From nobody Sat Oct 21 11:44:37 2023 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SCKPL33WRz4xvG8 for ; Sat, 21 Oct 2023 11:44:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SCKPL21n7z3VFX for ; Sat, 21 Oct 2023 11:44:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1697888678; a=rsa-sha256; cv=none; b=KWqKWlojeBr+KUCQoqo3t/BGfxJwfu5zmVf60YZpWGBAMQF1hZbn4Ezmpwa4MWaEEFcWZP ShFniD3mlVzidURrNwfLkAIDsu2lHT+vXWZz8/Cos1UiWwJ9ncMiDX7za0DUitcuMykemr Lb1Tl31h11Dei2QtraU910Lmj3IMlo/AokfJeiCQM2LbixECGy0WUsRiJ5ytG5guY0D9gS DV+I6aEqCT6vwB/CUdWQkPFwfjRxKVvRaSB7R/4tmrSxo2L8vfTmeghwb472ODZ2AK8ZZH d3zR9PqF4wOk4L3NlV+9gPTi8w6dQYRA0vI8H2TcH/acLrT9Gr4DcFs/KrSu3w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1697888678; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lQkI7Nakz+/zq0+pXfeLYkKsVXOlA99as/GFSq1opLk=; b=q9HuuVhMpm8/67P8tBszgb9fXryp4UxRskur+wYIO4Sk/S+CwjZsmXx3/w3AHMRVzaHoir ZIAvc911uH5kGQuiKzxhJQKJb0aEwZduA3QJzWllzQIXMnzfpj/hWHIpMuqXgIKtkrcwrd /sblKPQfjHYVpvXNwtW2NpXH12imLBcfPHT9oJ+28isM6Qf0FfS0qr24qDWHzwb+9nwr6f p6fNlv84KH3JPBIeM+JPqeZIfLVpToX2b49W4VozQqfiOrSVzU1Y2RBcS0k82QUL46skQw AIUNzQL5SVu2P35Npp3NtfnG/lnUt+c4dV/f35dt58Nh8EUU6zUzaDXTEI/ZPw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SCKPL0zf6z9G for ; Sat, 21 Oct 2023 11:44:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 39LBicKW035209 for ; Sat, 21 Oct 2023 11:44:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 39LBicbD035208 for jail@FreeBSD.org; Sat, 21 Oct 2023 11:44:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 274568] rc.conf(5): Empty "jail_list" does not start jails defined in "/etc/jail.conf.d" Date: Sat, 21 Oct 2023 11:44:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 13.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: antranigv@freebsd.am X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274568 Antranig Vartanian changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |antranigv@freebsd.am --- Comment #3 from Antranig Vartanian --- Greetings, In FreeBSD 13.2-RELEASE, jail_list=3D"" will start the jails that are defin= ed in jail.conf. If you want to start the jails in jails.conf.d, you have to use jail_list. In FreeBSD 14, the behavior seems to be the same (at least according to the code). However, you can do the following in jail.conf .include("/etc/jail.conf.d/foo.conf") which is better than using jail_list, as it will give you the ability to use features such as depends, multi-layer includes, etc. This, indeed, seems like a bug in documentation. I will fix it. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Mon Nov 6 18:07:06 2023 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SPK7Z6BG1z50VGQ for ; Mon, 6 Nov 2023 18:07:22 +0000 (UTC) (envelope-from bsdunix44@gmail.com) Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SPK7Y482Kz4Vtj for ; Mon, 6 Nov 2023 18:07:21 +0000 (UTC) (envelope-from bsdunix44@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=V737mxBe; spf=pass (mx1.freebsd.org: domain of bsdunix44@gmail.com designates 2607:f8b0:4864:20::42a as permitted sender) smtp.mailfrom=bsdunix44@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-pf1-x42a.google.com with SMTP id d2e1a72fcca58-6b7f0170d7bso4800544b3a.2 for ; Mon, 06 Nov 2023 10:07:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699294040; x=1699898840; darn=freebsd.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=049FcUs4APxs0gSi3uF6FYS1s9TTnAhFzS0LeWQWwSw=; b=V737mxBegXnFpArfqctTJOKwxtldpWkIKHLRKEjlBSo15xVMPGbU1XYd1ni9iUZV/U jHC8g4MT/MemR4NZ3V3hrHADwXu6jOAO65Cpdf2np25MGTJQ2Y5PzXmZTzjPwOlOeYv3 71aDgESsqODylq25rKsKwdR2P5SwemKBOa1Uo/oYAjWR6eg0r7xdUr5mqC7JnsKsWnIU bcoK7naJR5dFd6VR+QaduZAjbdEaJ5v9X94I07M+pUIzxEcRxomI1oSco719JEVPxtpx MTCNrct0AW3N5NM94Vq6CcutnNrO9ccRg9i76WT+YumjCUiwYw8md6B6+JnWw/SYfCwX s8/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699294040; x=1699898840; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=049FcUs4APxs0gSi3uF6FYS1s9TTnAhFzS0LeWQWwSw=; b=tOt6NpNzR95quF1SARR4gRmsy7blHht55mKX9T/UfMtWGoYJkvXjDhsTQZQBOG5HE7 rJ4iIG6kQ6SldT/6yxo3Y7UykKJN0F753UjMIfFmYTITOLs2LkB8SJjMaTYT6O2rJZ6G DwMve7+dySeoFDr3ngrsKyRXAzrUXm6qOzzIoP+guCPNWBiUUbfQLFxpiJ2qPWteh7GP O8gSJHwpCcDxiP+Ardwr6baJWvbo91IbjLyZgK4LxT/N8BHpMw7hcx8EYH8jp6ilfcmR jF1C1zNL17j7/SMiE5L8kgmVcAz7gpIkCNo7WPaznFDJAObt43AUeJNgTxBeD1D0EMXa xplw== X-Gm-Message-State: AOJu0YwKutduK+qzNEucj9hww7uR7TOUxDA8FY9l0diVkTII1i6CsNf1 zoW0+MIzANFH+SwTyG5hLSNhn8OdKgrmNs69LKjDHIgbACTgbg== X-Google-Smtp-Source: AGHT+IGn8abV4dL9PoJIbs4sybXMX/txJCOcyn3WOZHUqFA7tAZ0g5jW8PTDcBbGDl4RyiteVBjJgGa+WK55ItuLOcg= X-Received: by 2002:a05:6a00:114c:b0:6be:59f:5172 with SMTP id b12-20020a056a00114c00b006be059f5172mr34740713pfm.19.1699294039906; Mon, 06 Nov 2023 10:07:19 -0800 (PST) List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 From: Chris Watson Date: Mon, 6 Nov 2023 12:07:06 -0600 Message-ID: Subject: I can get zfs snapshot/rollback in a jail to work 99% but it isn't quite 100% working. What am I missing? To: freebsd-jail@freebsd.org Content-Type: multipart/alternative; boundary="0000000000009e20d606097fb9ed" X-Spamd-Result: default: False [0.57 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_SHORT(-1.00)[-0.999]; NEURAL_SPAM_MEDIUM(1.00)[0.997]; NEURAL_SPAM_LONG(0.57)[0.571]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::42a:from]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_DN_NONE(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; RCVD_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MLMMJ_DEST(0.00)[freebsd-jail@freebsd.org] X-Rspamd-Queue-Id: 4SPK7Y482Kz4Vtj X-Spamd-Bar: / --0000000000009e20d606097fb9ed Content-Type: text/plain; charset="UTF-8" I've been trying to get a zfs dataset delegated into a jail (to run PG on), and allow snapshots and rollback to take place inside the jail. I can get the dataset mounted into the jail, I can get zfs to take the snapshot, list the snapshot, but when I rollback or try to ls -la the directory to see the '.zfs' dir it isn't there and the zfs rollback completes but it doesn't actually rollback. I'm so close to getting this to work! I'm just missing *something* in the sauce. When I do the zfs rollback zfs looks like it completes the rollback and goes back to a shell prompt but the files I remove before the rollback are not in the /var/db/postgres/data16 directory nor is ".zfs" shown in ls -la. So something is wonky on my end. I'm so close, it's halfway there, it looks like it takes a snapshot, the snapshot shows up in a zfs list -t snapshot, but it's also not really there. I'm doing something just slightly wrong here. I just cant figure out what I have wrong. Below are the configs: # The jail's config https://bsd.to/P176 # zfs list from inside the jail https://bsd.to/mPde # zfs list -t snapshot from inside the jail https://bsd.to/R8dw # ls -la /var/db/postgres/data16 output from inside the jail https://bsd.to/1di2 # rc.conf of the jail https://bsd.to/JcnH The jail is running 13.2-P4. Using bastillebsd 0.10.20231013 for creation/management. Thanks! Chris --0000000000009e20d606097fb9ed Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I've been trying to get a zfs dataset delegated into a= jail (to run PG on), and allow snapshots and rollback to take place inside= the jail. I can get the dataset mounted into the jail, I can get zfs to ta= ke the snapshot, list the snapshot, but when I rollback or try to ls -la th= e directory to see the '.zfs' dir it isn't there and the zfs ro= llback completes but it doesn't actually rollback. I'm so close to = getting this to work! I'm just missing *something* in the sauce. When I= do the zfs rollback zfs looks like it completes the rollback and goes back= to a shell prompt but the files I remove before the rollback are not in th= e /var/db/postgres/data16 directory nor is ".zfs" shown in ls -la= . So something is wonky on my end. I'm so close, it's halfway there= , it looks like it takes a snapshot, the snapshot shows up in a zfs list -t= snapshot, but it's also not really there. I'm doing something just= slightly wrong here. I just cant figure out what I have wrong.

Below are the configs:
# The jail's config
# zfs lis= t from inside the jail
# zfs list -t snapshot from inside the jail# ls -la /var/db/postgres/data16 output from inside the jail
https://bsd.to/1di2
# rc.co= nf of the jail

The jail is running 13.2-P4.
U= sing bastillebsd 0.10.20231013 for creation/management.

Thanks!
Chris
--0000000000009e20d606097fb9ed-- From nobody Mon Nov 6 20:35:06 2023 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SPNQJ30Y7z502r8 for ; Mon, 6 Nov 2023 20:35:20 +0000 (UTC) (envelope-from DtxdF@disroot.org) Received: from layka.disroot.org (layka.disroot.org [178.21.23.139]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SPNQH0MM1z3TBV for ; Mon, 6 Nov 2023 20:35:19 +0000 (UTC) (envelope-from DtxdF@disroot.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=disroot.org header.s=mail header.b=gvoPtbZk; spf=pass (mx1.freebsd.org: domain of DtxdF@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=DtxdF@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 8EAFE44D48 for ; Mon, 6 Nov 2023 21:35:11 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FxFN90VlVXLF for ; Mon, 6 Nov 2023 21:35:10 +0100 (CET) Date: Mon, 06 Nov 2023 20:35:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1699302910; bh=qWd7DwYAoM4qBEbdm+th1te86Gsnr6ZL3FzM+DKmwds=; h=Date:From:To:Subject:In-Reply-To:References; b=gvoPtbZkgMjJzUxBISqBaaczXvrhyViiamLL6NcV4NSfxt6tP99KAtrZ26KOm0DP5 GcAnNLH+7Th7fc4j5T3x02WMGuCVgFsiomYpcDuQF4j6BNQA4kDEPBSqHVlgSpBryP yqVlucGJ+PoLhd+C5Ak2sEorradcfmsxaxlXcSwTHZw70GnD2AGZ6QJ5jZ5+uMOADy WOwJ7DZZUFt9hPp7bCoqbERSoMS4rT3MiWMP8NgFhGLgXbXTCpuXxFdJSwoGm9NJK7 NwWJZwf7TXsJEw3OQR5RcsAfCGIHbd6nHevAtU1JQUsYGAOHMT+MVOQfUvNNDERe1V auRyyHeMNTEOQ== From: DtxdF To: freebsd-jail@freebsd.org Subject: =?US-ASCII?Q?Re=3A_I_can_get_zfs_snapshot/rollback_in_a_jail_to_work_?= =?US-ASCII?Q?99=25_but_it_isn=27t_quite_100=25?= =?US-ASCII?Q?_working=2E_What_am_I_missing=3F?= In-Reply-To: References: Message-ID: List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----BSOZDAK4XRKBNCKWL0CKWPTSAUYJFS Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-1.80 / 15.00]; SUBJ_EXCESS_QP(1.20)[]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,reject]; R_SPF_ALLOW(-0.20)[+a]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MLMMJ_DEST(0.00)[freebsd-jail@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; BLOCKLISTDE_FAIL(0.00)[178.21.23.139:server fail]; TO_MATCH_ENVRCPT_ALL(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4SPNQH0MM1z3TBV X-Spamd-Bar: - ------BSOZDAK4XRKBNCKWL0CKWPTSAUYJFS Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Chris, Maybe your dataset is not mounted inside the jail=2E I thought that simply= enabling `/etc/rc=2Ed/zfs` was fine, but no, it just doesn't work=2E I don= 't know if this behavior is a bug or something else, but at the moment I do= n't have time to investigate=2E I have a similar setup for a jail with a delegated dataset=2E I use AppJai= l, but the steps are similar to other tools: ``` # zfs create -o jailed=3Don -o mountpoint=3D/jailed zroot/jailed # appjail quick jtest \ mount_devfs \ device=3D'include $devfsrules_hide_all' \ device=3D'include $devfsrules_unhide_basic' \ device=3D'include $devfsrules_unhide_login' \ device=3D'path zfs unhide' \ template=3Dtemplate=2Econf \ overwrite=3Dforce \ start ``` In AppJail, a template configuration file is similar to `jail=2Econf(5)`: ``` # cat template=2Econf exec=2Estart: "/bin/sh /etc/rc" exec=2Estop: "/bin/sh /etc/rc=2Eshutdown jail" allow=2Emount allow=2Emount=2Ezfs enforce_statfs: 1 exec=2Epoststart: "zfs jail ${name} zroot/jailed" exec=2Epoststart+: "appjail cmd jexec ${name} zfs mount zroot/jailed" exec=2Eprestop: "appjail cmd jexec ${name} zfs umount zroot/jailed" exec=2Eprestop+: "zfs unjail ${name} zroot/jailed" ``` As you can see, the dataset is mounted after running `zfs-jail(8)`=2E The = steps are similar when the jail is stopped, but the dataset is unmounted an= d `zfs-unjail(8)` is executed=2E Inside the jail I can see the mounted datasets: ``` # appjail cmd jexec jtest zfs list -r NAME USED AVAIL REFER MOUNTPOINT zroot 34=2E1G 249G 96K /zroot zroot/jailed 96K 249G 96K /jailed # appjail cmd jexec jtest mount -t zfs zroot/appjail/jails/jtest/jail on / (zfs, local, noatime, nfsv4acls) zroot/jailed on /jailed (zfs, local, noatime, nfsv4acls) # appjail cmd jexec jtest ls /jailed index=2Etxt # appjail cmd jexec jtest cat /jailed/index=2Etxt Hi! ``` And I can use `zfs-rollback(8)` just fine: ``` # appjail cmd jexec jtest zfs snapshot zroot/jailed@guard # appjail cmd jexec jtest zfs list -t snapshot zroot/jailed NAME USED AVAIL REFER MOUNTPOINT zroot/jailed@guard 0B - 96K - # appjail cmd jexec jtest dd if=3D/dev/random of=3D/jailed/index=2Etxt bs= =3D16 count=3D1 1+0 records in 1+0 records out 16 bytes transferred in 0=2E000102 secs (157318 bytes/sec) # appjail cmd jexec jtest hd /jailed/index=2Etxt 00000000 a1 26 2a 9c f5 96 7b 81 90 8d ba 36 d6 f9 4d 93 |=2E&*=2E=2E= =2E{=2E=2E=2E=2E6=2E=2EM=2E| 00000010 # appjail cmd jexec jtest zfs list -t snapshot zroot/jailed NAME USED AVAIL REFER MOUNTPOINT zroot/jailed@guard 56K - 96K - # appjail cmd jexec jtest zfs rollback zroot/jailed@guard # appjail cmd jexec jtest hd /jailed/index=2Etxt 00000000 48 69 21 0a |Hi!=2E| 00000004 ``` I hope this can help you=2E ~ DtxdF El 6 de noviembre de 2023 6:07:06 p=2E m=2E UTC, Chris Watson escribi=C3=B3: >I've been trying to get a zfs dataset delegated into a jail (to run PG on= ), >and allow snapshots and rollback to take place inside the jail=2E I can g= et >the dataset mounted into the jail, I can get zfs to take the snapshot, li= st >the snapshot, but when I rollback or try to ls -la the directory to see t= he >'=2Ezfs' dir it isn't there and the zfs rollback completes but it doesn't >actually rollback=2E I'm so close to getting this to work! I'm just missi= ng >*something* in the sauce=2E When I do the zfs rollback zfs looks like it >completes the rollback and goes back to a shell prompt but the files I >remove before the rollback are not in the /var/db/postgres/data16 directo= ry >nor is "=2Ezfs" shown in ls -la=2E So something is wonky on my end=2E I'm= so >close, it's halfway there, it looks like it takes a snapshot, the snapsho= t >shows up in a zfs list -t snapshot, but it's also not really there=2E I'm >doing something just slightly wrong here=2E I just cant figure out what I >have wrong=2E > >Below are the configs: ># The jail's config >https://bsd=2Eto/P176 ># zfs list from inside the jail >https://bsd=2Eto/mPde ># zfs list -t snapshot from inside the jail >https://bsd=2Eto/R8dw ># ls -la /var/db/postgres/data16 output from inside the jail >https://bsd=2Eto/1di2 ># rc=2Econf of the jail >https://bsd=2Eto/JcnH > >The jail is running 13=2E2-P4=2E >Using bastillebsd 0=2E10=2E20231013 for creation/management=2E > >Thanks! >Chris ------BSOZDAK4XRKBNCKWL0CKWPTSAUYJFS Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Hi Chris,

Maybe your data= set is not mounted inside the jail=2E I thought that simply enabling `/etc/= rc=2Ed/zfs` was fine, but no, it just doesn't work=2E I don't know if this = behavior is a bug or something else, but at the moment I don't have time to= investigate=2E

I have a similar setup for a jail with a delegated d= ataset=2E I use AppJail, but the steps are similar to other tools:

`= ``
# zfs create -o jailed=3Don -o mountpoint=3D/jailed zroot/jailed
#= appjail quick jtest \
mount_devfs \
device=3D'include $devfsrules_= hide_all' \
device=3D'include $devfsrules_unhide_basic' \
device=3D= 'include $devfsrules_unhide_login' \
device=3D'path zfs unhide' \
t= emplate=3Dtemplate=2Econf \
overwrite=3Dforce \
start
```
In AppJail, a template configuration file is similar to `jail=2Econf(5)`:<= br>
```
# cat template=2Econf
exec=2Estart: "/bin/sh /etc/rc"
e= xec=2Estop: "/bin/sh /etc/rc=2Eshutdown jail"
allow=2Emount
allow=2Em= ount=2Ezfs
enforce_statfs: 1
exec=2Epoststart: "zfs jail ${name} zroo= t/jailed"
exec=2Epoststart+: "appjail cmd jexec ${name} zfs mount zroot/= jailed"
exec=2Eprestop: "appjail cmd jexec ${name} zfs umount zroot/jail= ed"
exec=2Eprestop+: "zfs unjail ${name} zroot/jailed"
```

As = you can see, the dataset is mounted after running `zfs-jail(8)`=2E The step= s are similar when the jail is stopped, but the dataset is unmounted and `z= fs-unjail(8)` is executed=2E

Inside the jail I can see the mounted d= atasets:

```
# appjail cmd jexec jtest zfs list -r
NAME=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 USED=C2=A0 AVAIL=C2= =A0=C2=A0=C2=A0=C2=A0 REFER=C2=A0 MOUNTPOINT
zroot=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 34=2E1G=C2=A0=C2=A0 249G=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0 96K=C2=A0 /zroot
zroot/jailed=C2=A0=C2=A0=C2=A0 96K=C2= =A0=C2=A0 249G=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 96K=C2=A0 /jailed
# a= ppjail cmd jexec jtest mount -t zfs
zroot/appjail/jails/jtest/jail on / = (zfs, local, noatime, nfsv4acls)
zroot/jailed on /jailed (zfs, local, no= atime, nfsv4acls)
# appjail cmd jexec jtest ls /jailed
index=2Etxt# appjail cmd jexec jtest cat /jailed/index=2Etxt
Hi!
```

And= I can use `zfs-rollback(8)` just fine:

```
# appjail cmd jexec j= test zfs snapshot zroot/jailed@guard
# appjail cmd jexec jtest zfs list = -t snapshot zroot/jailed
NAME=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 USED=C2=A0 AVAIL=C2= =A0=C2=A0=C2=A0=C2=A0 REFER=C2=A0 MOUNTPOINT
zroot/jailed@guard=C2=A0=C2= =A0=C2=A0=C2=A0 0B=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 -=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 96K=C2=A0 -
# appjail cmd jexec jtest dd if=3D/dev/random o= f=3D/jailed/index=2Etxt bs=3D16 count=3D1
1+0 records in
1+0 records = out
16 bytes transferred in 0=2E000102 secs (157318 bytes/sec)
# appj= ail cmd jexec jtest hd /jailed/index=2Etxt
00000000=C2=A0 a1 26 2a 9c f5= 96 7b 81=C2=A0 90 8d ba 36 d6 f9 4d 93=C2=A0 |=2E&*=2E=2E=2E{=2E=2E=2E= =2E6=2E=2EM=2E|
00000010
# appjail cmd jexec jtest zfs list -t snapsh= ot zroot/jailed
NAME=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 USED=C2=A0 AVAIL=C2=A0=C2=A0= =C2=A0=C2=A0 REFER=C2=A0 MOUNTPOINT
zroot/jailed@guard=C2=A0=C2=A0=C2=A0= 56K=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 96= K=C2=A0 -
# appjail cmd jexec jtest zfs rollback zroot/jailed@guard
#= appjail cmd jexec jtest hd /jailed/index=2Etxt
00000000=C2=A0 48 69 21 = 0a=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 |Hi!=2E|
00000004
```

I hope this can help you=2E
~ DtxdF


El 6 de= noviembre de 2023 6:07:06 p=2E m=2E UTC, Chris Watson <bsdunix44@gmail= =2Ecom> escribi=C3=B3:
I've been trying to get a zfs dataset delegated into a ja= il (to run PG on), and allow snapshots and rollback to take place inside th= e jail=2E I can get the dataset mounted into the jail, I can get zfs to tak= e the snapshot, list the snapshot, but when I rollback or try to ls -la the= directory to see the '=2Ezfs' dir it isn't there and the zfs rollback comp= letes but it doesn't actually rollback=2E I'm so close to getting this to w= ork! I'm just missing *something* in the sauce=2E When I do the zfs rollbac= k zfs looks like it completes the rollback and goes back to a shell prompt = but the files I remove before the rollback are not in the /var/db/postgres/= data16 directory nor is "=2Ezfs" shown in ls -la=2E So something is wonky o= n my end=2E I'm so close, it's halfway there, it looks like it takes a snap= shot, the snapshot shows up in a zfs list -t snapshot, but it's also not re= ally there=2E I'm doing something just slightly wrong here=2E I just cant f= igure out what I have wrong=2E

Below are the configs:
# The jail's config
# zfs list from inside the jail
#= zfs list -t snapshot from inside the jail
# ls -la /var/db/postgr= es/data16 output from inside the jail
# rc=2Econf of the jail=

The jail is running 13=2E2-P4=2E
Using bastil= lebsd 0=2E10=2E20231013 for creation/management=2E

Thanks!
Chris
------BSOZDAK4XRKBNCKWL0CKWPTSAUYJFS-- From nobody Tue Nov 7 03:45:57 2023 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SPYzQ10hwz50KvS for ; Tue, 7 Nov 2023 03:46:10 +0000 (UTC) (envelope-from bsdunix44@gmail.com) Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SPYzP3vwhz3bsZ for ; Tue, 7 Nov 2023 03:46:09 +0000 (UTC) (envelope-from bsdunix44@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-1cc3388621cso48028355ad.1 for ; Mon, 06 Nov 2023 19:46:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699328768; x=1699933568; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6M2QsscCDgKRhVHrB5B3Q0cjyrwLJ2YR324CSKuY9n4=; b=DB/6yQYVzWz9h29HOHiwcfLAthgbV1czbyw4uzFkrsweJHxIcMgtco5lubtYjXe6gO VWZQvpqLx+4qavDqVbgSumX80q+RURjjjNuqItzx+AGBxcYLS6xgPbFGIwcvdFwdPFNy U5CwFe5or/R8CuAmONfYGiB0ny7cKpai5OOId1eLyfRnMUMwsEpwWARrTwV5nr3+Xo5U ImllwzAwBJ3+yv9ZNrIUwCqb1BajyantI8Jckgjb0ptUKG04Ve6zeYimFJG5W6vVXk/9 rRVYcyA35gGn9JYiTeo1wkAlS+r0Z1eO05pp8WvmBYUYrnBRPWuRJTt2F7ddCvkwqX5U d23A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699328768; x=1699933568; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6M2QsscCDgKRhVHrB5B3Q0cjyrwLJ2YR324CSKuY9n4=; b=KSiMHg3E2seYmB8I/YvM9opRG4VMIUjWW3WRbgguevYRNpznSIvUZY4vywd+Uv6WhP npkjQHLWqR8jyPRj00wz6LmbDC9m5IoCB6bwJGL38D69UHUHxYdhpT8rIQ4plomIDMaz tfPuhtrSaybQwOPzxIWV4OKYegTcMN3PLmqpp0c5HdUnibotyCoEp5KoOa3KTeyF4+6V q3eb2EBYln1pFtNkN2hRanM68G/k8S9tiXH04ibX99m7tKcl2wtbM9KotOha1wX/wIXy 7C3iqPxOezu7VIlM2sI5hP2qGEpfugHJDzArxg90kmN+BNXB6SIiBHwcigNhU9E4Nz/P 33Dg== X-Gm-Message-State: AOJu0YzHZ9/lPGbGLnrZ9t5RltTsvg76YW9cpvrIJFd3ii4bkguzIeKG lOXzUEAOWZyVZnHQS6CSI52FCYi+oTLsJ+I2UFM= X-Google-Smtp-Source: AGHT+IFigdnQHNtN8A0iACxX9eQdn0CE0ENrn2uZM9ofUcu4zlgts1vXCApdZ/wT6GT1hVp+g7TdU6sn+aNAwRAhMIU= X-Received: by 2002:a17:90b:38d0:b0:27d:433e:e69c with SMTP id nn16-20020a17090b38d000b0027d433ee69cmr2226520pjb.18.1699328768178; Mon, 06 Nov 2023 19:46:08 -0800 (PST) List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: Chris Watson Date: Mon, 6 Nov 2023 21:45:57 -0600 Message-ID: Subject: Re: I can get zfs snapshot/rollback in a jail to work 99% but it isn't quite 100% working. What am I missing? To: DtxdF Cc: freebsd-jail@freebsd.org Content-Type: multipart/alternative; boundary="000000000000958012060987cfc3" X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4SPYzP3vwhz3bsZ --000000000000958012060987cfc3 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable So as I mentioned I=E2=80=99ve able to mail the dataset. It gets mounted up= on starting the jail. It shows up in =E2=80=9Czfs list=E2=80=9D. And when I do= zfs snapshot on the dataset it appears to create the snapshot as it shows up in a =E2=80=9C= zfs list -t snapshot=E2=80=9D but the snapdir isn=E2=80=99t visible even after setti= ng snapdir to visible, and when I rollback using the snapshot it doesn=E2=80=99t actually rollback. I=E2=80=99m so close to this working, something just isn=E2=80=99= t right and I can=E2=80=99t figure out what. I really wish this was written up in the han= dbook. =E2=80=9CHow to jail a dataset from the host=E2=80=9D and =E2=80=9Chow to s= napshot and rollback a jailed dataset=E2=80=9D. :) if I figure this I=E2=80=99ll definitely be wri= ting this up. Chris On Mon, Nov 6, 2023 at 2:35 PM DtxdF wrote: > Hi Chris, > > Maybe your dataset is not mounted inside the jail. I thought that simply > enabling `/etc/rc.d/zfs` was fine, but no, it just doesn't work. I don't > know if this behavior is a bug or something else, but at the moment I don= 't > have time to investigate. > > I have a similar setup for a jail with a delegated dataset. I use AppJail= , > but the steps are similar to other tools: > > ``` > # zfs create -o jailed=3Don -o mountpoint=3D/jailed zroot/jailed > # appjail quick jtest \ > mount_devfs \ > device=3D'include $devfsrules_hide_all' \ > device=3D'include $devfsrules_unhide_basic' \ > device=3D'include $devfsrules_unhide_login' \ > device=3D'path zfs unhide' \ > template=3Dtemplate.conf \ > overwrite=3Dforce \ > start > ``` > > In AppJail, a template configuration file is similar to `jail.conf(5)`: > > ``` > # cat template.conf > exec.start: "/bin/sh /etc/rc" > exec.stop: "/bin/sh /etc/rc.shutdown jail" > allow.mount > allow.mount.zfs > enforce_statfs: 1 > exec.poststart: "zfs jail ${name} zroot/jailed" > exec.poststart+: "appjail cmd jexec ${name} zfs mount zroot/jailed" > exec.prestop: "appjail cmd jexec ${name} zfs umount zroot/jailed" > exec.prestop+: "zfs unjail ${name} zroot/jailed" > ``` > > As you can see, the dataset is mounted after running `zfs-jail(8)`. The > steps are similar when the jail is stopped, but the dataset is unmounted > and `zfs-unjail(8)` is executed. > > Inside the jail I can see the mounted datasets: > > ``` > # appjail cmd jexec jtest zfs list -r > NAME USED AVAIL REFER MOUNTPOINT > zroot 34.1G 249G 96K /zroot > zroot/jailed 96K 249G 96K /jailed > # appjail cmd jexec jtest mount -t zfs > zroot/appjail/jails/jtest/jail on / (zfs, local, noatime, nfsv4acls) > zroot/jailed on /jailed (zfs, local, noatime, nfsv4acls) > # appjail cmd jexec jtest ls /jailed > index.txt > # appjail cmd jexec jtest cat /jailed/index.txt > Hi! > ``` > > And I can use `zfs-rollback(8)` just fine: > > ``` > # appjail cmd jexec jtest zfs snapshot zroot/jailed@guard > # appjail cmd jexec jtest zfs list -t snapshot zroot/jailed > NAME USED AVAIL REFER MOUNTPOINT > zroot/jailed@guard 0B - 96K - > # appjail cmd jexec jtest dd if=3D/dev/random of=3D/jailed/index.txt bs= =3D16 > count=3D1 > 1+0 records in > 1+0 records out > 16 bytes transferred in 0.000102 secs (157318 bytes/sec) > # appjail cmd jexec jtest hd /jailed/index.txt > 00000000 a1 26 2a 9c f5 96 7b 81 90 8d ba 36 d6 f9 4d 93 > |.&*...{....6..M.| > 00000010 > # appjail cmd jexec jtest zfs list -t snapshot zroot/jailed > NAME USED AVAIL REFER MOUNTPOINT > zroot/jailed@guard 56K - 96K - > # appjail cmd jexec jtest zfs rollback zroot/jailed@guard > # appjail cmd jexec jtest hd /jailed/index.txt > 00000000 48 69 21 0a |Hi!.| > 00000004 > ``` > > I hope this can help you. > > > ~ DtxdF > > > El 6 de noviembre de 2023 6:07:06 p. m. UTC, Chris Watson < > bsdunix44@gmail.com> escribi=C3=B3: > >> I've been trying to get a zfs dataset delegated into a jail (to run PG >> on), and allow snapshots and rollback to take place inside the jail. I c= an >> get the dataset mounted into the jail, I can get zfs to take the snapsho= t, >> list the snapshot, but when I rollback or try to ls -la the directory to >> see the '.zfs' dir it isn't there and the zfs rollback completes but it >> doesn't actually rollback. I'm so close to getting this to work! I'm jus= t >> missing *something* in the sauce. When I do the zfs rollback zfs looks l= ike >> it completes the rollback and goes back to a shell prompt but the files = I >> remove before the rollback are not in the /var/db/postgres/data16 direct= ory >> nor is ".zfs" shown in ls -la. So something is wonky on my end. I'm so >> close, it's halfway there, it looks like it takes a snapshot, the snapsh= ot >> shows up in a zfs list -t snapshot, but it's also not really there. I'm >> doing something just slightly wrong here. I just cant figure out what I >> have wrong. >> >> Below are the configs: >> # The jail's config >> https://bsd.to/P176 >> # zfs list from inside the jail >> https://bsd.to/mPde >> # zfs list -t snapshot from inside the jail >> https://bsd.to/R8dw >> # ls -la /var/db/postgres/data16 output from inside the jail >> https://bsd.to/1di2 >> # rc.conf of the jail >> https://bsd.to/JcnH >> >> The jail is running 13.2-P4. >> Using bastillebsd 0.10.20231013 for creation/management. >> >> Thanks! >> Chris >> > --000000000000958012060987cfc3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
So as I mentioned I=E2=80=99ve able to mail the dataset. = It gets mounted upon starting the jail. It shows up in =E2=80=9Czfs list=E2= =80=9D. And when I do zfs snapshot on the dataset it appears to create the = snapshot as it shows up in a =E2=80=9Czfs list -t snapshot=E2=80=9D but the= snapdir isn=E2=80=99t visible even after setting snapdir to visible, and w= hen I rollback using the snapshot it doesn=E2=80=99t actually rollback. I= =E2=80=99m so close to this working, something just isn=E2=80=99t right and= I can=E2=80=99t figure out what. I really wish this was written up in the = handbook. =E2=80=9CHow to jail a dataset from the host=E2=80=9D and =E2=80= =9Chow to snapshot and rollback a jailed dataset=E2=80=9D. :) if I figure t= his I=E2=80=99ll definitely be writing this up.=C2=A0

Chris=C2=A0

On Mon, Nov 6, 2023 at 2:35 P= M DtxdF <DtxdF@disroot.org> = wrote:
Hi Chris,

Ma= ybe your dataset is not mounted inside the jail. I thought that simply enab= ling `/etc/rc.d/zfs` was fine, but no, it just doesn't work. I don'= t know if this behavior is a bug or something else, but at the moment I don= 't have time to investigate.

I have a similar setup for a jail w= ith a delegated dataset. I use AppJail, but the steps are similar to other = tools:

```
# zfs create -o jailed=3Don -o mountpoint=3D/jailed zr= oot/jailed
# appjail quick jtest \
mount_devfs \
device=3D'i= nclude $devfsrules_hide_all' \
device=3D'include $devfsrules_un= hide_basic' \
device=3D'include $devfsrules_unhide_login' \=
device=3D'path zfs unhide' \
template=3Dtemplate.conf \ overwrite=3Dforce \
start
```

In AppJail, a template config= uration file is similar to `jail.conf(5)`:

```
# cat template.con= f
exec.start: "/bin/sh /etc/rc"
exec.stop: "/bin/sh /e= tc/rc.shutdown jail"
allow.mount
allow.mount.zfs
enforce_stat= fs: 1
exec.poststart: "zfs jail ${name} zroot/jailed"
exec.= poststart+: "appjail cmd jexec ${name} zfs mount zroot/jailed"exec.prestop: "appjail cmd jexec ${name} zfs umount zroot/jailed"= ;
exec.prestop+: "zfs unjail ${name} zroot/jailed"
```
<= br>As you can see, the dataset is mounted after running `zfs-jail(8)`. The = steps are similar when the jail is stopped, but the dataset is unmounted an= d `zfs-unjail(8)` is executed.

Inside the jail I can see the mounted= datasets:

```
# appjail cmd jexec jtest zfs list -r
NAME=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 USED=C2=A0 AVAIL= =C2=A0=C2=A0=C2=A0=C2=A0 REFER=C2=A0 MOUNTPOINT
zroot=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 34.1G=C2=A0=C2=A0 249G=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0 96K=C2=A0 /zroot
zroot/jailed=C2=A0=C2=A0=C2=A0 96K=C2= =A0=C2=A0 249G=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 96K=C2=A0 /jailed
# a= ppjail cmd jexec jtest mount -t zfs
zroot/appjail/jails/jtest/jail on / = (zfs, local, noatime, nfsv4acls)
zroot/jailed on /jailed (zfs, local, no= atime, nfsv4acls)
# appjail cmd jexec jtest ls /jailed
index.txt
#= appjail cmd jexec jtest cat /jailed/index.txt
Hi!
```

And I c= an use `zfs-rollback(8)` just fine:

```
# appjail cmd jexec jtest= zfs snapshot zroot/jailed@guard
# appjail cmd jexec jtest zfs list -t s= napshot zroot/jailed
NAME=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 USED=C2=A0 AVAIL=C2=A0= =C2=A0=C2=A0=C2=A0 REFER=C2=A0 MOUNTPOINT
zroot/jailed@guard=C2=A0=C2=A0= =C2=A0=C2=A0 0B=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 -=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 96K=C2=A0 -
# appjail cmd jexec jtest dd if=3D/dev/random of= =3D/jailed/index.txt bs=3D16 count=3D1
1+0 records in
1+0 records out=
16 bytes transferred in 0.000102 secs (157318 bytes/sec)
# appjail c= md jexec jtest hd /jailed/index.txt
00000000=C2=A0 a1 26 2a 9c f5 96 7b = 81=C2=A0 90 8d ba 36 d6 f9 4d 93=C2=A0 |.&*...{....6..M.|
00000010# appjail cmd jexec jtest zfs list -t snapshot zroot/jailed
NAME=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0 USED=C2=A0 AVAIL=C2=A0=C2=A0=C2=A0=C2=A0 REFER=C2=A0 MOUNTP= OINT
zroot/jailed@guard=C2=A0=C2=A0=C2=A0 56K=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 96K=C2=A0 -
# appjail cmd jexe= c jtest zfs rollback zroot/jailed@guard
# appjail cmd jexec jtest hd /ja= iled/index.txt
00000000=C2=A0 48 69 21 0a=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |Hi!.|
00000004
```<= br>
I hope this can help you.


= ~ DtxdF


El 6 de n= oviembre de 2023 6:07:06 p. m. UTC, Chris Watson <bsdunix44@gmail.com> escribi=C3= =B3:
I've been trying to get a zfs dataset delegated into a= jail (to run PG on), and allow snapshots and rollback to take place inside= the jail. I can get the dataset mounted into the jail, I can get zfs to ta= ke the snapshot, list the snapshot, but when I rollback or try to ls -la th= e directory to see the '.zfs' dir it isn't there and the zfs ro= llback completes but it doesn't actually rollback. I'm so close to = getting this to work! I'm just missing *something* in the sauce. When I= do the zfs rollback zfs looks like it completes the rollback and goes back= to a shell prompt but the files I remove before the rollback are not in th= e /var/db/postgres/data16 directory nor is ".zfs" shown in ls -la= . So something is wonky on my end. I'm so close, it's halfway there= , it looks like it takes a snapshot, the snapshot shows up in a zfs list -t= snapshot, but it's also not really there. I'm doing something just= slightly wrong here. I just cant figure out what I have wrong.

Below are the configs:
# The jail's config
= https://bsd.to/P176
# zfs list from inside the jail
# zfs list = -t snapshot from inside the jail
# ls -la /var/db/po= stgres/data16 output from inside the jail
# rc.conf = of the jail

The jail is running 13.2-= P4.
Using bastillebsd 0.10.20231013 for creation/management.

Thanks!
Chris
--000000000000958012060987cfc3--