From owner-freebsd-jail@freebsd.org Thu Dec 8 17:41:33 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E302C6E93C for ; Thu, 8 Dec 2016 17:41:33 +0000 (UTC) (envelope-from fbstable@cps-intl.org) Received: from berkeley.cps-intl.org (websense.cps-intl.org [81.137.176.89]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E01F4E47 for ; Thu, 8 Dec 2016 17:41:32 +0000 (UTC) (envelope-from fbstable@cps-intl.org) Received: from [172.16.0.79] (helo=bdLL65j) by berkeley.cps-intl.org with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1cF2hE-000Dcx-3d; Thu, 08 Dec 2016 17:41:28 +0000 To: Alexander Leidinger , Miroslav Lachman <000.fbsd@quip.cz> References: <584986D0.3040109@quip.cz> <2b6346f8-ed02-0e6d-bd89-106098e7eb2d@cps-intl.org> <20161208180235.Horde.fO_9WNB99V3gW75Y-XtE_Lt@webmail.leidinger.net> Cc: freebsd-jail From: SK Message-ID: Date: Thu, 8 Dec 2016 17:41:09 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 MIME-Version: 1.0 In-Reply-To: <20161208180235.Horde.fO_9WNB99V3gW75Y-XtE_Lt@webmail.leidinger.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 172.16.0.79 X-SA-Exim-Mail-From: fbstable@cps-intl.org X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on berkeley.lan.cps-intl.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=10.0 tests=ALL_TRUSTED,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Subject: Re: ZFS and Jail :: nullfs mount :: nothing visible from host X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on berkeley.cps-intl.org) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2016 17:41:33 -0000 On 08/12/2016 17:02, Alexander Leidinger wrote: > Quoting SK (from Thu, 8 Dec 2016 16:41:29 +0000): > >> Thank you for your response. I tried setting it up like that (use zfs >> set jailed=on), and that did not work. I could not even run zfs from >> within the jail. Maybe I did something wrong -- so I am setting up a >> test box where I can try them all out. > > You need to have the zfs device visible in the jail, for this you need > to use a devfs rule at jail-start which makes it visible in the jail. > > See http://www.leidinger.net/blog/2011/05/19/how-i-setup-a-jail-host > in the part "AdĀ­diĀ­tional devfs rules for Jails" > (devfsrules_jail_withzfs). > > Bye, > Alexander. Dear Miroslav, Alexander Thank you both for the pointers. As soon as the test machine finishes compiling the world (I am using vimage, need custom kernel), I will give that a try. However, I did set up the things Miroslav suggested, along with tweaking the sysctl variables for jail zfs mount, and also setting the zfs jailed=on -- but on the existing system that had no effect whatsoever (even after a restart). So, I am thinking this might be due to the fact that all jails are nullfs mounted, hence the test box. I will update once I get the chance to play with the information you two kindly provided and let you know how it goes. Thanks and regards SK