From owner-freebsd-jail@FreeBSD.ORG Mon Jun 15 20:28:33 2015 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ED4296C6 for ; Mon, 15 Jun 2015 20:28:32 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) by mx1.freebsd.org (Postfix) with ESMTP id C987CE4B for ; Mon, 15 Jun 2015 20:28:32 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [192.168.1.2] (unknown [192.168.1.2]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 445C99106 for ; Mon, 15 Jun 2015 20:28:26 +0000 (UTC) Message-ID: <557F356C.4060708@freebsd.org> Date: Mon, 15 Jun 2015 16:28:28 -0400 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: zfs in a jail References: <20150613035921.GA22078@blazingdot.com> In-Reply-To: <20150613035921.GA22078@blazingdot.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="AsConnwvu9LXe2vHpUatCV7WdWU2vQDHk" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 20:28:33 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --AsConnwvu9LXe2vHpUatCV7WdWU2vQDHk Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015-06-12 23:59, Marcus Reid wrote: > Hi, >=20 > I'm doing zfs from within a jail, and there is one thing that's giving > me some trouble. >=20 > First, the bits that get zfs working from inside a jail: >=20 > /etc/jail.conf: > allow.mount; > allow.mount.zfs; > enforce_statfs =3D 1; >=20 > /etc/sysctl.conf: > security.jail.mount_allowed=3D1 > security.jail.mount_zfs_allowed=3D1 > security.jail.enforce_statfs=3D1 >=20 > zfs set jailed=3Don zroot/jails/git/git >=20 > Finally, to get the dataset visible inside the jail, this is required > when the jail is running: >=20 > zfs jail git zroot/jails/git/git >=20 > So, in jail.conf, I do a: >=20 > exec.poststart =3D "zfs jail git zroot/jails/git/git" >=20 > Problem: zfs is not visible in jail after a reboot. This problem is > understood but I don't know the solution. >=20 > exec.poststart is run after exec.start (the thing that runs /etc/rc in > the jail), so the zfs datasets are not yet visible when /etc/rc.d/zfs > runs in the jail. So, I have to log into the jail and do a 'zfs mount > -a' after everything comes up. Not ideal. If there were a > exec.postcreate directive in jail.conf that ran a command on the host > after jail creation but before /etc/rc starts, then I could run 'zfs > jail' before the jails init scripts are run. >=20 > Am I going about that in the wrong way? jail.conf seems like the right= > place for it, because you want your storage working after a 'jail -rc > git', right? >=20 > Thanks, >=20 > Marcus > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= >=20 If you set: zfs_enable=3D"YES" in rc.conf inside the jail, it runs 'zfs mount -a' as part of the startup routine. This is how it is expected to work. --=20 Allan Jude --AsConnwvu9LXe2vHpUatCV7WdWU2vQDHk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJVfzVxAAoJEBmVNT4SmAt+xX4P/0rMKDVRvAjK5YcSX8xNapYh E02G/OnjRMNRjc1s8pQtuFefPqhiQk4gCk4gt+rCxikRLA3kmDOC+q0WuOLUnazs RuhNhbwyO5wK6eiy+jyGv86ahOdGUIskwqDGzo9ZnAyufXfCBBIlpcfkTi8HJ1Ca M0fkHYDVomUhhqq+TDPi6FZGQaoeqbm8Iae+GzBCtTPBd2pZKPuQvw0d6kAaXsXH hsduS+3KOORR2GD0sUzN45W42XvMCIjsWh/QnouYiVkM6mHTFa3GNqcup9CfAK4+ hGjrvjFxyqczdvSzbbfi1iY7EUZPtmhqL5YB4julK5XgpGS2sNG1xaiZfi/GvZ1b oKLGhn0ZVPc4MaX6PJ0fwh+X7RjZUJ7yFb9zXH0x8BLk2Jp5K1HaudTGJteIRBTq ybfu4tTrHUSW3eEieVjOb82YH+YCdpuv6oV65Wvwb1SXW/dJmvopEeGlt78hLkg+ FsTTLE5K5hrhH33cgQNu1A+GK4RgjqMf2On0G2gopJgM1/L6T/VjxmS3bKmLBKHf 8h9AGjGvdZDouhsC3J4+UrKz8Wg5FSIGyBnIKyOFAip3VxmzyBt/FscSO78REGCd txOYWo2759yhNUpRnwm1frQ9odV5ZqPnE1z88AKB3aizAQnSzMRE79TbCq3RsLjR 7fghtbW6wMOrN5GD2NTp =7zaJ -----END PGP SIGNATURE----- --AsConnwvu9LXe2vHpUatCV7WdWU2vQDHk--