From owner-freebsd-fs@FreeBSD.ORG Tue Feb 5 18:33:08 2013 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 18B884F9; Tue, 5 Feb 2013 18:33:08 +0000 (UTC) (envelope-from lukasz@wasikowski.net) Received: from mail.wasikowski.net (mail.wasikowski.net [IPv6:2001:6a0:1cb::b]) by mx1.freebsd.org (Postfix) with ESMTP id CD811ECB; Tue, 5 Feb 2013 18:33:07 +0000 (UTC) Received: from mail.wasikowski.net (mail.wasikowski.net [IPv6:2001:6a0:1cb::b]) by mail.wasikowski.net (Postfix) with ESMTP id 2F4AE9B2; Tue, 5 Feb 2013 19:33:03 +0100 (CET) X-Virus-Scanned: amavisd-new at wasikowski.net Received: from mail.wasikowski.net ([91.204.91.44]) by mail.wasikowski.net (scan.wasikowski.net [91.204.91.44]) (amavisd-new, port 10026) with ESMTP id k4l11_ZCYQZ7; Tue, 5 Feb 2013 19:33:02 +0100 (CET) Received: from [192.168.168.2] (89-72-12-251.dynamic.chello.pl [89.72.12.251]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: lukasz@wasikowski.net) by mail.wasikowski.net (Postfix) with ESMTPSA id CA51B9AD; Tue, 5 Feb 2013 19:33:02 +0100 (CET) Message-ID: <5111505E.6030105@wasikowski.net> Date: Tue, 05 Feb 2013 19:33:02 +0100 From: =?UTF-8?B?xYF1a2FzeiBXxIVzaWtvd3NraQ==?= User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: freebsd-fs@freebsd.org, freebsd-jail@freebsd.org Subject: zfs in jail - cannot mount: Insufficient privileges X-Enigmail-Version: 1.5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2013 18:33:08 -0000 FreeBSD 9.1-STABLE r246099, zfs in jail, unprivileged user is unable to mount dataset. In jail: # sysctl vfs.usermount security.jail.enforce_statfs security.jail.mount_zfs_allowed security.jail.mount_allowed security.jail.jailed vfs.usermount: 1 security.jail.enforce_statfs: 0 security.jail.mount_zfs_allowed: 1 security.jail.mount_allowed: 1 security.jail.jailed: 1 # zfs allow jinx/jails/jtest/testset ---- Permissions on jinx/jails/jtest/testset ------------------------- Permission sets: @testperms clone,create,destroy,mount,quota,readonly,receive,rollback,send,snapshot Local+Descendent permissions: user testuser @testperms # zfs get mountpoint jinx/jails/jtest/testset NAME PROPERTY VALUE SOURCE jinx/jails/jtest/testset mountpoint /testset local # getfacl /testset # file: /testset # owner: testuser # group: testuser owner@:rwxp--aARWcCos:------:allow group@:r-x---a-R-c--s:------:allow everyone@:r-x---a-R-c--s:------:allow # su - testuser $ zfs create jinx/jails/jtest/testset/testdir cannot mount 'jinx/jails/jtest/testset/testdir': Insufficient privileges filesystem successfully created, but not mounted Is it a bug or am I missing something? root can create dataset in this jail without any problem: # zfs create jinx/jails/jtest/testset/testdir2 && zfs list jinx/jails/jtest/testset/testdir2 NAME USED AVAIL REFER MOUNTPOINT jinx/jails/jtest/testset/testdir2 31K 18.4G 31K /testset/testdir2 On host user can create and mount dataset, problem appears only in jail. -- best regards, Lukasz Wasikowski