From owner-freebsd-jail@freebsd.org Mon Dec 12 17:14:05 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F0E2FC73F90 for ; Mon, 12 Dec 2016 17:14:05 +0000 (UTC) (envelope-from fbstable@cps-intl.org) Received: from berkeley.cps-intl.org (websense.cps-intl.org [81.137.176.89]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ADB4E759 for ; Mon, 12 Dec 2016 17:14:05 +0000 (UTC) (envelope-from fbstable@cps-intl.org) Received: from [172.16.0.79] (helo=bdLL65j) by berkeley.cps-intl.org with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1cGUAm-000CFS-E3; Mon, 12 Dec 2016 17:13:56 +0000 To: Miroslav Lachman <000.fbsd@quip.cz>, freebsd-jail , Alexander Leidinger References: <584986D0.3040109@quip.cz> <2b6346f8-ed02-0e6d-bd89-106098e7eb2d@cps-intl.org> <58499446.3050403@quip.cz> <5849C5BF.7020005@quip.cz> <584A9179.9060508@quip.cz> <584A9D89.4040003@quip.cz> <3851c5d9-7646-b670-357e-ae937fcc7e8f@cps-intl.org> <584AB345.4080307@quip.cz> From: SK Message-ID: <33473585-3cb9-10d3-acf9-0a917c5a0079@cps-intl.org> Date: Mon, 12 Dec 2016 17:13:27 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 MIME-Version: 1.0 In-Reply-To: <584AB345.4080307@quip.cz> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 172.16.0.79 X-SA-Exim-Mail-From: fbstable@cps-intl.org X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on berkeley.lan.cps-intl.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=10.0 tests=ALL_TRUSTED autolearn=ham autolearn_force=no version=3.4.0 Subject: Re: ZFS and Jail :: nullfs mount :: nothing visible from host :: solved [partial] X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on berkeley.cps-intl.org) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Dec 2016 17:14:06 -0000 On 09/12/2016 13:36, Miroslav Lachman wrote: > > My last idea - put zfs_enable="YES" in jails /etc/rc.conf. > > Maybe the dataset is not mounted if has property jailed=on (I don't > know I didn't test it yet) Good evening Miroslav, good evening Alexander Thank you both for your support in this matter. I have completed (I think) my tests with the test box and have concluded as following a) Miroslav, you were correct, I could only see from the root of the dataset to the dataset itself, all other dataset that are not part of this branch is invisible from within the jail. This serves my purpose, so I am content (to some extent). The explanation about enforce_statfs was really helpful -- I think that was one thing I was missing (cannot confirm, but I believe that is what the error was on my part) b) Alexander, I am still not able to do snapshot or any other action from within my jail. My understanding is that you are using ezjail, which might be doing something that my regular jail creation is ommitting. If you do not mind sharing your configuration steps, I can try to reproduce it at this end. If it is exactly as it is on the site you pointed to earlier, please let me know, I will follow that verbatim (even though I do not remember seeing anything there that I have not tried already, but I might be mistaken). And now to everyone, I am still confused about zfs set jailed=on. As I mentioned on my previous emails, as soon as I do that, the dataset vanishes from the host system (as I understand, that is expected behaviour). Then the jail fails as it is unable to mount /dev, /proc and so on. I have to change jail.conf and comment out mount.devfs and mount.procfs -- but than in turn makes /dev/zfs unavaulable and I cannot do anything from inside the jail. I do not need it now, given that I am happy with the current situaion, but am curious to know how that zfs parameter works and how I can make it work, hence "solved" is "partial" in the subject line. Thanks to you both for your continuous support and suggestions, it is very much apprecaited. Best regards SK