Re:_I_can_get_zfs_snapshot/rollback_in_a_jail_to_work_ 99%_but_it_isn't_quite_100% _working._What_am_I_missing?

Reply: Chris Watson : "Re: I can get zfs snapshot/rollback in a jail to work 99% but it isn't quite 100% working. What am I missing?"
In reply to: Chris Watson : "I can get zfs snapshot/rollback in a jail to work 99% but it isn't quite 100% working. What am I missing?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: DtxdF <DtxdF_at_disroot.org>
Date: Mon, 06 Nov 2023 20:35:06 UTC

Hi Chris,

Maybe your dataset is not mounted inside the jail. I thought that simply enabling `/etc/rc.d/zfs` was fine, but no, it just doesn't work. I don't know if this behavior is a bug or something else, but at the moment I don't have time to investigate.

I have a similar setup for a jail with a delegated dataset. I use AppJail, but the steps are similar to other tools:

```
# zfs create -o jailed=on -o mountpoint=/jailed zroot/jailed
# appjail quick jtest \
	mount_devfs \
	device='include $devfsrules_hide_all' \
	device='include $devfsrules_unhide_basic' \
	device='include $devfsrules_unhide_login' \
	device='path zfs unhide' \
	template=template.conf \
	overwrite=force \
	start
```

In AppJail, a template configuration file is similar to `jail.conf(5)`:

```
# cat template.conf
exec.start: "/bin/sh /etc/rc"
exec.stop: "/bin/sh /etc/rc.shutdown jail"
allow.mount
allow.mount.zfs
enforce_statfs: 1
exec.poststart: "zfs jail ${name} zroot/jailed"
exec.poststart+: "appjail cmd jexec ${name} zfs mount zroot/jailed"
exec.prestop: "appjail cmd jexec ${name} zfs umount zroot/jailed"
exec.prestop+: "zfs unjail ${name} zroot/jailed"
```

As you can see, the dataset is mounted after running `zfs-jail(8)`. The steps are similar when the jail is stopped, but the dataset is unmounted and `zfs-unjail(8)` is executed.

Inside the jail I can see the mounted datasets:

```
# appjail cmd jexec jtest zfs list -r
NAME           USED  AVAIL     REFER  MOUNTPOINT
zroot         34.1G   249G       96K  /zroot
zroot/jailed    96K   249G       96K  /jailed
# appjail cmd jexec jtest mount -t zfs
zroot/appjail/jails/jtest/jail on / (zfs, local, noatime, nfsv4acls)
zroot/jailed on /jailed (zfs, local, noatime, nfsv4acls)
# appjail cmd jexec jtest ls /jailed
index.txt
# appjail cmd jexec jtest cat /jailed/index.txt
Hi!
```

And I can use `zfs-rollback(8)` just fine:

```
# appjail cmd jexec jtest zfs snapshot zroot/jailed@guard
# appjail cmd jexec jtest zfs list -t snapshot zroot/jailed
NAME                 USED  AVAIL     REFER  MOUNTPOINT
zroot/jailed@guard     0B      -       96K  -
# appjail cmd jexec jtest dd if=/dev/random of=/jailed/index.txt bs=16 count=1
1+0 records in
1+0 records out
16 bytes transferred in 0.000102 secs (157318 bytes/sec)
# appjail cmd jexec jtest hd /jailed/index.txt
00000000  a1 26 2a 9c f5 96 7b 81  90 8d ba 36 d6 f9 4d 93  |.&*...{....6..M.|
00000010
# appjail cmd jexec jtest zfs list -t snapshot zroot/jailed
NAME                 USED  AVAIL     REFER  MOUNTPOINT
zroot/jailed@guard    56K      -       96K  -
# appjail cmd jexec jtest zfs rollback zroot/jailed@guard
# appjail cmd jexec jtest hd /jailed/index.txt
00000000  48 69 21 0a                                       |Hi!.|
00000004
```

I hope this can help you.

~ DtxdF

El 6 de noviembre de 2023 6:07:06 p. m. UTC, Chris Watson <bsdunix44@gmail.com> escribió:
>I've been trying to get a zfs dataset delegated into a jail (to run PG on),
>and allow snapshots and rollback to take place inside the jail. I can get
>the dataset mounted into the jail, I can get zfs to take the snapshot, list
>the snapshot, but when I rollback or try to ls -la the directory to see the
>'.zfs' dir it isn't there and the zfs rollback completes but it doesn't
>actually rollback. I'm so close to getting this to work! I'm just missing
>*something* in the sauce. When I do the zfs rollback zfs looks like it
>completes the rollback and goes back to a shell prompt but the files I
>remove before the rollback are not in the /var/db/postgres/data16 directory
>nor is ".zfs" shown in ls -la. So something is wonky on my end. I'm so
>close, it's halfway there, it looks like it takes a snapshot, the snapshot
>shows up in a zfs list -t snapshot, but it's also not really there. I'm
>doing something just slightly wrong here. I just cant figure out what I
>have wrong.
>
>Below are the configs:
># The jail's config
>https://bsd.to/P176
># zfs list from inside the jail
>https://bsd.to/mPde
># zfs list -t snapshot from inside the jail
>https://bsd.to/R8dw
># ls -la /var/db/postgres/data16 output from inside the jail
>https://bsd.to/1di2
># rc.conf of the jail
>https://bsd.to/JcnH
>
>The jail is running 13.2-P4.
>Using bastillebsd 0.10.20231013 for creation/management.
>
>Thanks!
>Chris