Date: Fri, 9 Aug 2013 13:22:32 +0200 (CEST) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no> To: George Kontostanos <gkontos.mail@gmail.com> Cc: freebsd-stable@freebsd.org Subject: Re: ZFS in jails 9.2-RC1 permission denied Message-ID: <alpine.BSF.2.00.1308091312580.90799@mail.fig.ol.no> In-Reply-To: <CA%2BdUSyq%2BCPc09xDA0NJ2En4F2qG=37xorOBO6nZ6xbvRd-KYrw@mail.gmail.com> References: <CA%2BdUSyqDY9CQUrTDGNT5xwGjRce=JvAJrJHATxAocvffbz=ewg@mail.gmail.com> <CA%2BdUSypajBopACJt4HiNOGGYb2RqSfvrL0iP3eA_j%2BRd7hVi%2BA@mail.gmail.com> <1375963160.29686.7487435.7323F707@webmail.messagingengine.com> <CA%2BdUSyp-tRjB8290X45j%2B%2Bfmr3pFKrjjbQckH=gokfe=sL0fZA@mail.gmail.com> <alpine.BSF.2.00.1308090745270.90799@mail.fig.ol.no> <CA%2BdUSyrZ0RMRTaS5pE_0xn2zrMnvBX5MD=tx%2BS%2BaftP%2BK6cWyQ@mail.gmail.com> <alpine.BSF.2.00.1308091252000.90799@mail.fig.ol.no> <CA%2BdUSyq%2BCPc09xDA0NJ2En4F2qG=37xorOBO6nZ6xbvRd-KYrw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --2055831798-628144725-1376047352=:90799 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT On Fri, 9 Aug 2013 14:07+0300, George Kontostanos wrote: > On Fri, Aug 9, 2013 at 1:57 PM, Trond Endrestøl < > Trond.Endrestol@fagskolen.gjovik.no> wrote: > > > On Fri, 9 Aug 2013 13:35+0300, George Kontostanos wrote: > > > > > On Fri, Aug 9, 2013 at 8:55 AM, Trond Endrestøl < > > > Trond.Endrestol@fagskolen.gjovik.no> wrote: > > > > > > > On Thu, 8 Aug 2013 19:04+0300, George Kontostanos wrote: > > > > > > > > > On Thu, Aug 8, 2013 at 2:59 PM, Mark Felder <feld@freebsd.org> > > wrote: > > > > > > > > > > > On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: > > > > > > > > > > > > > > Anybody? > > > > > > > > > > > > > > > > > > > Can you provide your jail configuration? I think 9.2 introduces > > the new > > > > > > /etc/jail.conf functionality and perhaps it somehow it broke the > > way > > > > you > > > > > > were doing it previously? If so, the old method is supposed to be > > work > > > > > > as well... > > > > > > > > > > jail_enable="YES" > > > > > jail_list="jail1" > > > > > jail_jail1_rootdir="/tank/jails/jail1" > > > > > jail_jail1_hostname="jail1" > > > > > jail_jail1_interface="em0" > > > > > jail_jail1_ip="172.16.154.32" > > > > > jail_jail1_devfs_enable="YES" > > > > > > > > During my experimentation yesterday, I had to add: > > > > > > > > jail_jail1_parameters="enforce_statfs=1 allow.mount=1 > > allow.mount.zfs=1" > > > > > > > > I wish there was a way of executing a command in the host environment > > > > _after_ the jail is created, but _before_ exec.start is run from > > > > within the jail environment, exec.prestart is run in the host > > > > environment before the jail is created and is of no use for attaching > > > > a ZFS dataset to a particular jail with the zfs jail command. > > > > > > > > Until this issue is resolved, I see no other way than manually > > > > attaching a ZFS dataset to a jail, and manually running the mount > > > > command from within the jail environment. > > > > > > Excellent, this worked like a charm! > > > > > > Does this means that the sysctl parameters are not honored or they have > > to > > > be also passed in the jail parameters? > > > > I guess so. Setting the sysctls in /etc/sysctl.conf doesn't seem to > > propagate to the jail environments at all in 9.2-BETA2. > > > > > Thanks! > > > > You're welcome, and thanks for pushing me to explore jails and ZFS > > even further. ;-) > > > > Maybe the jail people should erect exec.afterprestart, enabling us to > > attach ZFS datasets to our jails prior to launching the jails. > > I think that the process of attaching a dataset or a pool to a jail has to > be done after the JID has been created. The way I attach them is from the > host system: > > #zfs jail <JID> pool/dataset That's why I propose the exec.afterprestart. This is how I imagine it should work: 1. The operator attempts to create a jail: jail -c somejail 2. The exec.prestart is run within the _host_ environment. It is of no concern regarding attaching ZFS datasets to our jail. 3. The jail is actually created, say, with /jails/somejail (zjails/jails/somejail) as it root. 4. The exec.afterprestart is run within the _host_ environment, and in our case is configured to attach some ZFS datasets, say: zfs jail somejail zjails/jaildata/somejail 5. The exec.start is run within the _jail_ environment, typically running /etc/rc. 6. /etc/fstab within the _jail_ environment contains the necessary information to mount zjails/jaildata/somejail as /jaildata. 7. Everything else remains unchanged. -- +-------------------------------+------------------------------------+ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +-------------------------------+------------------------------------+ --2055831798-628144725-1376047352=:90799--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1308091312580.90799>