Date: Thu, 1 Dec 2022 17:14:53 -0800 From: Rick Macklem <rick.macklem@gmail.com> To: Alexander Leidinger <Alexander@leidinger.net> Cc: Alan Somers <asomers@freebsd.org>, Peter Eriksson <pen@lysator.liu.se>, FreeBSD CURRENT <freebsd-current@freebsd.org>, "Bjoern A. Zeeb" <bz@freebsd.org> Subject: Re: RFC: nfsd in a vnet jail Message-ID: <CAM5tNy5-6Z484cGvZeKMRVr-KoGkFbymq9U9Z-_Rui5KOVvv7Q@mail.gmail.com> In-Reply-To: <20221201102925.Horde.uAC-87YyIRDDnqJTmvsFwNm@webmail.leidinger.net> References: <CAM5tNy7CQaBTRWG0m0aN6T0xG2L2zSQJGa%2BatGaH%2BmW%2BwEpdyQ@mail.gmail.com> <CAOtMX2hxeeNMxxdpma8NJ7ms60eRfuCWoFi7FixdSe83=qibkA@mail.gmail.com> <82103A1E-9D39-47B0-9520-205583C8B680@lysator.liu.se> <CAM5tNy71UAOkCQb9upc_OxhM-y5rp9jMKbKTJr619JFCGsfRkg@mail.gmail.com> <CAOtMX2jtCJgUpwbW7QUxDRYhXVXAyj8LqPYcuT=F-Dz4kS4J-Q@mail.gmail.com> <20221201102925.Horde.uAC-87YyIRDDnqJTmvsFwNm@webmail.leidinger.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Thu, Dec 1, 2022 at 1:29 AM Alexander Leidinger <Alexander@leidinger.net> wrote: > > Quoting Alan Somers <asomers@freebsd.org> (from Tue, 29 Nov 2022 > 17:28:10 -0700): > > > On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem <rick.macklem@gmail.com> > wrote: > > >> So, what do others think of enforcing the requirement that each jail > >> have its own file systems for this? > > > > I think that's a totally reasonable requirement. Especially so for > > ZFS users, who already create a filesystem per jail for other reasons. > > While I agree that it is a reasonable requirement, just a note that we > can not assume that every existing jail resides on its own file > system. The base system jail infrastructure doesn't check this, and > the ezjail port doesn't either. The iocage port does it. > > Is there a way to detect this inside a jail and error out in nfsd/mountd? I think the check (...->pr_root->v_vflag & VV_ROOT) is sufficient. At least it is working for current testing. rick > > Bye, > Alexander. > > -- > http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF > http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF > [-- Attachment #2 --] <div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:monospace"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Dec 1, 2022 at 1:29 AM Alexander Leidinger <<a href="mailto:Alexander@leidinger.net">Alexander@leidinger.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br> Quoting Alan Somers <<a href="mailto:asomers@freebsd.org" target="_blank">asomers@freebsd.org</a>> (from Tue, 29 Nov 2022 <br> 17:28:10 -0700):<br> <br> > On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem <<a href="mailto:rick.macklem@gmail.com" target="_blank">rick.macklem@gmail.com</a>> wrote:<br> <br> >> So, what do others think of enforcing the requirement that each jail<br> >> have its own file systems for this?<br> ><br> > I think that's a totally reasonable requirement. Especially so for<br> > ZFS users, who already create a filesystem per jail for other reasons.<br> <br> While I agree that it is a reasonable requirement, just a note that we <br> can not assume that every existing jail resides on its own file <br> system. The base system jail infrastructure doesn't check this, and <br> the ezjail port doesn't either. The iocage port does it.<br> <br> Is there a way to detect this inside a jail and error out in nfsd/mountd?</blockquote><div><span class="gmail_default" style="font-family:monospace">I think the check (...->pr_root->v_vflag & VV_ROOT) is sufficient.</span></div><div><span class="gmail_default" style="font-family:monospace">At least it is working for current testing.</span></div><div><span class="gmail_default" style="font-family:monospace"><br></span></div><div><span class="gmail_default" style="font-family:monospace">rick</span><span class="gmail_default" style="font-family:monospace"></span> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <br></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> Bye,<br> Alexander.<br> <br> -- <br> <a href="http://www.Leidinger.net" rel="noreferrer" target="_blank">http://www.Leidinger.net</a>; Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF<br> <a href="http://www.FreeBSD.org" rel="noreferrer" target="_blank">http://www.FreeBSD.org</a>  netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF<br> </blockquote></div></div>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy5-6Z484cGvZeKMRVr-KoGkFbymq9U9Z-_Rui5KOVvv7Q>