Date: Tue, 8 Jan 2008 10:38:16 -0500 From: Wesley Shields <wxs@FreeBSD.org> To: freebsd-questions@freebsd.org Cc: freebsd-current@freebsd.org, "Gelsema, P \(Patrick\)" <gelsemap@superhero.nl> Subject: Re: jail on ZFS - "Unable to mount devfs" Message-ID: <20080108153816.GC45359@atarininja.org> In-Reply-To: <70f41ba20801080708u4b05b37cta9315a0e0df5116f@mail.gmail.com> References: <70f41ba20801071743o437b86ebx7956ad73250becb1@mail.gmail.com> <56088.195.50.100.20.1199787921.squirrel@www.superhero.nl> <70f41ba20801080708u4b05b37cta9315a0e0df5116f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 08, 2008 at 07:08:04AM -0800, snowcrash+freebsd wrote:
> hi patrick,
>
> > If I remember correctly there was no password file for in the jail. I
> > think you have to rerun a certain command. Of course I do not remember the
> > command :( The command should create the master password database.
>
> using the ServiceJail model, after populating the jail skeleton and
> running mergemaster, the two commands i run are,
>
> /usr/bin/cap_mkdb /j/jSKEL/etc/login.conf
> /usr/sbin/pwd_mkdb -d /j/jSKEL/etc -p /j/j/etc/master.passwd
>
> which should take care of that.
>
> > Also you have to run within in the jail newaliases to create the aliases
> > file, do a touch /etc/fstab to stop complaints about unable to read
> > mountpoints.
>
> hm. i did not do that this time around. i'd built my jail-world with
> *both* NO_MAILWRAPPER=true & NO_SENDMAIL=true, so i mayhave caused
> myself a problem.
>
> rather than cp'ing bins, tobe safe, i'll just rebuild world ... and
> see in a bit if that helps.
>
> thanks.
>
> > Furthermore I am not sure that you can run a jail on a zfs file system.
> > The setup I have is that I run my jails on ufs and have a zfs filesystem
> > available within the jail.
>
> ??
>
> if that's true, then that renders the rest moot -- and i have a problem.
>
> atm, i have
>
> cat /etc/fstab
> /dev/mirror/gm0s1a /bootdir ufs rw 1 1
> /dev/mirror/gm0s1b none swap sw 0 0
> /dev/acd0 /cdrom cd9660 ro,noauto 0 0
> /j/jMROOT /j/jTEST nullfs ro 0 0
> /j/s/jTEST /j/jTEST/s nullfs rw 0 0
>
> zfs list
> NAME USED AVAIL REFER MOUNTPOINT
> z 5.23G 213G 250M /z
> z/data 20K 213G 20K /data
> z/home 28.5K 213G 28.5K /home
> z/j 23K 213G 23K /j
> z/tmp 406K 213G 406K /tmp
> z/usr 4.88G 213G 4.88G /usr
> z/var 105M 213G 105M /var
>
> where z/j is a zfs mount.
>
> i *can* access the jail, and do just about 'all' i need to in the jail
> (builds, exec, etc).
>
> but do *not* yet know if, by running the jail on zfs space whehter
> i've compromised anything.
>
> do you have a reference for your comment? or, perhaps, someone else
> can comment, as well?
I have a jail running in a ZFS environment.
wxs@ack ~ % jls
JID IP Address Hostname Path
3 192.168.1.100 asterisk /u/jails/asterisk
wxs@ack ~ % mount | grep "data"
data on /u (zfs, NFS exported, local, noatime)
wxs@ack ~ % mount | grep devfs
devfs on /dev (devfs, local)
devfs on /u/jails/asterisk/dev (devfs, local)
wxs@ack ~ %
-- WXS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080108153816.GC45359>