Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Feb 2020 22:44:04 +0100
From:      Jacques Foucry <jacques+freebsd@foucry.net>
To:        freebsd-questions@freebsd.org
Subject:   jail and dedicated zfs dataset
Message-ID:  <20200204214404.GB36588@foucry.net>
next in thread | raw e-mail | index | archive | help 

Hi folks,

I'm trying to create a jail (for the mail) with a dedicated zfs dataset.

On the host, the dataset in tank/root/mails wiht /var/mail as mountpoint.
jailed property in on

# zfs get mountpoint tank/root/mails
NAME             PROPERTY    VALUE       SOURCE
tank/root/mails  mountpoint  /var/mail   local

# zfs get jailed tank/root/mails
NAME             PROPERTY  VALUE   SOURCE
tank/root/mails  jailed    on      local

I also set allow properties:
# zfs allow tank/root/mails
---- Permissions on tank/root/mails ----------------------------------
Local+Descendent permissions:
	user root mount
	group wheel create,destroy,mount,snapshot


My /etc/jail.conf¹ definition for the dataset is:

   exec.poststart = "/sbin/zfs jail mail tank/root/mails";
   exec.poststart += "zfs mount -a";
   exec.stop = "/sbin/zfs unjail mail tank/root/mails";
   persist=true;
   mount.fstab="/etc/fstab.${name}";

On the guest, things seems good:

# zfs allow tank/root/mails
---- Permissions on tank/root/mails ----------------------------------
Local+Descendent permissions:
	user root mount
	group wheel create,destroy,mount,snapshot

# zfs list
NAME              USED  AVAIL  REFER  MOUNTPOINT
tank             42.2G  6.92T    88K  legacy
tank/root        36.7G  6.92T  3.60G  legacy
tank/root/mails   200K  6.92T    88K  /var/mail

But the dataset in not mounted:

# df -h /var/mail
Filesystem              Size    Used   Avail Capacity  Mounted on
tank/root/jails/mail    6.9T    2.9G    6.9T     0%    /

And mounting by hand failed:
# zfs mount -a
cannot mount 'tank/root/mails': Insufficient privileges

What could be wrong? The /var/mail mount point permissions? The host /var/mail
permissions (that should not be used)? Something in zfs allow?


¹ I know there is the old ezjail or iocage, but I'm more comfortable with the
system way.


Thanks for you help if you can.
-- 
Jacques Foucry

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200204214404.GB36588>