Date: Sat, 10 Aug 2013 23:07:33 +0300 From: George Kontostanos <gkontos.mail@gmail.com> To: =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no> Cc: freebsd-stable@freebsd.org Subject: Re: ZFS in jails 9.2-RC1 permission denied Message-ID: <CA%2BdUSypEuV05DYvgz76R7aFK6EQpH9S0hvhBVrWD4vXo_BN4Ew@mail.gmail.com> In-Reply-To: <alpine.BSF.2.00.1308091312580.90799@mail.fig.ol.no> References: <CA%2BdUSyqDY9CQUrTDGNT5xwGjRce=JvAJrJHATxAocvffbz=ewg@mail.gmail.com> <CA%2BdUSypajBopACJt4HiNOGGYb2RqSfvrL0iP3eA_j%2BRd7hVi%2BA@mail.gmail.com> <1375963160.29686.7487435.7323F707@webmail.messagingengine.com> <CA%2BdUSyp-tRjB8290X45j%2B%2Bfmr3pFKrjjbQckH=gokfe=sL0fZA@mail.gmail.com> <alpine.BSF.2.00.1308090745270.90799@mail.fig.ol.no> <CA%2BdUSyrZ0RMRTaS5pE_0xn2zrMnvBX5MD=tx%2BS%2BaftP%2BK6cWyQ@mail.gmail.com> <alpine.BSF.2.00.1308091252000.90799@mail.fig.ol.no> <CA%2BdUSyq%2BCPc09xDA0NJ2En4F2qG=37xorOBO6nZ6xbvRd-KYrw@mail.gmail.com> <alpine.BSF.2.00.1308091312580.90799@mail.fig.ol.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 9, 2013 at 2:22 PM, Trond Endrest=F8l < Trond.Endrestol@fagskolen.gjovik.no> wrote: > On Fri, 9 Aug 2013 14:07+0300, George Kontostanos wrote: > > > On Fri, Aug 9, 2013 at 1:57 PM, Trond Endrest=F8l < > > Trond.Endrestol@fagskolen.gjovik.no> wrote: > > > > > On Fri, 9 Aug 2013 13:35+0300, George Kontostanos wrote: > > > > > > > On Fri, Aug 9, 2013 at 8:55 AM, Trond Endrest=F8l < > > > > Trond.Endrestol@fagskolen.gjovik.no> wrote: > > > > > > > > > On Thu, 8 Aug 2013 19:04+0300, George Kontostanos wrote: > > > > > > > > > > > On Thu, Aug 8, 2013 at 2:59 PM, Mark Felder <feld@freebsd.org> > > > wrote: > > > > > > > > > > > > > On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: > > > > > > > > > > > > > > > > Anybody? > > > > > > > > > > > > > > > > > > > > > > Can you provide your jail configuration? I think 9.2 introduc= es > > > the new > > > > > > > /etc/jail.conf functionality and perhaps it somehow it broke > the > > > way > > > > > you > > > > > > > were doing it previously? If so, the old method is supposed t= o > be > > > work > > > > > > > as well... > > > > > > > > > > > > jail_enable=3D"YES" > > > > > > jail_list=3D"jail1" > > > > > > jail_jail1_rootdir=3D"/tank/jails/jail1" > > > > > > jail_jail1_hostname=3D"jail1" > > > > > > jail_jail1_interface=3D"em0" > > > > > > jail_jail1_ip=3D"172.16.154.32" > > > > > > jail_jail1_devfs_enable=3D"YES" > > > > > > > > > > During my experimentation yesterday, I had to add: > > > > > > > > > > jail_jail1_parameters=3D"enforce_statfs=3D1 allow.mount=3D1 > > > allow.mount.zfs=3D1" > > > > > > > > > > I wish there was a way of executing a command in the host > environment > > > > > _after_ the jail is created, but _before_ exec.start is run from > > > > > within the jail environment, exec.prestart is run in the host > > > > > environment before the jail is created and is of no use for > attaching > > > > > a ZFS dataset to a particular jail with the zfs jail command. > > > > > > > > > > Until this issue is resolved, I see no other way than manually > > > > > attaching a ZFS dataset to a jail, and manually running the mount > > > > > command from within the jail environment. > > > > > > > > Excellent, this worked like a charm! > > > > > > > > Does this means that the sysctl parameters are not honored or they > have > > > to > > > > be also passed in the jail parameters? > > > > > > I guess so. Setting the sysctls in /etc/sysctl.conf doesn't seem to > > > propagate to the jail environments at all in 9.2-BETA2. > > > > > > > Thanks! > > > > > > You're welcome, and thanks for pushing me to explore jails and ZFS > > > even further. ;-) > > > > > > Maybe the jail people should erect exec.afterprestart, enabling us to > > > attach ZFS datasets to our jails prior to launching the jails. > > > > I think that the process of attaching a dataset or a pool to a jail has > to > > be done after the JID has been created. The way I attach them is from t= he > > host system: > > > > #zfs jail <JID> pool/dataset > > That's why I propose the exec.afterprestart. This is how I imagine it > should work: > > 1. The operator attempts to create a jail: jail -c somejail > > 2. The exec.prestart is run within the _host_ environment. It is of no > concern regarding attaching ZFS datasets to our jail. > > 3. The jail is actually created, say, with /jails/somejail > (zjails/jails/somejail) as it root. > > 4. The exec.afterprestart is run within the _host_ environment, and in > our case is configured to attach some ZFS datasets, say: > > zfs jail somejail zjails/jaildata/somejail > > 5. The exec.start is run within the _jail_ environment, typically > running /etc/rc. > > 6. /etc/fstab within the _jail_ environment contains the necessary > information to mount zjails/jaildata/somejail as /jaildata. > > 7. Everything else remains unchanged. > > -- > +-------------------------------+------------------------------------+ > | Vennlig hilsen, | Best regards, | > | Trond Endrest=F8l, | Trond Endrest=F8l, = | > | IT-ansvarlig, | System administrator, | > | Fagskolen Innlandet, | Gj=F8vik Technical College, Norway, | > | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | > | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | > +-------------------------------+------------------------------------+ > Sounds very good! As a side note. I noticed that if I log into the jail and issue: zail1> zfs mount -a All datasets are available. --=20 George Kontostanos --- http://www.aisecure.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BdUSypEuV05DYvgz76R7aFK6EQpH9S0hvhBVrWD4vXo_BN4Ew>