I have these sysctls set:
In my jail configuration, I have:
devfs.rules
I can see the da0 device in the jail; however, when I try to mount it as root, I get:
Now, oddly enough, the sysctl params are showing as 0, which doesn't seem right to me:
sysctl -a | grep mount
I should also mention that both the host / base system and jail are using secure_level = 2. I can mount the volume just fine on the host though.
What else is required for this to work in the jail?
I want to be able to do this in the jail so that I can leave the base system as just platform to run jails. Eventually, I'd like to try to see if I can get mtpfs working too.
Code:
security.jail.mount_allowed=1
security.jail.mount_zfs_allowed=1
security.jail.mount_devfs_allowed=1
security.jail.mount_procfs_allowed=1
security.jail.mount_nullfs_allowed=1
security.jail.mount_tmpfs_allowed=1
security.jail.mount_fusefs_allowed=1
In my jail configuration, I have:
Code:
devfs_ruleset="210";
allow.mount=1;
allow.mount.procfs=1;
allow.mount.zfs=1;
enforce_statfs=1;
allow.mount.fusefs=1;
devfs.rules
Code:
[jail_devfs=210]
add path da* unhide
I can see the da0 device in the jail; however, when I try to mount it as root, I get:
Code:
mount /dev/da0s2a /mnt/usb
mount: /dev/da0s2a: Operation not permitted
Now, oddly enough, the sysctl params are showing as 0, which doesn't seem right to me:
sysctl -a | grep mount
Code:
vfs.zfs.allow_redacted_dataset_mount: 0
vfs.ffs.compute_summary_at_mount: 0
vfs.root_mount_hold:
vfs.root_mount_always_wait: 0
vfs.usermount: 0
security.jail.mount_zfs_allowed: 1
security.jail.mount_devfs_allowed: 0
security.jail.mount_procfs_allowed: 1
security.jail.mount_nullfs_allowed: 0
security.jail.mount_tmpfs_allowed: 0
security.jail.mount_fusefs_allowed: 1
security.jail.param.zfs.mount_snapshot: 0
security.jail.param.allow.mount.zfs: 0
security.jail.param.allow.mount.devfs: 0
security.jail.param.allow.mount.procfs: 0
security.jail.param.allow.mount.nullfs: 0
security.jail.param.allow.mount.tmpfs: 0
security.jail.param.allow.mount.fusefs: 0
security.jail.param.allow.mount.: 0
security.jail.mount_allowed: 1
I should also mention that both the host / base system and jail are using secure_level = 2. I can mount the volume just fine on the host though.
What else is required for this to work in the jail?
I want to be able to do this in the jail so that I can leave the base system as just platform to run jails. Eventually, I'd like to try to see if I can get mtpfs working too.