From owner-freebsd-current@FreeBSD.ORG Tue Mar 31 07:00:16 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 430881065675 for ; Tue, 31 Mar 2009 07:00:16 +0000 (UTC) (envelope-from crapsh@monkeybrains.net) Received: from ape.monkeybrains.net (mail.monkeybrains.net [208.69.40.9]) by mx1.freebsd.org (Postfix) with ESMTP id 2E0DB8FC1B for ; Tue, 31 Mar 2009 07:00:15 +0000 (UTC) (envelope-from crapsh@monkeybrains.net) Received: from [192.168.2.105] (adsl-76-203-172-200.dsl.pltn13.sbcglobal.net [76.203.172.200]) (authenticated bits=0) by ape.monkeybrains.net (8.14.1/8.14.1) with ESMTP id n2V6RT8u011653 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 30 Mar 2009 23:27:29 -0700 (PDT) (envelope-from crapsh@monkeybrains.net) Message-ID: <49D1B7CD.1080702@monkeybrains.net> Date: Mon, 30 Mar 2009 23:27:25 -0700 From: Rudy User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: freebsd-current@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.94.2, clamav-milter version 0.94.2 on pita.monkeybrains.net X-Virus-Status: Clean Subject: Geli in a Jail? geli: Cannot lock memory: Operation not permitted. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Mar 2009 07:00:17 -0000 I could't init a geli in a jail. Anyone know how? Here is what I tried jail# geli init -s 4096 -K /root/gelitest.key /dev/zvol/tank/testgeli geli: Cannot lock memory: Operation not permitted. [1] In the host, I created the volume: host# zfs create -V 4g tank/gelijar [2] made a custom devfs to show the zvol in the jail... [devfsrules_gelitest=5] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path zvol unhide add path tank unhide add path *gelijar unhide [3] tried to add the geli in the jail and failed. :( For now, I init/attach/newfs/mount the filesystem from the host into the jail, but I want to leave the attach to the customer in the jail... host# geli init -s 4096 -K /root/gelitest.key /dev/zvol/tank/testgeli host# geli attach -k /root/gelitest.key /dev/zvol/tank/testgeli host# newfs /dev/zvol/tank/testgeli.eli host# mount /dev/zvol/tank/testgeli.eli /tank/gelijar.monkeybrains.net/crypt host# df < -- I see it! jail# df <-- I don't see /crypt. :( Any way to fix that as well? Thanks, Rudy