> Would people be interested if I added such a feature? Limit the > highest allocatable pty to 90% when operating within a jail? e.g. > if you have 256 ptys both jail and normal tend to allocate ptys > from the bottom up, but the jail would not be allowed to allocate > past pty #227. This way if a jail eats all the ptys the sysadmin > can still ssh in. I think there is method to limit ptys without code change now. Usually my jail environment has the only fs without 'nodev' mounted in jail's /dev and this file system's directories protected by flags: 0myth/home/CVShome/ispdb-sfbsdr/ispdb(13)>l -o /jail/vhost/aaz/dev/ total 4 2 drwxr-xr-x 3 root wheel schg,sunlnk 1536 15 ΣΕΞ 02:57 ./ 1 drwxr-xr-x 15 root wheel - 512 10 ΣΕΞ 20:42 ../ 0 lrwx------ 1 root wheel - 4 15 ΣΕΞ 02:57 console@ -> null 1 dr-xr-xr-x 2 root wheel schg,sunlnk 1024 15 ΣΕΞ 02:57 fd/ 0 lrwx------ 1 root wheel - 4 15 ΣΕΞ 02:57 kmem@ -> null 0 lrwx------ 1 root wheel - 4 15 ΣΕΞ 02:57 mem@ -> null 0 crw-rw-rw- 1 root wheel sunlnk 2, 2 14 ΞΟΡ 06:58 null 0 crw-rw-rw- 1 root wheel sunlnk 6, 0 13 ΞΟΡ 18:29 ptyp0 0 crw-rw-rw- 1 root wheel sunlnk 6, 1 14 ΞΟΡ 04:06 ptyp1 .... and only limited number of ptys in that /dev
I use vn with labels set for a lot of /dev directories for jails 0myth/home/CVShome/ispdb-sfbsdr/ispdb(16)>grep vn /etc/fstab /dev/vn7s1b /jail/vhost/aaz/dev ufs rw,noauto 0 0 ... 0myth/home/CVShome/ispdb-sfbsdr/ispdb(17)>cat /etc/rc.local /usr/bin/gunzip -c /full.gz > /full /usr/sbin/vnconfig -cs labels /dev/vn7 /full /sbin/mount /jail/vhost/aaz/dev ... -- @BABOLO http://links.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
