Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Aug 2019 10:11:54 +0200
From:      "O. Hartmann" <ohartmann@walstatt.org>
To:        freebsd-current <freebsd-current@freebsd.org>
Subject:   jails, ZFS, deprecated jail variables and poudriere problems
Message-ID:  <20190827101149.1efcb946@freyja>
next in thread | raw e-mail | index | archive | help 

Hello list,

trying to setup a poudriere jail on recent CURRENT and have some severe trouble.

We have a single ZFS pool (raidz), call it pool00 and this pool00 conatins a
ZFS dataset pool00/poudriere which we want to exclusively attach to a jail.
pool00/poudriere contains a complete clone of a former, now decomissioned
machine and is usable by the host bearing the jails. The jail, named poudriere,
has these config parameters set in /etc/jail.conf as recommended:

        enforce_statfs=         "0";

        allow.raw_sockets=      "1";

        allow.mount=            "1";
        allow.mount.zfs=        "1";
        allow.mount.devfs=      "1";
        allow.mount.fdescfs=    "1";
        allow.mount.procfs=     "1";
        allow.mount.nullfs=     "1";
        allow.mount.fusefs=     "1";

Here I find the first confusing observation. I can't interact with the dataset
and its content within the jail. I've set the "jailed" property of
pool00/poudriere via "zfs set jailed=on pool00/poudriere" and I also have to
attach the jailed dataset manually via "zfs jail poudriere pool00/poudriere" to
the (running) jail. But within the jail, listing ZFS's mountpoints reveal:

NAME                USED  AVAIL  REFER  MOUNTPOINT
pool00             124G  8.62T  34.9K  /pool00
pool00/poudriere   34.9K  8.62T  34.9K  /pool/poudriere

but nothing below /pool/poudriere is visible to the jail. Being confused I
tried to check the appropriate security variables and found a set of sysctl
OIDs, which seem to have no documentation entry, like

security.jail.param.allow.mount.zfs: 0
and a counterpart
security.jail.mount_zfs_allowed: 1

Checking the description of security.jail.mount_zfs_allowed tells me that this
OID is deprecated:

security.jail.mount_zfs_allowed: Jail may mount the zfs file system (deprecated)

So, we tried to set

	param.allow.mount.zfs=1

via /etc/jail.conf for the propper jail, but this results in an error. I can't
find anything in jail(8) about these new ".param." OIDs, so maybe my trouble is
rooting in here.

Is there a howto for the novices on howto setup a jail with ZFS capabilities
needed for poudriere with ZFS?

Thank you in advance,

oh

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190827101149.1efcb946>