From owner-freebsd-jail@freebsd.org Tue Jan 22 17:50:31 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C201A14A9A84 for ; Tue, 22 Jan 2019 17:50:31 +0000 (UTC) (envelope-from SRS0=bgq/=P6=quip.cz=000.fbsd@elsa.codelab.cz) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4894D95F5B for ; Tue, 22 Jan 2019 17:50:31 +0000 (UTC) (envelope-from SRS0=bgq/=P6=quip.cz=000.fbsd@elsa.codelab.cz) Received: by mailman.ysv.freebsd.org (Postfix) id 0B97314A9A83; Tue, 22 Jan 2019 17:50:31 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ECCFB14A9A82 for ; Tue, 22 Jan 2019 17:50:30 +0000 (UTC) (envelope-from SRS0=bgq/=P6=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 814AC95F59 for ; Tue, 22 Jan 2019 17:50:30 +0000 (UTC) (envelope-from SRS0=bgq/=P6=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 1161828422; Tue, 22 Jan 2019 18:50:22 +0100 (CET) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 0F85028417; Tue, 22 Jan 2019 18:50:16 +0100 (CET) Subject: Re: delegating ZFS of jail's root directory To: "Michael W. Lucas" , Willem Jan Withagen Cc: jail@freebsd.org References: <20190121164242.GB91955@mail.michaelwlucas.com> <946528bf-f9a9-724f-b4c0-1a734800d16d@digiware.nl> <20190122162334.GA668@mail.michaelwlucas.com> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <2ac2db6a-9fb8-36d7-2481-b6983da5bc04@quip.cz> Date: Tue, 22 Jan 2019 18:50:15 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.3 MIME-Version: 1.0 In-Reply-To: <20190122162334.GA668@mail.michaelwlucas.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 814AC95F59 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.98 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.98)[-0.982,0] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jan 2019 17:50:31 -0000 Michael W. Lucas wrote on 2019/01/22 17:23: > On Tue, Jan 22, 2019 at 11:39:57AM +0100, Willem Jan Withagen wrote: >> On 21-1-2019 17:42, Michael W. Lucas wrote: >> Hi Michael, >> >> I think I asked that question a some time ago, to be able to run a >> ceph-setup script in a jail.... >> >> The basic answer was that the jail needs to have access to /dev/zfs in the >> jail to be effectively controlling zfs. But then I think you delegate the >> whole set of zfs capabilities to the jail. >> >> Which in my case was not a problem. But if you want to use a jail as >> separation of control, then this will be way too liberal. >> >> There is a set of configs for devfs in /etc. See `man -k devfs` >> But I've not used this in the end. > > That fixes the first problem, thank you. > > I still can't delegate the jail's root directory to the jail, > though. Once I set jailed=on to the jail's zroot, it's unmounted and > jail(8) can't find the jail's /dev to mount it. > > There seems to be a chicken-and-egg problem here that I have no idea > how to resolve. Any suggestions? What about to mount it with exec.prestart before the jail is created? (I didn't tried it) Miroslav Lachman