Jail limits under FREEBSD-CURRENT

[OLD]

Всем привет!

Ребята, выложите пожалуйста патч куда-нибудь. А то http://kostjn.spb.ru не работает.

[Хостинг HostFood.ru]

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

[ProFTP]

я нашел могу выложить

актуально еще?

[ProFTP]

кстате. вот только что увидел

эта фишка в FREEBSD-CURRENT 9.0
по-умолчанию стоит?

http://people.freebsd.org/~trasz/20091218-hrl.diff или для даты исходников 20091218 ядра?


http://wiki.freebsd.org/Hierarchical_Resource_Limits

Purpose

Resource limits in FreeBSD, as implemented currently with setrlimit(2), have a number of drawbacks:

1. They are per process, except for a few that are per user. This is hardcoded and cannot be changed by the system administrator. However, in many situations, one is not really interested in per-process limits - what he wants is to prevent a _user_ from doing Bad Things, which means what is required is per _user_ limits. It is possible to do this, kind of - set limits per-process and then limit the number of processes. This is suboptimal, however - setting maximum number of file descriptors to less than 100 will affect many applications (servers, torrents...); also, some users may need more than 50 legitimate processes (e.g. compilation of some large software package, with all the make(1) and sh(1) instances), and 5000 (per-process limit times max processes) is only slightly less than kern.maxfiles on the machine I'm typing this on right now. Much better way of solving this would be to set per user limit to e.g. 300.

2. System administrator cannot choose what should happen when the limit gets exceeded. For example, it's impossible to set a memory limit so that the process gets restarted (via SIGHUP) when the limit gets exceeded.

3. There is no way to change limits without restarting processes. As it is now, after changing limits in /etc/login.conf, they won't apply until the user logs out and then logs in again.

HRL(8) FreeBSD System Manager’s Manual HRL(8)

NAME
hrl — display and update Hierarchical Resource Limits database

SYNOPSIS
hrl [filter]
hrl -a [rule]
hrl -l [filter]
hrl -r [filter]
hrl -u [filter]

DESCRIPTION
When called without options, the hrl command writes currently defined HRL
rules to standard output.

If a filter argument is specified, only rules matching the filter are
displayed. The options are as follows:

-a rule
Add rule to the HRL database.

-l filter
Display rules applicable to the process defined by filter.

-r filter
Remove rules matching filter from the HRL database.

-l filter
Display resource usage for a subject (process, user, group, login
class or jail) matching the filter.

RULE SYNTAX
Syntax for a rule is subject:subject?id:resource:action=amount/per.

Subject defines the kind of entity the rule applies to. It can be either
process, user, group, loginclass, or jail.

Subject ID identifies the subject. It can be user name, group name,
loginclass name, or a numerical UID, GID, or JID.

Resource identifies the resource the rule controls.

Action defines what will happen when a process exceeds the allowed
amount. It can be either deny, delay, log, sighup, sigint, sigkill,
sigsegv, sigxcpu, or sigxfsz.

Amount defines how much of the resource a process can use before the
defined action triggers.

The per field defines what entity the limit gets accounted for. For
example, rule "loginclass:users:memoryuse:deny=100M/process" means that
each process of a user belonging to loginclass "users" may use up to
100MB of memory. Rule "loginclass:users:memoryuse:deny=100M/user" would
mean that the sum of memory used by all processes of that user will not
exceed 100MB. Rule "loginclass:users:memoryuse:deny=100M/loginclass"
would mean that the sum of memory used by all processes of all users with
that loginclass will not exceed 100MB.

Valid rule has all of these fields specified, except for the per, which
defaults to the value of subject.

A filter is a rule for which one of more fields other than per is left
empty. For example, a filter that matches every rule could be written as
":::=/", or, in short, ":". A filter that matchess all the login classes
would be "loginclass:". A filter that matches all defined limits for
maxprocesses resource would be "::maxprocesses".

EXIT STATUS
The hrl utility exits 0 on success, and >0 if an error occurs.

SEE ALSO
id(1), limits(1)

HISTORY
The hrl command appeared in FreeBSD 9.0.

AUTHORS
The hrl command was written by Edward Tomasz Napierala
trasz@FreeBSD.org.

FreeBSD 9.0 August 3, 2009 FreeBSD 9.0

[yko]

я нашел могу выложить

актуально еще?

Ага

[ProFTP]

я нашел могу выложить

актуально еще?

Ага

в ближайщее время постараюсь найти и заархивировать...
оно под 8.0 CURRENT за csup'юс с *default date=2009.05.25.23.59.59

====

кстате, так а в новой версии FreeBSD 9.0 вроде бы оно встронное:
http://wiki.freebsd.org/Hierarchical_Resource_Limits

или нет?

[yko]

Хмм. Большое спасибо, думаю, если все так красиво, то лучше я на девятую посмотрю.
Это в целом объясняет угасание интереса к сабжу.

[ProFTP]

патч
ftp://ftp.lissyara.su/users/ProFTP/patc ... ENT.tar.gz

Хмм. Большое спасибо, думаю, если все так красиво, то лучше я на девятую посмотрю.
Это в целом объясняет угасание интереса к сабжу.

если сделаешь расскажешь, как там на 9.0 CURRENT

[yko]

если сделаешь расскажешь, как там на 9.0 CURRENT

При ближайшем рассмотрении патча HRL обнаружилось:

Код: Выделить всё

[b]Limits to do:[/b]
- HRL_RESOURCE_CPUTIME
- HRL_RESOURCE_STACKSIZE
- HRL_RESOURCE_COREDUMPSIZE
- HRL_RESOURCE_MEMORYUSE
- HRL_RESOURCE_MEMORYLOCKED
- HRL_RESOURCE_SBSIZE
- HRL_RESOURCE_VMEMORYUSE

Limits done:
- HRL_RESOURCE_OPENFILES
- HRL_RESOURCE_DATASIZE
- HRL_RESOURCE_FILESIZE
- HRL_RESOURCE_MAXPROCESSES
- HRL_RESOURCE_PTY

Что говорит само за себя. за патч спасибо

[Ikinoki]

Есть где скачать?
Нашел видимо старый патч тут
http://kostjn.spb.ru/patch-jail-limit-8CURRENT.README
А последний есть где?

[yko]

Нашел видимо старый патч тут
http://kostjn.spb.ru/patch-jail-limit-8CURRENT.README

Я так понял, это и есть последний. Где-то выше по ветке написано, что разработка прекращена.

[manefesto]

Так что там с лимитами ?

[терминус_]

Так что там с лимитами ?

http://wiki.freebsd.org/Hierarchical_Resource_Limits

RCTL

This used to be called HRL, also called "Resource Containers"; it was later renamed to RCTL. Note that this is unrelated to Solaris command with the same name.

в каренте.