Giving hard drive access to jails

Tracker

Tracker

I recently configured a ubuntu jail as mentioned on the official guide.
The jail needed access to a few things on an external hard drive - and the hard drive also, for convenience, had to stay connected to the host.

The way I did this was to mount using `nullfs` using :
1) sudo mount -t ext2fs /dev/nvd0p1 /mnt/ (this would mount the drive to /mnt for the host)
followed by
2) sudo mount_nullfs /mnt /compat/ubuntu/mnt (this would give access to the jail from the host by mounting the already mounted to the /mnt of the jail)

Note - the order is important - you wouldn't have access for the jail if you did 2 before 1

Is this the correct way for such an arrangement? or is this too hacky?
 
nullfs(5) mounts are the typical way to give jails access to certain filesystems. You'll often also use them in read-only mode, of course depending on the use case.
 
zirias@ said:
nullfs(5) mounts are the typical way to give jails access to certain filesystems. You'll often also use them in read-only mode, of course depending on the use case.
Click to expand...
Is this a normal thing to do - that I did : chaining mount points basically so that the jail has access.

Feels like a bit of a hack rather than an elegant solution - but then again the purpose of jails is to isolate I guess ?‍♂️
 
Tracker said:
Is this a normal thing to do - that I did : chaining mount points basically so that the jail has access.
Click to expand...
Yes, it is. Of course, if you need this filesystem only inside the jail, you could mount it there directly (from the host of course).
 
zirias@ said:
Yes, it is. Of course, if you need this filesystem only inside the jail, you could mount it there directly (from the host of course).
Click to expand...
Thanks - feels good to have done something right without having to have read the manual)

Btw - I also have the `/home` folder exposed via `nullfs` to the jail - I'm curious if it's possible to mount the external drive via the `/home` folder somehow ? so that I don't have to chain the mounts and avoid the extra step
 
Could you mount the disk directly into the jail (i.e /jails/ubuntu/mnt) and then use a symlink for the host.
/jails/ubuntu/mnt -> /jailmnt

In particular, the jailed environment can't access outside but the host can access the jail no problem.

Or (and the more traditional approach before null mounts were a thing) is NFS. Just mount both on /export.
 
You must log in or register to reply here.
Back
Top