Re: jail on ZFS - "Unable to mount devfs"

From: Wesley Shields <wxs_at_FreeBSD.org> Date: Tue, 8 Jan 2008 10:38:16 -0500 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:25 UTC

On Tue, Jan 08, 2008 at 07:08:04AM -0800, snowcrash+freebsd wrote:
> hi patrick,
> 
> > If I remember correctly there was no password file for in the jail. I
> > think you have to rerun a certain command. Of course I do not remember the
> > command :( The command should create the master password database.
> 
> using the ServiceJail model, after populating the jail skeleton and
> running mergemaster, the two commands i run are,
> 
>  /usr/bin/cap_mkdb /j/jSKEL/etc/login.conf
>  /usr/sbin/pwd_mkdb -d /j/jSKEL/etc -p /j/j/etc/master.passwd
> 
> which should take care of that.
> 
> > Also you have to run within in the jail newaliases to create the aliases
> > file, do a touch /etc/fstab to stop complaints about unable to read
> > mountpoints.
> 
> hm.  i did not do that this time around.  i'd built my jail-world with
> *both* NO_MAILWRAPPER=true & NO_SENDMAIL=true, so i mayhave caused
> myself a problem.
> 
> rather than cp'ing bins, tobe safe, i'll just rebuild world ... and
> see in a bit if that helps.
> 
> thanks.
> 
> > Furthermore I am not sure that you can run a jail on a zfs file system.
> > The setup I have is that I run my jails on ufs and have a zfs filesystem
> > available within the jail.
> 
> ??
> 
> if that's true, then that renders the rest moot -- and i have a problem.
> 
> atm, i have
> 
> cat /etc/fstab
>   /dev/mirror/gm0s1a /bootdir    ufs     rw        1 1
>   /dev/mirror/gm0s1b none        swap    sw        0 0
>   /dev/acd0          /cdrom      cd9660  ro,noauto 0 0
>   /j/jMROOT          /j/jTEST    nullfs  ro        0 0
>   /j/s/jTEST         /j/jTEST/s  nullfs  rw        0 0
> 
> zfs list
>   NAME      USED  AVAIL  REFER  MOUNTPOINT
>   z        5.23G   213G   250M  /z
>   z/data     20K   213G    20K  /data
>   z/home   28.5K   213G  28.5K  /home
>   z/j        23K   213G    23K  /j
>   z/tmp     406K   213G   406K  /tmp
>   z/usr    4.88G   213G  4.88G  /usr
>   z/var     105M   213G   105M  /var
> 
> where z/j is a zfs mount.
> 
> i *can* access the jail, and do just about 'all' i need to in the jail
> (builds, exec, etc).
> 
> but do *not* yet know if, by running the jail on zfs space whehter
> i've compromised anything.
> 
> do you have a reference for your comment?  or, perhaps, someone else
> can comment, as well?

I have a jail running in a ZFS environment.

wxs_at_ack ~ % jls                
   JID  IP Address      Hostname                      Path
     3  192.168.1.100   asterisk                      /u/jails/asterisk
wxs_at_ack ~ % mount | grep "data"
data on /u (zfs, NFS exported, local, noatime)
wxs_at_ack ~ % mount | grep devfs
devfs on /dev (devfs, local)
devfs on /u/jails/asterisk/dev (devfs, local)
wxs_at_ack ~ % 

-- WXS