Re: RFC: nfsd in a vnet jail

Reply: Milan Obuch : "Re: RFC: nfsd in a vnet jail"
Reply: Warner Losh : "Re: RFC: nfsd in a vnet jail"
Reply: Rick Macklem : "Re: RFC: nfsd in a vnet jail"
In reply to: Alan Somers : "Re: RFC: nfsd in a vnet jail"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alexander Leidinger <Alexander_at_leidinger.net>
Date: Thu, 01 Dec 2022 09:29:25 UTC

Quoting Alan Somers <asomers@freebsd.org> (from Tue, 29 Nov 2022  
17:28:10 -0700):

> On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem <rick.macklem@gmail.com> wrote:

>> So, what do others think of enforcing the requirement that each jail
>> have its own file systems for this?
>
> I think that's a totally reasonable requirement.  Especially so for
> ZFS users, who already create a filesystem per jail for other reasons.

While I agree that it is a reasonable requirement, just a note that we  
can not assume that every existing jail resides on its own file  
system. The base system jail infrastructure doesn't check this, and  
the ezjail port doesn't either. The iocage port does it.

Is there a way to detect this inside a jail and error out in nfsd/mountd?

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF