Exposing a hierarchy of ZFS datasets inside multiple jails

[Lars Kellogg-Stedman]

Christian,

Thank you for your answer.  I've read through your email a few times,
and I think that there is a problem with your suggestion.  Please let
me know if I've misunderstood something.

If I create a ZFS dataset:

  zfs create tank/nullfs

And then mount this somewhere else via nullfs:

  mount_nullfs /tank/nullfs /mnt/nfs_home

And then create a new ZFS dataset below tank/nullfs:

  zfs create tank/nullfs/user1

And then create some files in that dataset:

  $ touch /tank/nullfs/user1/file1
  $ touch /tank/nullfs/user1/file2
  $ find /tank/nullfs/user1
  /tank/nullfs/user1
  /tank/nullfs/user1/file1
  /tank/nullfs/user1/file2

The only thing I will find in /mnt/nfs_home is an empty directory named "user1":

  $ find /mnt/nfs_home
  /mnt/nfs_home/
  /mnt/nfs_home/user1

The nullfs mount of /tank/nullfs to /mnt/nfs_home only exposes files
and directories contained in the "nullfs" dataset, but not in any
subordinate datasets.  This is exactly my original problem (otherwise
I would simply have nullfs mounted /home inside my jails).

> teufelchen# zfs create tank/nullfs/dataset1
> teufelchen# touch /mnt/tank/nfs_home/dataset1/newfile
> teufelchen# jexec 14 ls /mnt/nfs_home/dataset1/
> newfile
>
> Is this what you are trying todo?

I think that there may be a problem with your example here.  When you run:

  teufelchen# touch /mnt/tank/nfs_home/dataset1/newfile

...I don't think you're creating the file where you think you are.
Take a look at /mnt/tank/nullfs/dataset1; I suspect you won't find it
there. What you've accomplished is to use the "nfs_home" dataset
exclusively, ignoring any subordinate datasets.  That is, you're
treating it like you do this:

  zfs create tank/nullfs
  mkdir /mnt/tank/nullfs/dataset1

Rather than:

  zfs create tank/nullfs
  zfs create tank/nullfs/dataset1

The difference is crucial to this problem.

Cheers,

-- Lars