From owner-freebsd-current@freebsd.org Wed Aug 28 11:49:34 2019 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 15D57D9F60 for ; Wed, 28 Aug 2019 11:49:34 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:313::1:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46JPDD6Vxfz46TZ for ; Wed, 28 Aug 2019 11:49:32 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from outgoing.leidinger.net (p5B1657F2.dip0.t-ipconnect.de [91.22.87.242]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (Client did not present a certificate) by mailgate.Leidinger.net (Postfix) with ESMTPSA id EE03F14F0 for ; Wed, 28 Aug 2019 13:49:30 +0200 (CEST) Received: from webmail.leidinger.net (webmail.Leidinger.net [IPv6:fd73:10c7:2053:1::3:102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by outgoing.leidinger.net (Postfix) with ESMTPS id 82F90936D for ; Wed, 28 Aug 2019 13:49:28 +0200 (CEST) Received: (from www@localhost) by webmail.leidinger.net (8.15.2/8.14.4/Submit) id x7SBnSdf028004 for freebsd-current@freebsd.org; Wed, 28 Aug 2019 13:49:28 +0200 (CEST) (envelope-from Alexander@leidinger.net) X-Authentication-Warning: webmail.leidinger.net: www set sender to Alexander@leidinger.net using -f Received: from [::ffff:31.3.144.27] ([::ffff:31.3.144.27]) by webmail.leidinger.net (Horde Framework) with HTTPS; Wed, 28 Aug 2019 13:49:28 +0200 Date: Wed, 28 Aug 2019 13:49:28 +0200 Message-ID: <20190828134928.Horde.DiL31t_6di4RpY7cRJrPsBG@webmail.leidinger.net> From: Alexander Leidinger To: freebsd-current@freebsd.org Subject: Re: jails, ZFS, deprecated jail variables and poudriere problems In-Reply-To: <20190827101149.1efcb946@freyja> User-Agent: Horde Application Framework 5 Accept-Language: de,en Content-Type: multipart/signed; boundary="=_irKhjOFC29ARmahxCw5Jx0j"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net; s=outgoing-alex; t=1566992971; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to; bh=GLRRE4R3JCvc6t4+JK0APCW8CF2dUEYrGeo5DmG4mKc=; b=Jzp+ISjaNGd5jzwhsf7Vuy5Tr9irqTIElt2Abmm/RY/KVQXArIXxqIJhFglsLY3RKBGLFV 91Go8awPYeXGvzcf+NUjjvzsAgrXOUCB8+AVRaUN9cegbZJYLBPZHtU0zAqKdDuma4Y9dA T+cdH8fL5Bh3M32g0tEJ2bs2aKeckQa8SCGG34TWOllo02KAKCMZoF4qkLyyRquTuHQj34 cuz7obVC4L2uKyVvlXLWULVqyhl9NHLV0UTv70rX74I1hq66W38agUkUNwXbYyf3P+WCNA q0zLuqhMkvN4ik47J5U+4akdqexETYTffK0sB7NPD6LChBOgjPFCxZKduH5T7A== ARC-Seal: i=1; s=outgoing-alex; d=leidinger.net; t=1566992971; a=rsa-sha256; cv=none; b=pbeEA/INQxQP6e7QHLsJ6bwMSSJ82ptQdZ1c5eGEXSTszolOD4ixOjvgNX/GOrHx1yzdt4 7GxA0OiW0ttHQ3JvAwng2pXv9gCho9EXEkfsmShuPrChA2VRJ3kYC6lYx0RhW7QQ68MaZK XhX56rYAMr25vfuvNC9zj29oCOgXIXMUz60zamQUpocPX7GWn1V9aqRUYvjHSXO5cTzeGa AfNvgwv9OImUefx1HumTYN9jVSW+PZ79o5RzJUsMcJOEYmVSExogfWPNO1FeBo7sBb/2QB twXoW/nl0d2FHWsTnCE4wSGq+X4DbZ86tDd6ye5SGajj9FIKr29Z74FJcaY2yQ== ARC-Authentication-Results: i=1; mailgate.Leidinger.net; auth=pass smtp.auth=netchild@leidinger.net smtp.mailfrom=Alexander@leidinger.net X-Rspamd-Queue-Id: 46JPDD6Vxfz46TZ X-Spamd-Bar: --------- X-Spamd-Result: default: False [-9.81 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[leidinger.net:s=outgoing-alex]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; HAS_XAW(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; XAW_SERVICE_ACCT(1.00)[]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[leidinger.net:+]; DMARC_POLICY_ALLOW(-0.50)[leidinger.net,quarantine]; RCVD_COUNT_THREE(0.00)[4]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.993,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-3.72)[ip: (-9.80), ipnet: 2a00:1828::/32(-4.89), asn: 34240(-3.88), country: DE(-0.01)]; ASN(0.00)[asn:34240, ipnet:2a00:1828::/32, country:DE]; ARC_ALLOW(-1.00)[i=1]; RCVD_TLS_ALL(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[242.87.22.91.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Aug 2019 11:49:34 -0000 This message is in MIME format and has been PGP signed. --=_irKhjOFC29ARmahxCw5Jx0j Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting "O. Hartmann" (from Tue, 27 Aug 2019=20=20 10:11:54=20+0200): > We have a single ZFS pool (raidz), call it pool00 and this pool00 conatin= s a > ZFS dataset pool00/poudriere which we want to exclusively attach to a jai= l. > pool00/poudriere contains a complete clone of a former, now decomissioned > machine and is usable by the host bearing the jails. The jail, named=20= =20 >=20poudriere, > has these config parameters set in /etc/jail.conf as recommended: > > enforce_statfs=3D "0"; > > allow.raw_sockets=3D "1"; > > allow.mount=3D "1"; > allow.mount.zfs=3D "1"; > allow.mount.devfs=3D "1"; > allow.mount.fdescfs=3D "1"; > allow.mount.procfs=3D "1"; > allow.mount.nullfs=3D "1"; > allow.mount.fusefs=3D "1"; > > Here I find the first confusing observation. I can't interact with=20=20 >=20the dataset > and its content within the jail. I've set the "jailed" property of > pool00/poudriere via "zfs set jailed=3Don pool00/poudriere" and I also ha= ve to > attach the jailed dataset manually via "zfs jail poudriere=20=20 >=20pool00/poudriere" to > the (running) jail. But within the jail, listing ZFS's mountpoints reveal= : > > NAME USED AVAIL REFER MOUNTPOINT > pool00 124G 8.62T 34.9K /pool00 > pool00/poudriere 34.9K 8.62T 34.9K /pool/poudriere > > but nothing below /pool/poudriere is visible to the jail. Being confused = I Have you checked if it works if you add each dataset below the tree=20=20 you=20want to manage (=3D "sub-dataset")? Do the sub-datasets list the jailed property as inherited from the=20=20 parent=20(check on the host)? Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_irKhjOFC29ARmahxCw5Jx0j Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJdZmpIAAoJEBINsJsD+NiG744P/2Of7xDiKeMqWfDOxDciaxRd gMFAI1IWl2v/q/DHu+dqc5Ti/yJjFoanobs8j9DAXiVpl8tRqylucfDOzn2wE4mX 8PAcikclzpKrH4E5DplXXnRo7V/9cODNl+Y4icB6hcNpCD/InSgo8OUxHxI0iQZJ Ph+Oe/4JSeHsqTZEYhb2aiwscxa7X9d7WGTlPsN+fnh9hmCHJAp9vs7Ae5uydZQ1 6PcBbHnUEb8lPd5K0ZbRjk6ZdWM+S9j02hWDwwKVP9JDu4lgjUZjixSLtYWsl0LR jLDXazw2h5J1vzupnq3bqNfqI2WD1/3v/OHHcD0jA4EC4m7cwFLJY/a1MRKrf/fD NHQ3I+VzLLrLfLxDvfQ+x4z3SMF5XGvLrJX9LjZOIn3T9at1f7F2HIUR83gs8jZ+ /iJxhdYd7Imzyg+4RtTxa9Bc3UFE2uvuSNfAIm0px90eLlRvcGyD5Zq09PRQg7DR 2i72QfmnhSgn891LS0wh2d6AZoBMbNHu2vIZxnrVjz8fq1AiWz09KhZ1SGB4nGJ2 96AtcD2NvKZhzwgjT6DEJNSV5laKMGiemX6JCwhvlZ8YsMedFgrNeg6uqSBdD/rX y7FTz/LzvXwm+858VMCHxDbro+44EUlYRqG58xfWT0hHgab8alkZghrlDJpkoVYc hvhVZjIy5TeJa5FeHi3I =B8iu -----END PGP SIGNATURE----- --=_irKhjOFC29ARmahxCw5Jx0j--