Hi, I have no tried (but it's in progress) this article: http://zero-knowledge.org/post/126/ Hope it will help (for me too). Thanks! On Tue, Aug 27, 2019 at 11:25 AM O. Hartmann <ohartmann_at_walstatt.org> wrote: > Hello list, > > trying to setup a poudriere jail on recent CURRENT and have some severe > trouble. > > We have a single ZFS pool (raidz), call it pool00 and this pool00 conatins > a > ZFS dataset pool00/poudriere which we want to exclusively attach to a jail. > pool00/poudriere contains a complete clone of a former, now decomissioned > machine and is usable by the host bearing the jails. The jail, named > poudriere, > has these config parameters set in /etc/jail.conf as recommended: > > enforce_statfs= "0"; > > allow.raw_sockets= "1"; > > allow.mount= "1"; > allow.mount.zfs= "1"; > allow.mount.devfs= "1"; > allow.mount.fdescfs= "1"; > allow.mount.procfs= "1"; > allow.mount.nullfs= "1"; > allow.mount.fusefs= "1"; > > Here I find the first confusing observation. I can't interact with the > dataset > and its content within the jail. I've set the "jailed" property of > pool00/poudriere via "zfs set jailed=on pool00/poudriere" and I also have > to > attach the jailed dataset manually via "zfs jail poudriere > pool00/poudriere" to > the (running) jail. But within the jail, listing ZFS's mountpoints reveal: > > NAME USED AVAIL REFER MOUNTPOINT > pool00 124G 8.62T 34.9K /pool00 > pool00/poudriere 34.9K 8.62T 34.9K /pool/poudriere > > but nothing below /pool/poudriere is visible to the jail. Being confused I > tried to check the appropriate security variables and found a set of sysctl > OIDs, which seem to have no documentation entry, like > > security.jail.param.allow.mount.zfs: 0 > and a counterpart > security.jail.mount_zfs_allowed: 1 > > Checking the description of security.jail.mount_zfs_allowed tells me that > this > OID is deprecated: > > security.jail.mount_zfs_allowed: Jail may mount the zfs file system > (deprecated) > > So, we tried to set > > param.allow.mount.zfs=1 > > via /etc/jail.conf for the propper jail, but this results in an error. I > can't > find anything in jail(8) about these new ".param." OIDs, so maybe my > trouble is > rooting in here. > > Is there a howto for the novices on howto setup a jail with ZFS > capabilities > needed for poudriere with ZFS? > > Thank you in advance, > > oh > > > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" >Received on Tue Aug 27 2019 - 14:52:32 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:21 UTC