On 1/8/19, Michael W. Lucas <mwlu...@michaelwlucas.com> wrote: > Hi, > > I'm experimenting with enforce_statfs for the jails book, and have hit > an inconsistency. Not sure if the bug should go to src or doc. Running > last week's -current. > > According to jail(8): > > When set to 1, only mount points below the jail's chroot > directory are visible. In addition to that, the path to the > jail's chroot directory is removed from the front of their > path‐ > names. > > Seems pretty clear that I shouldn't see anything other than > > # jls -h name enforce_statfs > ... > ioc-www1 1 > > So, as I read it, the jail's chroot directory should be stripped down > to /. But inside the jail: > > root@www1:~ # mount > iocage/iocage/jails/www1/root on / (zfs, local, nfsv4acls) > devfs on /dev (devfs, local, multilabel) > fdescfs on /dev/fd (fdescfs) > > I see the jail's chroot directory. > > This seems to contradict the man page, unless I'm misunderstanding. > > Is this a software bug? A ZFS thing? A doc bug? Or am I just an idiot? > > Also, should this path be stripped when enforce_statfs is set to 1 *or > above*? Or is this strictly when set to 1? If I'm filing a bug, it > might as well be complete... >
The "path" you are seeing is dataset name, which you made to resemble the mount point. Whether full dataset name should be exposed or not is a very different question, does illumos do it? Worst case it should be trivial to add a sysctl to just obfuscate the name. -- Mateusz Guzik <mjguzik gmail.com> _______________________________________________ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
