Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Aug 2019 10:11:54 +0200
From:      "O. Hartmann" <ohartmann@walstatt.org>
To:        freebsd-current <freebsd-current@freebsd.org>
Subject:   jails, ZFS, deprecated jail variables and poudriere problems
Message-ID:  <20190827101149.1efcb946@freyja>
next in thread | raw e-mail | index | archive | help 
Hello list,

trying to setup a poudriere jail on recent CURRENT and have some severe tr=
ouble.

We have a single ZFS pool (raidz), call it pool00 and this pool00 conatins=
 a
ZFS dataset pool00/poudriere which we want to exclusively attach to a jail=
.
pool00/poudriere contains a complete clone of a former, now decomissioned
machine and is usable by the host bearing the jails. The jail, named poudr=
iere,
has these config parameters set in /etc/jail.conf as recommended:

        enforce_statfs=3D         "0";

        allow.raw_sockets=3D      "1";

        allow.mount=3D            "1";
        allow.mount.zfs=3D        "1";
        allow.mount.devfs=3D      "1";
        allow.mount.fdescfs=3D    "1";
        allow.mount.procfs=3D     "1";
        allow.mount.nullfs=3D     "1";
        allow.mount.fusefs=3D     "1";

Here I find the first confusing observation. I can't interact with the dat=
aset
and its content within the jail. I've set the "jailed" property of
pool00/poudriere via "zfs set jailed=3Don pool00/poudriere" and I also hav=
e to
attach the jailed dataset manually via "zfs jail poudriere pool00/poudrier=
e" to
the (running) jail. But within the jail, listing ZFS's mountpoints reveal:

NAME                USED  AVAIL  REFER  MOUNTPOINT
pool00             124G  8.62T  34.9K  /pool00
pool00/poudriere   34.9K  8.62T  34.9K  /pool/poudriere

but nothing below /pool/poudriere is visible to the jail. Being confused I
tried to check the appropriate security variables and found a set of sysct=
l
OIDs, which seem to have no documentation entry, like

security.jail.param.allow.mount.zfs: 0
and a counterpart
security.jail.mount_zfs_allowed: 1

Checking the description of security.jail.mount_zfs_allowed tells me that =
this
OID is deprecated:

security.jail.mount_zfs_allowed: Jail may mount the zfs file system (depre=
cated)

So, we tried to set

	param.allow.mount.zfs=3D1

via /etc/jail.conf for the propper jail, but this results in an error. I c=
an't
find anything in jail(8) about these new ".param." OIDs, so maybe my troub=
le is
rooting in here.

Is there a howto for the novices on howto setup a jail with ZFS capabiliti=
es
needed for poudriere with ZFS?

Thank you in advance,

oh

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190827101149.1efcb946>