[Lxc-users] lxc & usrquota

Trent W. Buck Fri, 14 Jan 2011 02:47:05 -0800

If I'm reading this correctly, the hard, block, usrquota I set on /home
isn't being enforced within containers.


root@omega:~# repquota -psn /home
*** Report for user quotas on device /dev/mapper/omega-home
Block grace time: 7days; Inode grace time: 7days
                        Block limits                File limits
User            used    soft    hard  grace    used  soft  hard  grace
----------------------------------------------------------------------
#0        --      20       0       0      0       2     0     0      0
#1001     --      16    768G   1024G      0       4  197k  263k      0
#1002     --      16    768G   1024G      0       4  197k  263k      0
#1005     --      16    768G   1024G      0       4  197k  263k      0
#1140     --      16    768G   1024G      0       4  197k  263k      0
#1146     --      16    768G   1024G      0       4  197k  263k      0
#1154     --      16    768G   1024G      0       4  197k  263k      0
#1158     --      16    768G   1024G      0       4  197k  263k      0
#1170     --      16    768G   1024G      0       4  197k  263k      0
#1187     --   1243M    768G   1024G      0   40487  197k  263k      0
#1188     --      16    768G   1024G      0       4  197k  263k      0
#1200     --      16    768G   1024G      0       4  197k  263k      0
#2302     --      16    768G   1024G      0       4  197k  263k      0
#9067     --      16    768G   1024G      0       4  197k  263k      0
#9076     --      16    768G   1024G      0       4  197k  263k      0
#9078     --      16    768G   1024G      0       4  197k  263k      0
#9080     --      16    768G   1024G      0       4  197k  263k      0


I produced this by mounting /home with -ousrquota, bind mounting it in
containers, then git cloning the kernel a few times as user 1187.
The repquota above was run on the dom0, because quota QUERY programs
don't work in the containers -- they whinge because I deny them direct
access to block devices:

root@greed:~# repquota /home
repquota: Cannot stat() mounted device /dev/mapper/omega-home: No such file or 
directory
repquota: Mountpoint (or device) /home not found or has no quota enabled.
repquota: Not all specified mountpoints are using quota.


In case it matters: users are stored in a slapd container (RFC 2307),
and containers resolve them using PADL libnss-ldap.  The dom0 *doesn't*
resolve them, because I've deliberately not installed libnss-ldap on it.
This also prevents me checking if quotas are enforced on the dom0,
because I can't "su - 1187".


------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

[Lxc-users] lxc & usrquota

Reply via email to