From owner-freebsd-jail@freebsd.org  Thu May  4 13:04:27 2017
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E890FD5E849
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Thu,  4 May 2017 13:04:27 +0000 (UTC)
 (envelope-from jamie@gritton.org)
Received: from gritton.org (gritton.org [199.192.165.131])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gritton.org", Issuer "Let's Encrypt Authority X3" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id CC3B3664
 for <freebsd-jail@freebsd.org>; Thu,  4 May 2017 13:04:27 +0000 (UTC)
 (envelope-from jamie@gritton.org)
Received: from gritton.org (gritton.org [199.192.165.131])
 by gritton.org (8.15.2/8.15.2) with ESMTP id v44D4Ks5074548;
 Thu, 4 May 2017 07:04:20 -0600 (MDT)
 (envelope-from jamie@gritton.org)
Received: (from www@localhost)
 by gritton.org (8.15.2/8.15.2/Submit) id v44D4KcA074547;
 Thu, 4 May 2017 07:04:20 -0600 (MDT)
 (envelope-from jamie@gritton.org)
X-Authentication-Warning: gritton.org: www set sender to jamie@gritton.org
 using -f
To: freebsd-jail@freebsd.org
Subject: Re: Proper way to execute zfs jail at jail startup
X-PHP-Originating-Script: 0:rcube.php
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 04 May 2017 07:04:20 -0600
From: James Gritton <jamie@gritton.org>
In-Reply-To: <CAPd55qCxjwSkn_wAMtY5GV51ScqFU0NjU8Vn50KOqvzEhVuPPQ@mail.gmail.com>
References: <CAPd55qCxjwSkn_wAMtY5GV51ScqFU0NjU8Vn50KOqvzEhVuPPQ@mail.gmail.com>
Message-ID: <cb6dc1eb8df376a53a51d86f3ab4f7d1@gritton.org>
X-Sender: jamie@gritton.org
User-Agent: Roundcube Webmail/1.2.3
X-Greylist: inspected by milter-greylist-4.6.2 (gritton.org [199.192.165.131]);
 Thu, 04 May 2017 07:04:20 -0600 (MDT) for IP:'199.192.165.131'
 DOMAIN:'gritton.org' HELO:'gritton.org' FROM:'jamie@gritton.org' RCPT:''
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2
 (gritton.org [199.192.165.131]); Thu, 04 May 2017 07:04:20 -0600 (MDT)
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 13:04:28 -0000

On 2017-05-03 08:05, joris dedieu wrote:
> Hi guys,
> Is there a clean way to execute _zfs jail $jid $dataset_ at jail
> startup ? I have tried with an exec.poststart script but it's too late
> in start order. I also tried to use a prefixed jid and exec.prestart,
> but zfs complains that jail does not exists.
> 
> Any idea ? Something I missed ?

It sounds like what you need is a hook for running host-level commands 
after the jail is created but before anything is run from exec.start.  
Unfortunately there is no such parameter - there probably should be.  
There probably also should be a simpler zfs option to jail(8).  But 
those are future concerns.

A workaround is to have nothing in exec.start.  exec.poststart would 
first run the "zfs jail" command, and then do the exec.start work.  
Something like:

   exec.poststart += "zfs jail $jid $dataset";
   exec.poststart += "jexec $jid sh /etc/rc";

It's not a particularly clean solution, but it should work.

- Jamie