ZFS Automatically mounting ZFS dataset in jail?

I have a few jails running on a 11.0-RELEASE box. I have made several ZFS datasets available to them, and can mount/access them fine from within the jails.

However, when the jails start up, none of the datasets are mounted by default. I have to manually mount them with:

zfs mount -a

I have zfs_enable="YES" at the top of each jail's/etc/rc.conf. I looked in /etc/rc.d/zfs, which shows:

Code:
...
start_cmd="zfs_start"
...
zfs_start()
{
        if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then
                zfs_start_jail
        ...
}
...
zfs_start_jail()
{
        if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then
                zfs mount -a
        fi
}

which should (?) automatically mount the datasets at startup. Any ideas why it isn't?

Inside my jails, I get

#sysctl -n security.jail.jailed
1
#sysctl -n security.jail.mount_allowed
1

which tells me at some point in the jail's "boot" process, zfs mount -a should be run, but it doesn't seem like that's happening. When I run it manually post boot it works fine, which leads me to believe it's an issue with my startup procedure.

Relevant info:

zfs get jailed,canmount DatasetName
NAME PROPERTY VALUE SOURCE
DatasetName jailed on local
DatasetName canmount on local


/etc/sysctl.conf:

security.jail.enforce_statfs=1
security.jail.mount_allowed=1
security.jail.mount_zfs_allowed=1


/etc/jail.conf:

...
exec.start = "/bin/sh /etc/rc"
mount.devfs
allow.mount=true
allow.mount.zfs=true
enforce_statfs=1
exec.poststart="/sbin/zfs jail JailName DatasetName..."
...
 
This has no effect since Zfs as an underlying filesystem is business of the jail-host only.
Actually, if you look at the /etc/rc.d/zfs script it's really meant to be started inside a jail. It will skip the loading of the kernel modules as those do indeed need to be loaded on the host but it also runs zfs mount -a, mounting all your ZFS filesystems.

There is, however, something missing as the /etc/rc.d/zfs script simply never gets executed. I've always wondered about that. A slight oversight?

Code:
exec.poststart="/sbin/zfs jail JailName DatasetName..."
This only has to be done once, you don't need to execute this every time the jail starts.
 
Hello.
I know, very old thread, but I had same issue.

SirDice wrote:
exec.poststart="/sbin/zfs jail JailName DatasetName..."
This only has to be done once, you don't need to execute this every time the jail starts.

I want to jail/unjail dataset every time I start/stop jail.

To mount zfs dataset under jail I use command exec.created in jail.conf

In man jail exec.* order is:
exec.prepare
Command(s) to run in the system environment to prepare a jail for
creation. These commands are executed before assigning IP ad-
dresses and mounting filesystems, so they may be used to create a
new jail filesystem if it does not already exist.

exec.prestart
Command(s) to run in the system environment before a jail is cre-
ated.

exec.created
Command(s) to run in the system environment right after a jail
has been created, but before commands (or services) get executed
in the jail.

exec.start
Command(s) to run in the jail environment when a jail is created.
A typical command to run is "sh /etc/rc".

command
A synonym for exec.start for use when specifying a jail directly
on the command line. Unlike other parameters whose value is a
single string, command uses the remainder of the jail command
line as its own arguments.

exec.poststart
Command(s) to run in the system environment after a jail is cre-
ated, and after any exec.start commands have completed.

zfs_enable="YES" in jail rc.conf take place after exec.created and "zfs jail jailname dataset" in exec.poststart is too late.

For me in Freebsd 12.3 it is working good:

.....
exec.created = "";
exec.release = "";

fbsd12-php74 {
host.hostname="${name}.${hostname}";
ip4.addr = 192.168.135.116;

allow.mount;
allow.mount.zfs;
enforce_statfs=0;

exec.created+="/sbin/zfs jail ${name} ${pool}/${name}";
exec.release+="/sbin/zfs unjail ${name} ${pool}/${name}";
}
 
Back
Top