SK wrote on 2016/12/08 17:41:
On 08/12/2016 16:14, Miroslav Lachman wrote:
SK wrote on 2016/12/08 15:22:
So far I have tried to follow as many google results as possible using
jail, zfs, mountpoint, nullfs, manage zfs and so on. There were a few
sites coming up again and again but they were talking about ezjail (not
that I have anything against it, but I would prefer to be able to use
the base system as it is -- might help me learn a few things that ezjail
will hide from me :D)
If you want to manage ZFS dataset from withing a jail, then you need
to use zfs set jailed=on property (see man zfs). But this data set
cannot be mounted as nullfs, it should be dedicated to the jail.
You don't need ezjail because ezjail cannot do anything more than you
can do. It is just a shell script wrapper.
Miroslav Lachman
Hi Miroslav
Thank you for your response. I tried setting it up like that (use zfs
set jailed=on), and that did not work. I could not even run zfs from
within the jail. Maybe I did something wrong -- so I am setting up a
test box where I can try them all out.
I also came across these links
https://clinta.github.io/freebsd-jails-the-hard-way/
http://aaron.baugher.biz/unix/freebsd-jails-zfs-1
I will give these a try. However, neither confirms (or maybe I missed
it) if I can manage/manupulate the zfs datasets from within the jail --
and that seems to be the logical approach based on various emails on the
mailing lists. So, what I am really after is some kind of a
pointer/direction, maybe even a rough sketch of a how-to, that would
help in getting started at least. I am not new to jails -- it is just
that so far most of my jails were on UFS systems and I never encountered
this issue of data mismatch between what the Jail can see and what the
host can see.
Did you read man page carefully? Do you have /dev/zfs visible inside
jails /dev/? If not, you need to create your own rule inside
/etc/devfs.rules
Jails
A ZFS dataset can be attached to a jail by using the "zfs jail"
subcom‐
mand. You cannot attach a dataset to one jail and the children of the
same dataset to another jails. To allow management of the dataset from
within a jail, the jailed property has to be set and the jail needs
access to the /dev/zfs device. The quota property cannot be
changed from
within a jail. See jail(8) for information on how to allow
mounting ZFS
datasets from within a jail.
A ZFS dataset can be detached from a jail using the "zfs unjail"
subcom‐
mand.
After a dataset is attached to a jail and the jailed property is
set, a
jailed file system cannot be mounted outside the jail, since the jail
administrator might have set the mount point to an unacceptable value.
What are jails properties? Do you have something like this?
enforce_statfs=1 allow.mount=1 allow.mount.zfs=1 allow.mount.procfs=1
allow.mount.devfs=1
Then you need to run
zfs jail $JID tank/jail/testJail (put the real UID of running jail
and path to dedicated dataset)
Miroslav Lachman
_______________________________________________
freebsd-jail@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
