From owner-freebsd-jail@FreeBSD.ORG Tue Sep 11 00:01:15 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B65F8106566B for ; Tue, 11 Sep 2012 00:01:15 +0000 (UTC) (envelope-from bryan@shatow.net) Received: from secure.xzibition.com (secure.xzibition.com [173.160.118.92]) by mx1.freebsd.org (Postfix) with ESMTP id 5D7EB8FC08 for ; Tue, 11 Sep 2012 00:01:15 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=shatow.net; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sweb; b=T8FKhY FYHTqANoHn7U+jLxZg45Yvhs5FntDKAfABCnRYVOeU1MFlD/sXhYP3g44szE4bLm 2dv9BL6a0TXRZq3ywov12yh/oE13xLu8dsYpWvNlNf4PMpyAzcgGn0vOwHP2sUv8 u2q6kswSdQRP/Ow+m5s/5Djp0sB3EHgrKW114= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=shatow.net; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sweb; bh=Tyc4VAkf4XOf 4o27rR5lq0tMUHg4Pt+b8akyUhQHzDw=; b=sUFDFccwT9zph1eCrG9KMdf4Nqq1 VaSHqmkE4Ue+AhWe3K+iTfA+JQU0r0gd0LI/v9/3rm2c9/J23HaAWfwDrhv6SqLN F/J0/+l4aSZ3whQtRIZ1IvPODfp5MGjGfekhjNxtsGqh/mGbgyMCrFqpGQd/yswm 0qyu/6d52QS5+EY= Received: (qmail 41941 invoked from network); 10 Sep 2012 19:01:07 -0500 Received: from unknown (HELO ?10.10.0.115?) (bryan@shatow.net@10.10.0.115) by sweb.xzibition.com with ESMTPA; 10 Sep 2012 19:01:07 -0500 Message-ID: <504E7F42.3080506@shatow.net> Date: Mon, 10 Sep 2012 19:01:06 -0500 From: Bryan Drewery User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120824 Thunderbird/15.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <504594DF.4000105@shatow.net> <504595C6.9060807@shatow.net> <5045969A.3020201@shatow.net> In-Reply-To: <5045969A.3020201@shatow.net> X-Enigmail-Version: 1.4.4 OpenPGP: id=3C9B0CF9; url=http://www.shatow.net/bryan/bryan.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: 9.1-PRERELEASE - allow.mount - allow.mount.zfs - do not get passed to child X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 00:01:15 -0000 On 9/4/2012 12:50 AM, Bryan Drewery wrote: > On 9/4/2012 12:46 AM, Bryan Drewery wrote: >> On 9/4/2012 12:42 AM, Bryan Drewery wrote: >>> I am unable to get these to pass into jails via /etc/rc.d/jail + ezjail. >>> >>> I set them in the host: >>> >>> security.jail.mount_allowed=1 >>> security.jail.mount_zfs_allowed=1 >>> >>> What is the proper way to get these set? >>> >>> >> >> I used `jail -m` to set these, but they don't seem to work: >> >> In host: >> >> # jail -m jid=3 allow.mount allow.mount.zfs >> # sysctl vfs.usermount=1 >> >> In jail: >> >> # sysctl -a|grep mount >> vfs.usermount: 1 >> ... >> security.jail.mount_zfs_allowed: 1 >> security.jail.mount_allowed: 1 >> >> # zfs mount -a >> cannot mount 'backup': Insufficient privileges >> >> This dataset is properly jailed=on and 'zfs jail' ran on it as well. > > Sorry for the noise.. > > # jail -m jid=3 enforce_statfs=1 > > Now it works. > > Yes, I read the jail(8) and zfs(8) manpages. My biggest problem was the > params not being passed in at startup. > > Bryan > Anyone else who runs into this, r239382 allows this to work using /etc/rc.d/jail with deprecated rc.conf/ezjail setups. You can specify jail_NAME_parameters=... with that patch. -- Regards, Bryan Drewery bdrewery@freenode/EFNet