Date: Thu, 1 Dec 2022 09:20:12 -0700 From: Warner Losh <imp@bsdimp.com> To: Alexander Leidinger <Alexander@leidinger.net> Cc: Alan Somers <asomers@freebsd.org>, Rick Macklem <rick.macklem@gmail.com>, Peter Eriksson <pen@lysator.liu.se>, FreeBSD CURRENT <freebsd-current@freebsd.org>, "Bjoern A. Zeeb" <bz@freebsd.org> Subject: Re: RFC: nfsd in a vnet jail Message-ID: <CANCZdfrTMZwgDKR53xfUyPg7CiA=OA4xS6%2Bv_BA3st_3xM6g_Q@mail.gmail.com> In-Reply-To: <20221201102925.Horde.uAC-87YyIRDDnqJTmvsFwNm@webmail.leidinger.net> References: <CAM5tNy7CQaBTRWG0m0aN6T0xG2L2zSQJGa%2BatGaH%2BmW%2BwEpdyQ@mail.gmail.com> <CAOtMX2hxeeNMxxdpma8NJ7ms60eRfuCWoFi7FixdSe83=qibkA@mail.gmail.com> <82103A1E-9D39-47B0-9520-205583C8B680@lysator.liu.se> <CAM5tNy71UAOkCQb9upc_OxhM-y5rp9jMKbKTJr619JFCGsfRkg@mail.gmail.com> <CAOtMX2jtCJgUpwbW7QUxDRYhXVXAyj8LqPYcuT=F-Dz4kS4J-Q@mail.gmail.com> <20221201102925.Horde.uAC-87YyIRDDnqJTmvsFwNm@webmail.leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000262f3805eec69916 Content-Type: text/plain; charset="UTF-8" On Thu, Dec 1, 2022 at 2:30 AM Alexander Leidinger <Alexander@leidinger.net> wrote: > > Quoting Alan Somers <asomers@freebsd.org> (from Tue, 29 Nov 2022 > 17:28:10 -0700): > > > On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem <rick.macklem@gmail.com> > wrote: > > >> So, what do others think of enforcing the requirement that each jail > >> have its own file systems for this? > > > > I think that's a totally reasonable requirement. Especially so for > > ZFS users, who already create a filesystem per jail for other reasons. > > While I agree that it is a reasonable requirement, just a note that we > can not assume that every existing jail resides on its own file > system. The base system jail infrastructure doesn't check this, and > the ezjail port doesn't either. The iocage port does it. > I have several jails that all live on the same zfs data set that I setup ages ago before I understood the full benefits of ZFS... but I could migrate in a pinch. But they aren't in their own vnet, so maybe that doesn't apply. > Is there a way to detect this inside a jail and error out in nfsd/mountd? > Whatever we do, there will be people bitten by it, so we need to make the messaging around it good (the error messages from the system, as well as the documentation). Warner --000000000000262f3805eec69916 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Thu, Dec 1, 2022 at 2:30 AM Alexan= der Leidinger <<a href=3D"mailto:Alexander@leidinger.net">Alexander@leid= inger.net</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style= =3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding= -left:1ex"><br> Quoting Alan Somers <<a href=3D"mailto:asomers@freebsd.org" target=3D"_b= lank">asomers@freebsd.org</a>> (from Tue, 29 Nov 2022=C2=A0 <br> 17:28:10 -0700):<br> <br> > On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem <<a href=3D"mailto:ric= k.macklem@gmail.com" target=3D"_blank">rick.macklem@gmail.com</a>> wrote= :<br> <br> >> So, what do others think of enforcing the requirement that each ja= il<br> >> have its own file systems for this?<br> ><br> > I think that's a totally reasonable requirement.=C2=A0 Especially = so for<br> > ZFS users, who already create a filesystem per jail for other reasons.= <br> <br> While I agree that it is a reasonable requirement, just a note that we=C2= =A0 <br> can not assume that every existing jail resides on its own file=C2=A0 <br> system. The base system jail infrastructure doesn't check this, and=C2= =A0 <br> the ezjail port doesn't either. The iocage port does it.<br></blockquot= e><div><br></div><div>I have several jails that all live on the same zfs da= ta set that I setup ages ago before</div><div>I understood the full benefit= s of ZFS... but I could migrate in a pinch. But they aren't in</div><di= v>their own vnet, so maybe that doesn't apply.</div><div>=C2=A0</div><b= lockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-le= ft:1px solid rgb(204,204,204);padding-left:1ex"> Is there a way to detect this inside a jail and error out in nfsd/mountd?<b= r></blockquote><div><br></div><div>Whatever we do, there will be people bit= ten by it, so we need to make the messaging around</div><div>it good (the e= rror messages from the system, as well as the documentation).</div><div><br= ></div><div>Warner=C2=A0</div></div></div> --000000000000262f3805eec69916--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfrTMZwgDKR53xfUyPg7CiA=OA4xS6%2Bv_BA3st_3xM6g_Q>