# 17.8.jail 资源限制

控制 Jail 使用的资源是系统管理员需要考虑的任务。

使用 [rctl(8)](https://man.freebsd.org/cgi/man.cgi?query=rctl\&sektion=8\&format=html) 来管理 Jail 从主机系统使用的资源。

> **技巧**
>
> 必须在 **/boot/loader.conf** 中启用可调参数 `kern.racct.enable`。

限制 Jail 资源的语法如下：

```sh
rctl -a jail:<jail 名>:resource:action=amount/percentage
```

例如，要限制 Jail 可以访问的最大内存，可以执行以下命令：

```sh
# rctl -a jail:classic:memoryuse:deny=2G
```

为了使此限制在主机系统重启后仍然生效，需要将规则添加到 **/etc/rctl.conf** 文件中，如下所示：

```ini
jail:classic:memoryuse:deny=2G/jail
```

有关资源限制的更多信息，请参见安全章节中的 [资源限制部分](https://docs.freebsd.org/en/books/handbook/security/#security-resourcelimits)。


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://handbook.bsdcn.org/di-17-zhang-jail-yu-rong-qi/17.8.-jail-zi-yuan-xian-zhi.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.