On a FreeBSD 7.x machine, calling quotactl(2) from jail returns Operation not permitted and softwares that implement quota support via this call will fail. In our case dovecot was reporting errors when it tried to read the groupquota associated to our users. Following up on the problem we found out that the actual quota(1) command was working.
Checking quota with ktrace turns out that this command reads the raw quota file as a fallback after quotactl failed.
Looking into the kernel (vs_syscalls.c:201) tells us that quotactl is just turned off when queried from inside a jail.
Looking further into the same file show an interesting line which would control this behaviour, but is turned off.
A guy found exactly the same results in 2007, but got no response to his email.
To solve the problems (quick and dirty solution), do the following:
static int prison_quotas; to
static int prison_quotas=1;
The above seems to be fixed in FreeBSD 8, but its history goes way back to the 4.x branch and noone seems to know what the original purpose was.
As a side note, however if the fstab is not present in the actual jail, quota(1) will fail badly, but other progams using the quotactl(2) call will work properly.
Posted 2009/11/10 20:04 by alex