From owner-freebsd-current@freebsd.org Tue Aug 27 16:52:32 2019 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F2F54DA1EC for ; Tue, 27 Aug 2019 16:52:32 +0000 (UTC) (envelope-from mizhka@gmail.com) Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46Hw0H6g8sz455K for ; Tue, 27 Aug 2019 16:52:31 +0000 (UTC) (envelope-from mizhka@gmail.com) Received: by mail-wr1-x42b.google.com with SMTP id q12so19491528wrj.12 for ; Tue, 27 Aug 2019 09:52:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tilN4Cc/dKDRVRln49m7XvmaZLYc1jvNOWEzpcr8WcI=; b=Z+CBS5qDwD/nNUGasxQQxDBZK7x210ZG0W0wcClRA2IERoMsWDV/AUqPtlWG13k7MQ fwznpbJf3hkwqQf4elj/ZqGslbfCHprxTvkMy59frFkJZl0JcYlftAjM5gpT880L9j9e 2/jqGFjLJOWZwgg/oocOw5uMs6vFpBCAQ2XSP2FZZpfVcJQLmrndxfG1lLsCsZ/1Vahe GXHw1Lzfa0n+lE0N2j9ikGT2LRj1QVhvrjo6xh6jkzMX7gdOmarC2hy/NTOJHZjR8jVJ zb1n9HrOT6bejBc4yhr+1KWyEjjH/Xk5DliZ4Ee1Erbb5/okKRIjImfTa5Ymi8mJz0BT sOyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tilN4Cc/dKDRVRln49m7XvmaZLYc1jvNOWEzpcr8WcI=; b=F+3mHMUpgLKjhiLOAb98sF7tIiBp0qTJphJFKHB7718rQFms1zO30aaXpBgfcFRvFn UBYuyolE2JU0XIzAx+ZI7A5xF5vB8fA3RJNJMQ1D5RwK2SvcGnXwN1Q6+xRbSXW23fXG iEtyMW2lStT0s9eQDiwi4yhNssC5IC8k6zQ7/ZuGrJRCbKOTmNWdN6UWr0eBpIiUxvV0 bWWUKwT2eBjnv5lrPfKagt88TnWThqQ1BR/aZzfzsD/Y5WWrX4njUk3D2UDvcuH9qsKO BTvE/DKuxY5xuJ6pH/s0pcFi+J82a7azfiHUNMoxMAeDzaIdqtiNHNnzT5osXJ44M/ig kQsg== X-Gm-Message-State: APjAAAW0P5gopLBMoZwGF9g7eq0OMrZ4gqkRSjm58C0wX9SMTgzYBJqX AadilJbQTEcjqFomTGT7NF0aBVHAaS1LUozH4vDscytF7SA= X-Google-Smtp-Source: APXvYqxSon3U9pG46+eCK2F8x4rrId0HLhIkrNhUM/M9FkUfm/ItLAy2Esc0Tv0JTdg7xhUvQMeR9xsgEZWl7kYyfvU= X-Received: by 2002:a5d:6911:: with SMTP id t17mr18782774wru.255.1566924749720; Tue, 27 Aug 2019 09:52:29 -0700 (PDT) MIME-Version: 1.0 References: <20190827101149.1efcb946@freyja> In-Reply-To: <20190827101149.1efcb946@freyja> From: Michael Zhilin Date: Tue, 27 Aug 2019 19:52:17 +0300 Message-ID: Subject: Re: jails, ZFS, deprecated jail variables and poudriere problems To: "O. Hartmann" Cc: freebsd-current X-Rspamd-Queue-Id: 46Hw0H6g8sz455K X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Z+CBS5qD; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of mizhka@gmail.com designates 2a00:1450:4864:20::42b as permitted sender) smtp.mailfrom=mizhka@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[b.2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-1.00)[-0.998,0]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; IP_SCORE(0.00)[ip: (-9.30), ipnet: 2a00:1450::/32(-3.00), asn: 15169(-2.33), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Aug 2019 16:52:33 -0000 Hi, I have no tried (but it's in progress) this article: http://zero-knowledge.org/post/126/ Hope it will help (for me too). Thanks! On Tue, Aug 27, 2019 at 11:25 AM O. Hartmann wrote: > Hello list, > > trying to setup a poudriere jail on recent CURRENT and have some severe > trouble. > > We have a single ZFS pool (raidz), call it pool00 and this pool00 conatins > a > ZFS dataset pool00/poudriere which we want to exclusively attach to a jail. > pool00/poudriere contains a complete clone of a former, now decomissioned > machine and is usable by the host bearing the jails. The jail, named > poudriere, > has these config parameters set in /etc/jail.conf as recommended: > > enforce_statfs= "0"; > > allow.raw_sockets= "1"; > > allow.mount= "1"; > allow.mount.zfs= "1"; > allow.mount.devfs= "1"; > allow.mount.fdescfs= "1"; > allow.mount.procfs= "1"; > allow.mount.nullfs= "1"; > allow.mount.fusefs= "1"; > > Here I find the first confusing observation. I can't interact with the > dataset > and its content within the jail. I've set the "jailed" property of > pool00/poudriere via "zfs set jailed=on pool00/poudriere" and I also have > to > attach the jailed dataset manually via "zfs jail poudriere > pool00/poudriere" to > the (running) jail. But within the jail, listing ZFS's mountpoints reveal: > > NAME USED AVAIL REFER MOUNTPOINT > pool00 124G 8.62T 34.9K /pool00 > pool00/poudriere 34.9K 8.62T 34.9K /pool/poudriere > > but nothing below /pool/poudriere is visible to the jail. Being confused I > tried to check the appropriate security variables and found a set of sysctl > OIDs, which seem to have no documentation entry, like > > security.jail.param.allow.mount.zfs: 0 > and a counterpart > security.jail.mount_zfs_allowed: 1 > > Checking the description of security.jail.mount_zfs_allowed tells me that > this > OID is deprecated: > > security.jail.mount_zfs_allowed: Jail may mount the zfs file system > (deprecated) > > So, we tried to set > > param.allow.mount.zfs=1 > > via /etc/jail.conf for the propper jail, but this results in an error. I > can't > find anything in jail(8) about these new ".param." OIDs, so maybe my > trouble is > rooting in here. > > Is there a howto for the novices on howto setup a jail with ZFS > capabilities > needed for poudriere with ZFS? > > Thank you in advance, > > oh > > > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >