From owner-freebsd-bugs@FreeBSD.ORG Fri Aug 20 14:30:06 2010 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB13A1065694 for ; Fri, 20 Aug 2010 14:30:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B03558FC16 for ; Fri, 20 Aug 2010 14:30:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o7KEU6E6046667 for ; Fri, 20 Aug 2010 14:30:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o7KEU6AX046664; Fri, 20 Aug 2010 14:30:06 GMT (envelope-from gnats) Date: Fri, 20 Aug 2010 14:30:06 GMT Message-Id: <201008201430.o7KEU6AX046664@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Kenneth Vestergaard Cc: Subject: Re: misc/149831: [PATCH] add support to /etc/rc.d/jail for delegating ZFS-filesystems to jails X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Kenneth Vestergaard List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Aug 2010 14:30:07 -0000 The following reply was made to PR misc/149831; it has been noted by GNATS. From: Kenneth Vestergaard To: bug-followup@FreeBSD.org, kvs@binarysolutions.dk Cc: Subject: Re: misc/149831: [PATCH] add support to /etc/rc.d/jail for delegating ZFS-filesystems to jails Date: Fri, 20 Aug 2010 16:03:16 +0200 --Apple-Mail-4--936881281 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Improved patch - it is necessary to get a stable jail-id before launching the jail, since the delegated filesystems need to be delegated before launching /etc/rc. --Apple-Mail-4--936881281 Content-Disposition: attachment; filename=zfs-fix-delegated-paths-in-jail.diff.txt Content-Type: text/plain; name="zfs-fix-delegated-paths-in-jail.diff.txt" Content-Transfer-Encoding: 7bit --- src/etc/rc.d/jail.orig 2010-08-19 12:39:01.000000000 +0200 +++ src/etc/rc.d/jail 2010-08-20 15:57:07.508674101 +0200 @@ -41,6 +41,7 @@ eval _ip=\"\$jail_${_j}_ip\" eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" eval _exec=\"\$jail_${_j}_exec\" + eval _delegate_path=\"\$jail_${_j}_delegate_path\" i=0 while : ; do @@ -132,6 +133,7 @@ debug "$_j procdir: $_procdir" debug "$_j ruleset: $_ruleset" debug "$_j fstab: $_fstab" + debug "$_j delegate_path: $_delegate_path" i=0 while : ; do @@ -635,8 +637,23 @@ i=$((i + 1)) done - eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \ - \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 + # create jail with 'persist', so we can get a jid before starting it, + # which is needed if we need to delegate any zfs-filesystems to it. + jail -i -c name=${_jail} path=${_rootdir} persist > ${_tmp_jail} 2>&1 + _jail_id=$(head -1 ${_tmp_jail}) + echo started jail ${_jail} with id ${_jail_id} + + if [ ! -z "${_delegate_path}" ] ; then + jail -m jid=${_jail_id} allow.mount=1 + /sbin/zfs get -s local -rH -o name,value jailed ${_delegate_path} | \ + /usr/bin/awk '$2 == "on" { print $1 }' | \ + /usr/bin/xargs -I % /sbin/zfs jail ${_jail_id} % + fi + + eval ${_setfib} jail ${_flags} -m \ + jid=${_jail_id} \ + host.hostname=${_hostname} \ + ip4.addr=\"${_addrl}\" command=${_exec_start} 2>&1 if [ "$?" -eq 0 ] ; then _jail_id=$(head -1 ${_tmp_jail}) @@ -669,6 +686,7 @@ echo " cannot start jail \"${_jail}\": " tail +2 ${_tmp_jail} fi + jail -m jid=${_jail_id} nopersist # remove 'persist' set at create-time rm -f ${_tmp_jail} done rmdir ${_tmp_dir} --Apple-Mail-4--936881281--