From owner-freebsd-stable@FreeBSD.ORG  Thu Aug 21 02:55:04 2014
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 05AC99D7
 for <freebsd-stable@freebsd.org>; Thu, 21 Aug 2014 02:55:04 +0000 (UTC)
Received: from m2.gritton.org (gritton.org [63.246.134.121])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C803E360C
 for <freebsd-stable@freebsd.org>; Thu, 21 Aug 2014 02:55:03 +0000 (UTC)
Received: œ(authenticated bits=0)
	by m2.gritton.org (8.14.9/8.14.9) with ESMTP id s7L2t0J9026413;
	Wed, 20 Aug 2014 22:55:01 -0400 (EDT)
	(envelope-from jamie@gritton.org)
Message-ID: <53F55F7E.4010309@gritton.org>
Date: Wed, 20 Aug 2014 20:54:54 -0600
From: James Gritton <jamie@gritton.org>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
Subject: Re: mounting fdescfs in a nested/hierarchical jail?
References: <3CB0C5BC-3864-418E-A59F-467D39B7E1EA@verweg.com>
In-Reply-To: <3CB0C5BC-3864-418E-A59F-467D39B7E1EA@verweg.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 02:55:04 -0000

On 8/18/2014 6:26 AM, Ruben van Staveren wrote:
> Hi list,
>
> I have a FreeBSD 10 zfs based ezjail setup. In one of the jails I am using ezjail again to set up a nested jail. My goal is to eventually have my jails use these nested jails as containers for certain services.
>
> However, I am not able to mount a nested fdescfs. When I leave out fdesc, the nested jail starts up just fine.
>
> There is no allow.mount.fdescfs. Do we need one?
>
> Cheers,
> 	Ruben

That's probably the answer.  It seems a little inelegant to have this 
proliferation of pesudo-fs type allowances, but it's the direction we've 
gone.

In the meantime, you could pre-mount the child jails' fdescfs when the 
parent jails are created.  That's pretty messy, especially considering 
it means you have to first pre-mount their devfs as well.  But it's 
likely all the permissions will allow.

- Jamie