Date: Mon, 18 Aug 2014 14:26:09 +0200 From: Ruben van Staveren <ruben@verweg.com> To: "freebsd-stable@FreeBSD.org Stable" <freebsd-stable@freebsd.org> Subject: mounting fdescfs in a nested/hierarchical jail? Message-ID: <3CB0C5BC-3864-418E-A59F-467D39B7E1EA@verweg.com>
next in thread | raw e-mail | index | archive | help
--Apple-Mail=_184AC6CB-04E9-45AC-B07D-6355A5BB985A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi list, I have a FreeBSD 10 zfs based ezjail setup. In one of the jails I am = using ezjail again to set up a nested jail. My goal is to eventually = have my jails use these nested jails as containers for certain services. However, I am not able to mount a nested fdescfs. When I leave out = fdesc, the nested jail starts up just fine. There is no allow.mount.fdescfs. Do we need one? Cheers, Ruben ruben@test:~ % sudo ezjail-admin onestart nested1 Starting jails: cannot start jail "nested1":=20 mount: .: Operation not permitted jail: nested1: /sbin/mount -t fdescfs . /opt/jails/nested1/dev/fd: = failed . /etc/rc.d/jail: WARNING: Per-jail configuration via jail_* variables is = obsolete. Please consider to migrate to /etc/jail.conf. Error: Could not onestart nested1. You need to onestart it by hand. ruben@test:~ % sysctl -a | egrep jail\|mount | grep -v param vfs.usermount: 0 vfs.ffs.compute_summary_at_mount: 0 debug.softdep.softdep_mounts: 0 security.jail.jailed: 1 security.jail.vnet: 0 security.jail.jail_max_af_ips: 255 security.jail.set_hostname_allowed: 0 security.jail.socket_unixiproute_only: 1 security.jail.sysvipc_allowed: 0 security.jail.allow_raw_sockets: 0 security.jail.chflags_allowed: 0 security.jail.mount_allowed: 1 security.jail.mount_devfs_allowed: 1 security.jail.mount_nullfs_allowed: 1 security.jail.mount_procfs_allowed: 1 security.jail.mount_tmpfs_allowed: 0 security.jail.mount_zfs_allowed: 1 security.jail.enforce_statfs: 1 security.jail.devfs_ruleset: 4 ruben@test:~ % sudo /sbin/mount -vt devfs . /opt/jails/nested1/dev/ devfs on /opt/jails/nested1/dev (devfs) ruben@test:~ % sudo /sbin/mount -vt fdescfs . /opt/jails/nested1/dev/fd/ mount: .: Operation not permitted devfs on /opt/jails/nested1/dev (devfs) --Apple-Mail=_184AC6CB-04E9-45AC-B07D-6355A5BB985A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlPx8OIACgkQZ88+mcQxRw09RQCfRd3TNE0VFT2Mq1j9oyyLIDid eE8AnjKH8h6wzBFn3w5YkdpdBy0M2dWN =qg0A -----END PGP SIGNATURE----- --Apple-Mail=_184AC6CB-04E9-45AC-B07D-6355A5BB985A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CB0C5BC-3864-418E-A59F-467D39B7E1EA>