Date: Thu, 1 Dec 2022 17:14:53 -0800 From: Rick Macklem <rick.macklem@gmail.com> To: Alexander Leidinger <Alexander@leidinger.net> Cc: Alan Somers <asomers@freebsd.org>, Peter Eriksson <pen@lysator.liu.se>, FreeBSD CURRENT <freebsd-current@freebsd.org>, "Bjoern A. Zeeb" <bz@freebsd.org> Subject: Re: RFC: nfsd in a vnet jail Message-ID: <CAM5tNy5-6Z484cGvZeKMRVr-KoGkFbymq9U9Z-_Rui5KOVvv7Q@mail.gmail.com> In-Reply-To: <20221201102925.Horde.uAC-87YyIRDDnqJTmvsFwNm@webmail.leidinger.net> References: <CAM5tNy7CQaBTRWG0m0aN6T0xG2L2zSQJGa%2BatGaH%2BmW%2BwEpdyQ@mail.gmail.com> <CAOtMX2hxeeNMxxdpma8NJ7ms60eRfuCWoFi7FixdSe83=qibkA@mail.gmail.com> <82103A1E-9D39-47B0-9520-205583C8B680@lysator.liu.se> <CAM5tNy71UAOkCQb9upc_OxhM-y5rp9jMKbKTJr619JFCGsfRkg@mail.gmail.com> <CAOtMX2jtCJgUpwbW7QUxDRYhXVXAyj8LqPYcuT=F-Dz4kS4J-Q@mail.gmail.com> <20221201102925.Horde.uAC-87YyIRDDnqJTmvsFwNm@webmail.leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000041358305eece11a9 Content-Type: text/plain; charset="UTF-8" On Thu, Dec 1, 2022 at 1:29 AM Alexander Leidinger <Alexander@leidinger.net> wrote: > > Quoting Alan Somers <asomers@freebsd.org> (from Tue, 29 Nov 2022 > 17:28:10 -0700): > > > On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem <rick.macklem@gmail.com> > wrote: > > >> So, what do others think of enforcing the requirement that each jail > >> have its own file systems for this? > > > > I think that's a totally reasonable requirement. Especially so for > > ZFS users, who already create a filesystem per jail for other reasons. > > While I agree that it is a reasonable requirement, just a note that we > can not assume that every existing jail resides on its own file > system. The base system jail infrastructure doesn't check this, and > the ezjail port doesn't either. The iocage port does it. > > Is there a way to detect this inside a jail and error out in nfsd/mountd? I think the check (...->pr_root->v_vflag & VV_ROOT) is sufficient. At least it is working for current testing. rick > > Bye, > Alexander. > > -- > http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF > http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF > --00000000000041358305eece11a9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon= t-family:monospace"><br></div></div><br><div class=3D"gmail_quote"><div dir= =3D"ltr" class=3D"gmail_attr">On Thu, Dec 1, 2022 at 1:29 AM Alexander Leid= inger <<a href=3D"mailto:Alexander@leidinger.net">Alexander@leidinger.ne= t</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin= :0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"= ><br> Quoting Alan Somers <<a href=3D"mailto:asomers@freebsd.org" target=3D"_b= lank">asomers@freebsd.org</a>> (from Tue, 29 Nov 2022=C2=A0 <br> 17:28:10 -0700):<br> <br> > On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem <<a href=3D"mailto:ric= k.macklem@gmail.com" target=3D"_blank">rick.macklem@gmail.com</a>> wrote= :<br> <br> >> So, what do others think of enforcing the requirement that each ja= il<br> >> have its own file systems for this?<br> ><br> > I think that's a totally reasonable requirement.=C2=A0 Especially = so for<br> > ZFS users, who already create a filesystem per jail for other reasons.= <br> <br> While I agree that it is a reasonable requirement, just a note that we=C2= =A0 <br> can not assume that every existing jail resides on its own file=C2=A0 <br> system. The base system jail infrastructure doesn't check this, and=C2= =A0 <br> the ezjail port doesn't either. The iocage port does it.<br> <br> Is there a way to detect this inside a jail and error out in nfsd/mountd?</= blockquote><div><span class=3D"gmail_default" style=3D"font-family:monospac= e">I think the check (...->pr_root->v_vflag & VV_ROOT) is suffici= ent.</span></div><div><span class=3D"gmail_default" style=3D"font-family:mo= nospace">At least it is working for current testing.</span></div><div><span= class=3D"gmail_default" style=3D"font-family:monospace"><br></span></div><= div><span class=3D"gmail_default" style=3D"font-family:monospace">rick</spa= n><span class=3D"gmail_default" style=3D"font-family:monospace"></span>=C2= =A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8e= x;border-left:1px solid rgb(204,204,204);padding-left:1ex">=C2=A0<br></bloc= kquote><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;= border-left:1px solid rgb(204,204,204);padding-left:1ex"> Bye,<br> Alexander.<br> <br> -- <br> <a href=3D"http://www.Leidinger.net" rel=3D"noreferrer" target=3D"_blank">h= ttp://www.Leidinger.net</a> Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF= <br> <a href=3D"http://www.FreeBSD.org" rel=3D"noreferrer" target=3D"_blank">htt= p://www.FreeBSD.org</a>=C2=A0 =C2=A0 netchild@FreeBSD.org=C2=A0 : PGP 0x8F3= 1830F9F2772BF<br> </blockquote></div></div> --00000000000041358305eece11a9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy5-6Z484cGvZeKMRVr-KoGkFbymq9U9Z-_Rui5KOVvv7Q>