acrn-kernel/Documentation/filesystems/quota.rst

86 lines
3.3 KiB
ReStructuredText

.. SPDX-License-Identifier: GPL-2.0
===============
Quota subsystem
===============
Quota subsystem allows system administrator to set limits on used space and
number of used inodes (inode is a filesystem structure which is associated with
each file or directory) for users and/or groups. For both used space and number
of used inodes there are actually two limits. The first one is called softlimit
and the second one hardlimit. A user can never exceed a hardlimit for any
resource (unless he has CAP_SYS_RESOURCE capability). User is allowed to exceed
softlimit but only for limited period of time. This period is called "grace
period" or "grace time". When grace time is over, user is not able to allocate
more space/inodes until he frees enough of them to get below softlimit.
Quota limits (and amount of grace time) are set independently for each
filesystem.
For more details about quota design, see the documentation in quota-tools package
(https://sourceforge.net/projects/linuxquota).
Quota netlink interface
=======================
When user exceeds a softlimit, runs out of grace time or reaches hardlimit,
quota subsystem traditionally printed a message to the controlling terminal of
the process which caused the excess. This method has the disadvantage that
when user is using a graphical desktop he usually cannot see the message.
Thus quota netlink interface has been designed to pass information about
the above events to userspace. There they can be captured by an application
and processed accordingly.
The interface uses generic netlink framework (see
https://lwn.net/Articles/208755/ and http://www.infradead.org/~tgr/libnl/ for
more details about this layer). The name of the quota generic netlink interface
is "VFS_DQUOT". Definitions of constants below are in <linux/quota.h>. Since
the quota netlink protocol is not namespace aware, quota netlink messages are
sent only in initial network namespace.
Currently, the interface supports only one message type QUOTA_NL_C_WARNING.
This command is used to send a notification about any of the above mentioned
events. Each message has six attributes. These are (type of the argument is
in parentheses):
QUOTA_NL_A_QTYPE (u32)
- type of quota being exceeded (one of USRQUOTA, GRPQUOTA)
QUOTA_NL_A_EXCESS_ID (u64)
- UID/GID (depends on quota type) of user / group whose limit
is being exceeded.
QUOTA_NL_A_CAUSED_ID (u64)
- UID of a user who caused the event
QUOTA_NL_A_WARNING (u32)
- what kind of limit is exceeded:
QUOTA_NL_IHARDWARN
inode hardlimit
QUOTA_NL_ISOFTLONGWARN
inode softlimit is exceeded longer
than given grace period
QUOTA_NL_ISOFTWARN
inode softlimit
QUOTA_NL_BHARDWARN
space (block) hardlimit
QUOTA_NL_BSOFTLONGWARN
space (block) softlimit is exceeded
longer than given grace period.
QUOTA_NL_BSOFTWARN
space (block) softlimit
- four warnings are also defined for the event when user stops
exceeding some limit:
QUOTA_NL_IHARDBELOW
inode hardlimit
QUOTA_NL_ISOFTBELOW
inode softlimit
QUOTA_NL_BHARDBELOW
space (block) hardlimit
QUOTA_NL_BSOFTBELOW
space (block) softlimit
QUOTA_NL_A_DEV_MAJOR (u32)
- major number of a device with the affected filesystem
QUOTA_NL_A_DEV_MINOR (u32)
- minor number of a device with the affected filesystem