From owner-freebsd-virtualization@freebsd.org Fri Apr 27 17:22:43 2018 Return-Path: Delivered-To: freebsd-virtualization@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D5C5FFAD967 for ; Fri, 27 Apr 2018 17:22:42 +0000 (UTC) (envelope-from eborisch@alumni.stanford.edu) Received: from mail-lf0-x244.google.com (mail-lf0-x244.google.com [IPv6:2a00:1450:4010:c07::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 45C266BFC3 for ; Fri, 27 Apr 2018 17:22:41 +0000 (UTC) (envelope-from eborisch@alumni.stanford.edu) Received: by mail-lf0-x244.google.com with SMTP id j16-v6so3737108lfb.7 for ; Fri, 27 Apr 2018 10:22:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=1a6oBPyXRVOQ1HqB5hhOECIfR34FL98m6y2DxsBKJ6k=; b=fApa/VzeS5D1w0lg064Ihxnn0dIT88LuBMiNSoW2w7PaU7AbbFMXii2BS3s9csfilA HDXqtnREGFpfPz4ByGMDmMD4BsGf4sEZ/A754EL7uGrIDXjxWBtcWK6AGMhuWcox6SLH lYVTPVJmac/gy5bzYiapq3oXqQQXBa0sKz4SKy7BQd3NanfhIbWBDHSLqKLbRkkgUb1p 76MQ/PA7xFY97IjbcNleUcQcsk0odfPfQWPEfNKNMK23abCoTYyVmXtLB+R+Y53TyhU7 YVn0PHYkEWbwcVU6EZIz1JwbpJpg3E0DFcWk8Xok/PdpBy6fHa1eVh9tdyrx1kFCSzFp xqsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=1a6oBPyXRVOQ1HqB5hhOECIfR34FL98m6y2DxsBKJ6k=; b=b+lZmcUwDZKc1gsgWLJ+SVw3fib73tqFw6oDRUz9zTsWCkj5mkMMRdbC/VdPdy4RHg XejrcXQ1lrrEcn8RXmIL2MCLHfvKsxPQSQlEpkJNe/cTtj/yO6EwM9d5dHC9w73oHpLK bHtj7AGVd9KnkMHNcHDW1ZZCFHUtUWaGwQ6Htu12VwYA8jCDFf1V8UTekGZHAHNg3+0O OQnE46ECkc8DzWxtKOtJZhPKUOjM56tyq+e9Wqhb+nau+n+CmWYy/0N2zr8xz5d38rwg u0rFiDmqIg7OlbU0Aq4vhPCMd7MkjXRPXnBMUFl+2w0YpGMmkkQ2WRUyniGtLjuHPgik zodg== X-Gm-Message-State: ALQs6tDCPfsupnAptOwDAYk2KjfUrwOE+BG4Evlvyv52bQ3HfLDTQ7HD L/NxtyJlm2myRECCrVfTvhNnjiKTiw04rZ22eOWCEg== X-Google-Smtp-Source: AB8JxZqBB3Dzl1q3ZjfXLnNZQoiMPMHgqM5y59Ha4oskEdYvNIVLcxduTg8/BlPGsgFGuhWxfngEmZEivv5AY14WS6U= X-Received: by 2002:a19:7906:: with SMTP id u6-v6mr1972671lfc.34.1524849760527; Fri, 27 Apr 2018 10:22:40 -0700 (PDT) MIME-Version: 1.0 Sender: eborisch@alumni.stanford.edu Received: by 10.46.132.204 with HTTP; Fri, 27 Apr 2018 10:22:39 -0700 (PDT) In-Reply-To: <20180427174341.03373bc8@almond.int.arc7.info> References: <20180427174341.03373bc8@almond.int.arc7.info> From: Eric Borisch Date: Fri, 27 Apr 2018 12:22:39 -0500 X-Google-Sender-Auth: vosLQlLD5oGM-Y4q3uQrQatMj6I Message-ID: Subject: Re: Read-only view of a ZFS filesystem inside a bhyve guest? To: Mark Raynsford Cc: freebsd-virtualization@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2018 17:22:43 -0000 I use NFS for (*nix) guests, and SMB for Windows guests; both work well, and can be restricted to specific IPs / ranges to help minimize security concerns. On Fri, Apr 27, 2018 at 11:43 AM, Mark Raynsford via freebsd-virtualization wrote: > Hello. > > I'm looking to do what the subject says: I have an existing ZFS > filesystem (/storage/xyz) and I'd like to provide a read-only view of > the filesystem to a set of bhyve guests. The guests in this case could > be solely FreeBSD guests, but if there's a pleasant way to allow for > OpenBSD or Linux guests, I'd like that. > > I'm essentially looking to move some jail-based infrastructure to bhyve > guests. With the jails, I have a ZFS filesystem on the host that's > mounted read-only inside some of the jails using nullfs. I'm not sure > if there's something analogous for bhyve guests. > > I've looked at NFS, but this seems like overkill and possibly hard to > secure. Same applies to Samba. sshfs might be an option, but I'd really > prefer to have as few daemons listening on the host machine as possible > for security reasons. > > -- > Mark Raynsford | http://www.io7m.com > >