From owner-freebsd-questions@freebsd.org Fri Feb 7 08:26:27 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0FE8B2467D1 for ; Fri, 7 Feb 2020 08:26:27 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from boulangerie.foucry.net (boulangerie.foucry.net [62.210.131.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48DT0d5M4Dz4GqX for ; Fri, 7 Feb 2020 08:26:25 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from tamanoir.foucry.net (localhost [127.0.0.1]) by boulangerie.foucry.net (Postfix) with ESMTP id E889972950; Fri, 7 Feb 2020 09:26:20 +0100 (CET) X-Virus-Scanned: amavisd-new at foucry.net Received: from boulangerie.foucry.net ([127.0.0.1]) by tamanoir.foucry.net (mail.foucry.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b3m0O3c7h_gb; Fri, 7 Feb 2020 09:26:20 +0100 (CET) Received: from mithril.localdomain (dontpanic.foucry.net [80.67.176.134]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by boulangerie.foucry.net (Postfix) with ESMTPSA id D79417294F; Fri, 7 Feb 2020 09:26:19 +0100 (CET) Received: from foucry.net (mithril.foucry.net [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mithril.localdomain (Postfix) with ESMTPS id 53246289B3; Fri, 7 Feb 2020 09:26:22 +0100 (CET) Date: Fri, 7 Feb 2020 09:26:21 +0100 From: Jacques Foucry To: David Christensen Cc: freebsd-questions@freebsd.org Subject: Re: jail and dedicated zfs dataset Message-ID: <20200207082621.GB38088@foucry.net> Mail-Followup-To: David Christensen , freebsd-questions@freebsd.org References: <20200204214404.GB36588@foucry.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 48DT0d5M4Dz4GqX X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=foucry.net (policy=none); spf=fail (mx1.freebsd.org: domain of jacques@foucry.net does not designate 62.210.131.96 as permitted sender) smtp.mailfrom=jacques@foucry.net X-Spamd-Result: default: False [-1.24 / 15.00]; ARC_NA(0.00)[]; R_SPF_FAIL(1.00)[-all]; RCVD_COUNT_FIVE(0.00)[5]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.993,0]; NEURAL_HAM_LONG(-0.98)[-0.984,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-0.26)[ip: (-1.35), ipnet: 62.210.0.0/16(-0.19), asn: 12876(0.22), country: FR(0.00)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:12876, ipnet:62.210.0.0/16, country:FR]; TAGGED_FROM(0.00)[freebsd]; MID_RHS_MATCH_FROM(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[foucry.net : No valid SPF, No valid DKIM,none] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Feb 2020 08:26:27 -0000 Le mardi 04 f=C3=A9vr. 2020 =C3=A0 22:56:54 (-0800), David Christensen =C3= =A0 =C3=A9crit: > On 2020-02-04 13:44, Jacques Foucry wrote: Hello David, Thanks for your answer. > I have a SOHO LAN with a FreeBSD server and jails for CVS and Samba. I > (mostly) followed along with Chapter 22 of Lucas AF3E [1]: Definitively I need to buy and read it. >=20 > 2020-02-04 22:30:15 toor@soho ~ > # freebsd-version > 12.1-RELEASE-p1 >=20 > 2020-02-04 22:30:23 toor@soho ~ > # uname -a > FreeBSD soho.tracy.holgerdanske.com 12.1-RELEASE-p1 FreeBSD 12.1-RELEAS= E-p1 > GENERIC amd64 Same situation as mine=E2=80=A6 >=20 >=20 > I created a top-level ZFS dataset in my root pool for jails. I then cr= eated > a dataset for each jail. I did not modify any of the ZFS properties: >=20 >=20 > The bulk CVS and the Samba data are in separate datasets in another poo= l: Ok, I have only one pool, but the trick still the same. >=20 NAME PROPERTY VALUE SOURCE tank/root/mails mountpoint /jails/mail/var/mail local > # zfs get mountpoint p1/ds2/cvs p1/ds2/samba > NAME PROPERTY VALUE SOURCE > p1/ds2/cvs mountpoint /jail/cvs/var/local/cvs received > p1/ds2/samba mountpoint /jail/samba/var/local/samba received But the source for stay local. Is it because I only have one pool (I gues= s it's that). >=20 >=20 > Here is my jail configuration file: >=20 > 2020-02-04 22:32:41 toor@soho ~ > # cat /etc/jail.conf > $j=3D"/jail"; > path=3D"$j/$name"; > host.hostname=3D"$name.tracy.holgerdanske.com"; >=20 > exec.clean; > exec.start=3D"sh /etc/rc"; > exec.stop=3D"sh /etc/rc.shutdown"; > mount.devfs; >=20 > cvs { > ip4.addr=3D"192.168.5.23"; > } >=20 > samba { > ip4.addr=3D"192.168.5.24"; > } I need to make more general options, but the essential configuration is t= here. And, is works. But in the jail the Mouted on is [restriced] mail# df -h . Filesystem Size Used Avail Capacity Mounted on tank/root/mails 6.9T 88K 6.9T 0% [restricted] mail# pwd /var/mail I can, as root create folders. Is it weird or normal? Another question if you can answer. Using nullfs and fstab. I mount the host lestencrypt folder in = the jail in order to have a single point for certificates. At the jail startup, postfix and dovecot failed to launch, but connected = to the jail they start with no problem. I suppose this came because the nullfs i= s not mounted when dovecot and postfix start. Btw, I did found any log about the start of my jail. On the jail /var/log/maillog I found: Feb 7 07:45:15 mail postfix/master[51684]: fatal: bind :: port 25: Can't= assign requested address Does it means postfix try to be started to soon in the jail create proces= s? How can I manage the start time? Thanks a lot for your help, Regards, --=20 Jacques Foucry