From owner-freebsd-jail@freebsd.org Fri Dec 9 13:36:10 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 59A16C6E5B2 for ; Fri, 9 Dec 2016 13:36:10 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1C5FD3F9 for ; Fri, 9 Dec 2016 13:36:09 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 57B0328416; Fri, 9 Dec 2016 14:36:06 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 7B46B28412; Fri, 9 Dec 2016 14:36:05 +0100 (CET) Subject: Re: ZFS and Jail :: nullfs mount :: nothing visible from host To: SK , freebsd-jail References: <584986D0.3040109@quip.cz> <2b6346f8-ed02-0e6d-bd89-106098e7eb2d@cps-intl.org> <58499446.3050403@quip.cz> <5849C5BF.7020005@quip.cz> <584A9179.9060508@quip.cz> <584A9D89.4040003@quip.cz> <3851c5d9-7646-b670-357e-ae937fcc7e8f@cps-intl.org> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <584AB345.4080307@quip.cz> Date: Fri, 9 Dec 2016 14:36:05 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39 MIME-Version: 1.0 In-Reply-To: <3851c5d9-7646-b670-357e-ae937fcc7e8f@cps-intl.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2016 13:36:10 -0000 SK wrote on 2016/12/09 13:21: > I will try enforce_statfs=2, maybe that will give me what I need. But > still, not sure what is happening with jailed=on > >>>> >>>> zfs set jailed=on gT/JailS/testJail << Did you set this property? >>> Now this is an interesting bit. I tried this, and as soon as I ran the >>> command, the dataset vanished :P >> Interesting. All documentation says jailed=on must be set. >> > Yes, I know. I checked everywhere and that seems to be the norm. But the > moment I do it, my jail no longer functions :P My last idea - put zfs_enable="YES" in jails /etc/rc.conf. Maybe the dataset is not mounted if has property jailed=on (I don't know I didn't test it yet) > Still, my desire for keeping it simple and raw is preventing me from > taking any of these routes. I would very much like NOT to run any > additional package on the host/base itself. I already have screen, mc > and wget -- that is an overkill in my own personal opinion. I understand it. I am running jails on many machines for years without any 3rd party tools :) But you can try iocage, cbsd or ezjail just to test if it is possible to do what you want. Then you can check sysctls in host, in jail, check jail's properties (`jls -s`), `zfs get all` and then you can try it reproduce without 3rd party tools. Ping me next week, I hope I will have more spare time to test it. Miroslav Lachman