Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 04 Sep 2012 00:50:18 -0500
From:      Bryan Drewery <bryan@shatow.net>
To:        freebsd-jail@freebsd.org
Subject:   Re: 9.1-PRERELEASE - allow.mount - allow.mount.zfs - do not get passed to child
Message-ID:  <5045969A.3020201@shatow.net>
In-Reply-To: <504595C6.9060807@shatow.net>
References:  <504594DF.4000105@shatow.net> <504595C6.9060807@shatow.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On 9/4/2012 12:46 AM, Bryan Drewery wrote:
> On 9/4/2012 12:42 AM, Bryan Drewery wrote:
>> I am unable to get these to pass into jails via /etc/rc.d/jail + ezjail.
>>
>> I set them in the host:
>>
>> security.jail.mount_allowed=1
>> security.jail.mount_zfs_allowed=1
>>
>> What is the proper way to get these set?
>>
>>
> 
> I used `jail -m` to set these, but they don't seem to work:
> 
> In host:
> 
> # jail -m jid=3 allow.mount allow.mount.zfs
> # sysctl vfs.usermount=1
> 
> In jail:
> 
> # sysctl -a|grep mount
> vfs.usermount: 1
> ...
> security.jail.mount_zfs_allowed: 1
> security.jail.mount_allowed: 1
> 
> # zfs mount -a
> cannot mount 'backup': Insufficient privileges
> 
> This dataset is properly jailed=on and 'zfs jail' ran on it as well.

Sorry for the noise..

# jail -m jid=3 enforce_statfs=1

Now it works.

Yes, I read the jail(8) and zfs(8) manpages. My biggest problem was the
params not being passed in at startup.

Bryan




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5045969A.3020201>