jails, ZFS, deprecated jail variables and poudriere problems

Alexander Leidinger Alexander at leidinger.net
Wed Aug 28 11:49:34 UTC 2019 

Quoting "O. Hartmann" <ohartmann at walstatt.org> (from Tue, 27 Aug 2019  
10:11:54 +0200):


> We have a single ZFS pool (raidz), call it pool00 and this pool00 conatins a
> ZFS dataset pool00/poudriere which we want to exclusively attach to a jail.
> pool00/poudriere contains a complete clone of a former, now decomissioned
> machine and is usable by the host bearing the jails. The jail, named  
> poudriere,
> has these config parameters set in /etc/jail.conf as recommended:
>
>         enforce_statfs=         "0";
>
>         allow.raw_sockets=      "1";
>
>         allow.mount=            "1";
>         allow.mount.zfs=        "1";
>         allow.mount.devfs=      "1";
>         allow.mount.fdescfs=    "1";
>         allow.mount.procfs=     "1";
>         allow.mount.nullfs=     "1";
>         allow.mount.fusefs=     "1";
>
> Here I find the first confusing observation. I can't interact with  
> the dataset
> and its content within the jail. I've set the "jailed" property of
> pool00/poudriere via "zfs set jailed=on pool00/poudriere" and I also have to
> attach the jailed dataset manually via "zfs jail poudriere  
> pool00/poudriere" to
> the (running) jail. But within the jail, listing ZFS's mountpoints reveal:
>
> NAME                USED  AVAIL  REFER  MOUNTPOINT
> pool00             124G  8.62T  34.9K  /pool00
> pool00/poudriere   34.9K  8.62T  34.9K  /pool/poudriere
>
> but nothing below /pool/poudriere is visible to the jail. Being confused I

Have you checked if it works if you add each dataset below the tree  
you want to manage (= "sub-dataset")?
Do the sub-datasets list the jailed property as inherited from the  
parent (check on the host)?

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild at FreeBSD.org  : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20190828/0377692d/attachment.sig>

More information about the freebsd-current mailing list