delegating ZFS of jail's root directory
Miroslav Lachman
000.fbsd at quip.cz
Tue Jan 22 17:50:31 UTC 2019
Michael W. Lucas wrote on 2019/01/22 17:23:
> On Tue, Jan 22, 2019 at 11:39:57AM +0100, Willem Jan Withagen wrote:
>> On 21-1-2019 17:42, Michael W. Lucas wrote:
>> Hi Michael,
>>
>> I think I asked that question a some time ago, to be able to run a
>> ceph-setup script in a jail....
>>
>> The basic answer was that the jail needs to have access to /dev/zfs in the
>> jail to be effectively controlling zfs. But then I think you delegate the
>> whole set of zfs capabilities to the jail.
>>
>> Which in my case was not a problem. But if you want to use a jail as
>> separation of control, then this will be way too liberal.
>>
>> There is a set of configs for devfs in /etc. See `man -k devfs`
>> But I've not used this in the end.
>
> <facepalm> That fixes the first problem, thank you.
>
> I still can't delegate the jail's root directory to the jail,
> though. Once I set jailed=on to the jail's zroot, it's unmounted and
> jail(8) can't find the jail's /dev to mount it.
>
> There seems to be a chicken-and-egg problem here that I have no idea
> how to resolve. Any suggestions?
What about to mount it with exec.prestart before the jail is created?
(I didn't tried it)
Miroslav Lachman
More information about the freebsd-jail
mailing list