enforce_statfs showing leading path
Hi, I'm experimenting with enforce_statfs for the jails book, and have hit an inconsistency. Not sure if the bug should go to src or doc. Running last week's -current. According to jail(8): When set to 1, only mount points below the jail's chroot directory are visible. In addition to that, the path to the jail's chroot directory is removed from the front of their path??? names. Seems pretty clear that I shouldn't see anything other than # jls -h name enforce_statfs ... ioc-www1 1 So, as I read it, the jail's chroot directory should be stripped down to /. But inside the jail: root@www1:~ # mount iocage/iocage/jails/www1/root on / (zfs, local, nfsv4acls) devfs on /dev (devfs, local, multilabel) fdescfs on /dev/fd (fdescfs) I see the jail's chroot directory. This seems to contradict the man page, unless I'm misunderstanding. Is this a software bug? A ZFS thing? A doc bug? Or am I just an idiot? Also, should this path be stripped when enforce_statfs is set to 1 *or above*? Or is this strictly when set to 1? If I'm filing a bug, it might as well be complete... Thanks, ==ml -- Michael W. Lucashttps://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc... ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: enforce_statfs showing leading path
On 1/8/19, Michael W. Lucas wrote: > Hi, > > I'm experimenting with enforce_statfs for the jails book, and have hit > an inconsistency. Not sure if the bug should go to src or doc. Running > last week's -current. > > According to jail(8): > > When set to 1, only mount points below the jail's chroot > directory are visible. In addition to that, the path to the > jail's chroot directory is removed from the front of their > path‐ > names. > > Seems pretty clear that I shouldn't see anything other than > > # jls -h name enforce_statfs > ... > ioc-www1 1 > > So, as I read it, the jail's chroot directory should be stripped down > to /. But inside the jail: > > root@www1:~ # mount > iocage/iocage/jails/www1/root on / (zfs, local, nfsv4acls) > devfs on /dev (devfs, local, multilabel) > fdescfs on /dev/fd (fdescfs) > > I see the jail's chroot directory. > > This seems to contradict the man page, unless I'm misunderstanding. > > Is this a software bug? A ZFS thing? A doc bug? Or am I just an idiot? > > Also, should this path be stripped when enforce_statfs is set to 1 *or > above*? Or is this strictly when set to 1? If I'm filing a bug, it > might as well be complete... > The "path" you are seeing is dataset name, which you made to resemble the mount point. Whether full dataset name should be exposed or not is a very different question, does illumos do it? Worst case it should be trivial to add a sysctl to just obfuscate the name. -- Mateusz Guzik ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
