On 22.09.2013 15:45, Fbsd8 wrote: > David Demelier wrote: >> Hello there, >> >> I wanted to use rctl within a jail to add more fine grained setting for >> some users, and default ones to. But it does not seem to work. Is it >> supported? Do we need to add a special flag to the jail creation? >> >> # rctl -a loginclass:default:maxproc:deny=30 >> rctl: rctl_add_rule: Operation not permitted >> >> Regards, >> >> David > > The rctl command is brand new. It does not have a group of users yet, so > that is why you have not received any replies to your post. > > As far as I know you can not issue the "rctl" command from within the > running jail. > > The "rctl" command is issued on the HOST only. > > You can apply rules to an entire jail if you want to, for example; to > limit the amount of memory a jail can use: > > # rctl -a jail:<jailname>:memoryuse:deny=1G > > (where <jailname> is the name of your jail). This would make sure the > jail can't use more than (approximately) 1 gigabyte of memory. > > To enable rctl on the host, you need to compile a custom kernel that > contains the following 2 parameters; > options RACCT > options RCTL >
Yes, I will also post a PR for this because no manpage is saying that you requires this on your kernel. I will provide a new manpage and a bit more documentation. > I think your rctl command would look like this when issued from the host > rctl -a jail:<jailname>:loginclass:default:maxproc:deny=30 > What I really want, is to avoid users to spawn too much processes (aka fork bombs). But if I apply to the jail directly, it also apply to the services jails, which is a bit not wanted. Regards, David _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"