From owner-freebsd-fs@FreeBSD.ORG Thu Apr 23 17:39:04 2015 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EE01BDEB for ; Thu, 23 Apr 2015 17:39:04 +0000 (UTC) Received: from hydra.pix.net (hydra.pix.net [IPv6:2001:470:e254::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.pix.net", Issuer "Pix.Com Technologies, LLC CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9DED01C83 for ; Thu, 23 Apr 2015 17:39:04 +0000 (UTC) Received: from torb.pix.net (verizon.pix.net [71.178.232.3]) (authenticated bits=0) by hydra.pix.net (8.15.1/8.15.1) with ESMTPA id t3NHd2i0064159; Thu, 23 Apr 2015 13:39:02 -0400 (EDT) (envelope-from lidl@pix.net) X-Authentication-Warning: hydra.pix.net: Host verizon.pix.net [71.178.232.3] claimed to be torb.pix.net Message-ID: <55392E36.6070209@pix.net> Date: Thu, 23 Apr 2015 13:39:02 -0400 From: Kurt Lidl User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: freebsd-fs@freebsd.org Subject: creating new zpool under jail? Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Apr 2015 17:39:05 -0000 Greetings - I've run into a problem that I haven't been able to figure out how to work around, and after looking through some of the kernel code, I'm not sure it is currently possible to do what I want. I have a script that creates a 2GB file, and then creates a fresh zpool using that file as the backing store. That works perfectly on a regular machine. I can create the zpool and some filesystems, and when I'm done, use 'zfs send' to serialize the contents of the filesystems into a static set of files. Here's the commands from that script: mkdir zfs truncate -s +2g zfs.file zpool create -o cachefile=none -m `pwd`/zfs system `pwd`/zfs.file When run on a jailed instance, the 'zpool create' fails like this: zpool create -o cachefile=none -m `pwd`/zfs system `pwd`/zfs.file cannot create 'system': 'mountpoint' cannot be set while dataset 'zoned' property is set So, changing it slightly to work around the "zoned" issue: zpool create -o cachefile=none -O jailed=on \ -m `pwd`/zfs system `pwd`/zfs.file cannot create 'system': permission denied Using ktrace/kdump on the command under the jail, it fails with: 4832 zpool SCTL "sysctl.name2oid" 4832 zpool RET __sysctl 0 4832 zpool CALL __sysctl(0x7fffffffb700,0x3,0x7fffffffb7a4,0x7fffffffb7a8,0,0) 4832 zpool SCTL "security.jail.jailed" 4832 zpool RET __sysctl 0 4832 zpool CALL __sysctl(0x7fffffffb8e0,0x2,0x7fffffffb920,0x7fffffffb918,0x801473dfd,0x15) 4832 zpool SCTL "sysctl.name2oid" 4832 zpool RET __sysctl 0 4832 zpool CALL __sysctl(0x7fffffffb920,0x4,0x7fffffffb9cc,0x7fffffffb9d0,0,0) 4832 zpool SCTL "vfs.zfs.version.ioctl" 4832 zpool RET __sysctl 0 4832 zpool CALL ioctl(0x3,0xc0185a00,0x7fffffffb950) 4832 zpool RET ioctl -1 errno 1 Operation not permitted I would think that creating a file-backed zpool under a jail ought to be allowed. Any suggestions/solutions welcomed! Thanks for reading. -Kurt