From owner-freebsd-jail@FreeBSD.ORG Tue Sep 4 05:50:08 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2307106566C for ; Tue, 4 Sep 2012 05:50:08 +0000 (UTC) (envelope-from bryan@shatow.net) Received: from secure.xzibition.com (secure.xzibition.com [173.160.118.92]) by mx1.freebsd.org (Postfix) with ESMTP id 5A2EA8FC1D for ; Tue, 4 Sep 2012 05:50:07 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=shatow.net; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sweb; b=P770vC pBw1nRY1YCGWoL+5WT+jpEpl0uhQVBtF45llcWKC+oaETq6gYjYapn+uPdvcM61U WblAi5bDROrLNiAz7uHbE99y0FSv2k6FR3HtKyhol3qBMyN8zrlcsgZRB0W+h/js AveqKvlid6mhaFdcILnRxIx9eBY3q38gNaV+I= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=shatow.net; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sweb; bh=aYHMt7ZDc/IN 05YpEQQnicCItphXeP8INQhasygDVtI=; b=WA6KuneWRAxlsYtSTyjfbchsoJMN uMll1Sli4IqZHnHLRdljA2gRLtAfq69KobriY6iCKWd5e+qGKWFpTlZRUjK7p2HT w2gw/CtLBQqygR0ZukAc07vOTb/5wrIT/P7gIybMy8MoVrCQmf41jZvGMBOm1HPN 1gf0fB/pz3Us5EM= Received: (qmail 85675 invoked from network); 4 Sep 2012 00:50:05 -0500 Received: from unknown (HELO ?10.10.0.131?) (bryan@shatow.net@10.10.0.131) by sweb.xzibition.com with ESMTPA; 4 Sep 2012 00:50:05 -0500 Message-ID: <5045969A.3020201@shatow.net> Date: Tue, 04 Sep 2012 00:50:18 -0500 From: Bryan Drewery User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120824 Thunderbird/15.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <504594DF.4000105@shatow.net> <504595C6.9060807@shatow.net> In-Reply-To: <504595C6.9060807@shatow.net> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: 9.1-PRERELEASE - allow.mount - allow.mount.zfs - do not get passed to child X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Sep 2012 05:50:08 -0000 On 9/4/2012 12:46 AM, Bryan Drewery wrote: > On 9/4/2012 12:42 AM, Bryan Drewery wrote: >> I am unable to get these to pass into jails via /etc/rc.d/jail + ezjail. >> >> I set them in the host: >> >> security.jail.mount_allowed=1 >> security.jail.mount_zfs_allowed=1 >> >> What is the proper way to get these set? >> >> > > I used `jail -m` to set these, but they don't seem to work: > > In host: > > # jail -m jid=3 allow.mount allow.mount.zfs > # sysctl vfs.usermount=1 > > In jail: > > # sysctl -a|grep mount > vfs.usermount: 1 > ... > security.jail.mount_zfs_allowed: 1 > security.jail.mount_allowed: 1 > > # zfs mount -a > cannot mount 'backup': Insufficient privileges > > This dataset is properly jailed=on and 'zfs jail' ran on it as well. Sorry for the noise.. # jail -m jid=3 enforce_statfs=1 Now it works. Yes, I read the jail(8) and zfs(8) manpages. My biggest problem was the params not being passed in at startup. Bryan