fixed bootstrap of chat jail, added rctl limit config stuff

2024-12-15 18:48:41 +01:00
parent 862f2567b1
commit 7b60d8bf8c
10 changed files with 84 additions and 13 deletions
--- a/roles/server/files/rctl.conf
+++ b/roles/server/files/rctl.conf
@@ -0,0 +1,10 @@
+#
+# rctl.conf: restrictions  for jail  users.  The loginclass  "jail" is
+# being   created  inside   the   "pub"   jail's  /etc/login.conf   in
+# roles/pub/tasks/main.yaml. But we can  still configure the kernel to
+# accept rules based on this login class. Cool!
+loginclass:jail:maxproc:deny=50/user
+loginclass:jail:openfiles:deny=100/user
+loginclass:jail:pcpu:deny=20/user
+#loginclass:jail:cputime:sigkill=100/user
+