From owner-freebsd-virtualization@freebsd.org  Fri Apr 27 16:43:43 2018
Return-Path: <owner-freebsd-virtualization@freebsd.org>
Delivered-To: freebsd-virtualization@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 835CFFACCE0
 for <freebsd-virtualization@mailman.ysv.freebsd.org>;
 Fri, 27 Apr 2018 16:43:43 +0000 (UTC)
 (envelope-from list+org.freebsd.virtualization@io7m.com)
Received: from mail.io7m.com (mail.io7m.com [IPv6:2001:19f0:5:752:f000::])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.io7m.com", Issuer "arc7 CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1E3D78327B
 for <freebsd-virtualization@freebsd.org>; Fri, 27 Apr 2018 16:43:43 +0000 (UTC)
 (envelope-from list+org.freebsd.virtualization@io7m.com)
Received: from almond.int.arc7.info (unknown [IPv6:2a02:390:7502:2:0:2:4:0])
 by mail.io7m.com (Postfix) with ESMTPSA id 3248B3E46
 for <freebsd-virtualization@freebsd.org>; Fri, 27 Apr 2018 16:43:42 +0000 (UTC)
Date: Fri, 27 Apr 2018 17:43:41 +0100
From: Mark Raynsford <list+org.freebsd.virtualization@io7m.com>
To: freebsd-virtualization@freebsd.org
Subject: Read-only view of a ZFS filesystem inside a bhyve guest?
Message-ID: <20180427174341.03373bc8@almond.int.arc7.info>
Organization: io7m.com
OpenPGP: id=B84E17747616C6174C68D5E55C1A7B712812CC05;
 url=http://io7m.com/pgp/B84E_1774_7616_C617_4C68_D5E5_5C1A_7B71_2812_CC05.key
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 boundary="Sig_/so_TmJYKX8rR4Cl84I3fwjK"; protocol="application/pgp-signature"
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
 <freebsd-virtualization.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization/>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Apr 2018 16:43:43 -0000

--Sig_/so_TmJYKX8rR4Cl84I3fwjK
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

Hello.

I'm looking to do what the subject says: I have an existing ZFS
filesystem (/storage/xyz) and I'd like to provide a read-only view of
the filesystem to a set of bhyve guests. The guests in this case could
be solely FreeBSD guests, but if there's a pleasant way to allow for
OpenBSD or Linux guests, I'd like that.

I'm essentially looking to move some jail-based infrastructure to bhyve
guests. With the jails, I have a ZFS filesystem on the host that's
mounted read-only inside some of the jails using nullfs. I'm not sure
if there's something analogous for bhyve guests.

I've looked at NFS, but this seems like overkill and possibly hard to
secure. Same applies to Samba. sshfs might be an option, but I'd really
prefer to have as few daemons listening on the host machine as possible
for security reasons.

--=20
Mark Raynsford | http://www.io7m.com


--Sig_/so_TmJYKX8rR4Cl84I3fwjK
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQS4Thd0dhbGF0xo1eVcGntxKBLMBQUCWuNTPQAKCRBcGntxKBLM
BZ1EAQDnum/5Xn00yG0a9usy04cr7wsajDQEVmrzUZicp1KcbQEA+A6b67B4FBdR
wetLzwoqp1N11Adr9A/blIaCHqOePQQ=
=rZZT
-----END PGP SIGNATURE-----

--Sig_/so_TmJYKX8rR4Cl84I3fwjK--