>>> usage. >>>>>> At start Jail, we calculate the size root path and number of files in >>>>>> it, thus receiving current use of a disk. >>>>>> In functions of allocation of disk blocks and inode, we check quotas and >>>>>> we increase current use. >>>>>> >>>>>> >>>>>> >>>>> UFS cannot determine whether the new allocation goes under the jail >>>>> root or not. >>>>> >>>>> >>>>> >>>> Yes. But jail cannot allocate block and inode above root path. In >>>> allocation functions, whether for example ffs_alloc we have access to >>>> ucred process and we can check up there is a process in jail. >>>> >>>> >>> Yes, you can check this for jailed process. Think about non-jailed processes >>> that can do allocation below the jail root. >>> >>> >> Processes out of jail are not considered. >> I do not understand, these processes have what relation to disk to >> quotas for jail. Please explain more in detail >> > > A process outside of the jail can still write to the file system that > you consider to be jailed, depending upon permissions. If all your quota > calculations are only triggered by jailed processes writing to the file > system, then you can exceed quota trivially. > > Tom > > The primary goal of disk quotas to limit allocation of disk blocks and inode to processes in jail during their work. Jail it is time essence. After end of work Jail, it does not exist. Let's consider disk quotas for Jail, as number of blocks or inode which jail can use during a session. I understand that if process out of jail will create in a root directory jail a file of the sizes in 1 GB, and process in jail will remove this file jail can exceed the limit on 1 GB. But there is no real necessity, in an operating time jail to write down in the root catalogue jail from the outside jail.