Quoting "O. Hartmann" <ohartmann_at_walstatt.org> (from Tue, 27 Aug 2019 10:11:54 +0200): > We have a single ZFS pool (raidz), call it pool00 and this pool00 conatins a > ZFS dataset pool00/poudriere which we want to exclusively attach to a jail. > pool00/poudriere contains a complete clone of a former, now decomissioned > machine and is usable by the host bearing the jails. The jail, named > poudriere, > has these config parameters set in /etc/jail.conf as recommended: > > enforce_statfs= "0"; > > allow.raw_sockets= "1"; > > allow.mount= "1"; > allow.mount.zfs= "1"; The line above is what is needed, and what is replacing the sysctl you've found. > allow.mount.devfs= "1"; > allow.mount.fdescfs= "1"; > allow.mount.procfs= "1"; > allow.mount.nullfs= "1"; > allow.mount.fusefs= "1"; > > Here I find the first confusing observation. I can't interact with > the dataset > and its content within the jail. I've set the "jailed" property of > pool00/poudriere via "zfs set jailed=on pool00/poudriere" and I also have to > attach the jailed dataset manually via "zfs jail poudriere > pool00/poudriere" to > the (running) jail. But within the jail, listing ZFS's mountpoints reveal: > > NAME USED AVAIL REFER MOUNTPOINT > pool00 124G 8.62T 34.9K /pool00 > pool00/poudriere 34.9K 8.62T 34.9K /pool/poudriere > > but nothing below /pool/poudriere is visible to the jail. Being confused I Please be more verbose what you mean by "interact" and "is visible". Do zfs commands on the dataset work? Note, I don't remember if you can manage the root of the jail, but at least subsequent jails should be possible to manage. I don't have a jail where the root is managed in the jail, just additional ones. Those need to have set a mountpoint after the initial jailing and then maybe even be mounted for the first time. Please also check /etc/defaults/devfs.rules if the jail rule contains an unhide entry for zfs. Bye, Alexander. -- http://www.Leidinger.net Alexander_at_Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild_at_FreeBSD.org : PGP 0x8F31830F9F2772BF
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:21 UTC