Date: Thu, 11 Apr 2013 17:58:16 -0600 From: Jamie Gritton <jamie@FreeBSD.org> To: Dirk Engling <erdgeist@erdgeist.org> Cc: freebsd-jail@FreeBSD.org Subject: Re: jail(8) vs. rc.d/jail features - fstab, zfs, vnet Message-ID: <51674E18.4070402@FreeBSD.org> In-Reply-To: <51670567.5070602@erdgeist.org> References: <51670567.5070602@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/11/13 12:48, Dirk Engling wrote: > Dear jail hackers, > > in my ongoing quest to understand the direction jail development is > heading, I noticed that per-jail-fstabs are not (anymore?, yet?) > supported by the new jail(8)-rc.d/jail2-combo. Are there official plans > to drop the support? > > A nice new jail+zfs feature is the "zfs jail" command, allowing to > attach a zfs to a jail. The way[tm] to properly use this feature is to > first create a prison, attach the zfs file system(s) to the jid and only > then run the exec.start command. So either jail(8) needs to be zfs aware > and execute the zfs jail command(s) by itself, or a exec.postprestart > command that is being passed the prison id of the new jail needs to be > run in system context. (For shutting down and unjail-ing vice versa). > > The same goes with the vimage features. Most of the ways I can think of > using vnet interfaces require some configuration in the host system > after the vnet has been attached to the jid but before exec.start (and > thus the jail's rc.d/netif) is executed. > > Since I speak C, posix and sh fluidly, I am willing to implement or help > implementing any of the proposals in question, so do not misunderstand > them as just demands ;) As mentioned, fstab support is there. I have a parameter, vnet.interface, which runs the necessary "ifconfig ... vnet" command between jail creation and exec.start. We could have a similar parameter for zfs, or we could create another set of exec.* parameters, which would be more flexible in the long run. But as you hinted at with "postprestart", there doesn't seem to be a good logical name for it. Since the vnet.interface command exists, you could use that as a guide for adding a "zfs" parameter. vnet.interface only does anything on jail creation, as the interface automatically reverts to the parent on jail removal. I don't know if the zfs stuff works the same way - if it doesn't, then you'll need a similar "prepoststop" kind of operation. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51674E18.4070402>