Mount linprocfs in jail

[noobster]

What is the easiest/best way to mount linprocfs in a jail? I tried searching the web, but there were surprisingly few results. Thanks.

 

[SirDice]

You could try putting the entry in /etc/fstab.jailname and set jail_jailname_fstab="YES" in /etc/rc.conf.

Not sure if this will work for linprocfs though.

 

[noobster]

Thanks for the prompt response. I tried, but it doesn't show up when I run mount.

 

[noobster]

I also tried mounting it manually from the host system, but again it doesn't show up in mount.

 

[SirDice]

It will get mounted when you /etc/rc.d/jail start.

And it won't show up in mount on the jail too
Only the 'root' file system will show up. Doesn't mean it's not there though.

 

[SirDice]

Oh wait.. It's jail_jailname_mount_enable="YES"

 

[noobster]

Thanks again. So I did the following. I created /etc/fstab.jailname and inserted 'linproc /compat/linux/proc linprocfs rw 0 0'. I made sure that directory exists in the jail. In /etc/rc.conf I added jail_jailname_mount_enable="YES" and then I restarted the jail. Now, how can I check if it really works if it doesn't show up in mount?

 

[SirDice]

Now, how can I check if it really works if it doesn't show up in mount?

If the jail is running it should show up in the host's mount. Just not the jail's.

You can also set the sysctl security.jail.enforce_statfs see jail(8) about this.

 

[noobster]

It works now! I did have to change 'linproc /compat/linux/proc linprocfs rw 0 0' to 'linproc /path-to-jail/usr/compat/linux/proc linprocfs rw 0 0', because it's relative to the host and not the jail. Thanks for your help.

 

[SirDice]

The added bonus of using /etc/fstab.jailname is that those filesystems will get mounted/unmounted when the jail itself starts/stops.

I use it to mount (using nullfs) a couple of directories from my /storage into a jail running apache.

 

[noobster]

Yes, I figured that .

 

[bryn1u]

Hey,
I have similar problem but with FreeBSD 10 - STABLE. There is other situation becuse everything is added to jail.conf. I was reading man about jail, there are two entries:

mount A filesystem to mount before creating the jail (and to unmount
after removing it), given as a single fstab(5) line.

mount.fstab
An fstab(5) format file containing filesystems to mount before
creating a jail.

Whereis any example how to mount linproc /compat/linux/proc linprocfs rw 0 0 in jail.conf ?

 

[SirDice]

This works:

build {
        host.hostname = "j-build.dicelan.home";
        ip4.addr = a.a.a.a;
        ip6.addr = b:b:b:b::b;
        interface = em0;

        path = /jails/j-build-amd64/;
        mount.fstab = /etc/fstab.$name;
        mount.devfs = 1;
        enforce_statfs = 1;
}

You then create /etc/fstab.build (the jail's name is build):

dice@molly:~ % cat /etc/fstab.build
/usr/src                /jails/j-build-amd64/usr/src                    nullfs  ro      0       0
/usr/ports              /jails/j-build-amd64/usr/ports                  nullfs  rw      0       0
/usr/ports/distfiles    /jails/j-build-amd64/usr/ports/distfiles        nullfs  rw      0       0
/usr/ports/packages     /jails/j-build-amd64/usr/ports/packages         nullfs  rw      0       0

I've used nullfs(5) a lot but you can mount any kind of filesystem this way.

 

[bryn1u]

Hey,

Thank you for your replay. I have a one questione more. I want to run all programs in jail which they need a linprocfs(5). So if I mount linprocfs(5) from host to jail should be works fine?

 

[SirDice]

So if I mount linprocfs(5) from host to jail should be works fine ?

Yes, but you do have to mount it on /compat/linux/proc of the jail, so the directory will probably be something like /jails/myjail/compat/linux/proc. It won't work if it's only mounted on the host, it has to be accessible from the jail. Remember, the whole idea behind a jail is to "shield" applications from the host. A jail can only access filesystems that have been mounted inside the jail's filesystem.

 

[bryn1u]

I have an error, and I don't know why.
My /etc/jail.conf

Oksymoron {
        path = /jails/Oksymoron;
        mount.devfs;
        #allow.mount;
        #mount;
        host.hostname = Oksymoron.edu.pl;
        ip4.addr = 91.121.239.228;
        interface = em0;
        securelevel = 3;
        exec.start = "/bin/sh /etc/rc";
        exec.stop = "/bin/sh /etc/rc.shutdown";
}
Linux {
        path = /jails/Linux;
        mount.devfs;
        enforce_statfs = 1;
        mount.fstab = /etc/fstab.Linux
        #allow.mount;
        #mount;
        host.hostname = BSD.edu.pl;
        ip4.addr = 188.165.139.63;
        interface = em0;
        securelevel = 3;
        exec.start = "/bin/sh /etc/rc";
        exec.stop = "/bin/sh /etc/rc.shutdown";
}

My /etc/fstab.Linux

linproc /jails/Linux/compat/linux/proc linprocfs rw 0 0

When I start I get this error:

Starting jails:jail: /etc/jail.conf line 21: host.hostname: syntax error.

When I comment out (mount.fstab = /etc/fstab.Linux) everything works fine!
Where is the problem?

 

[SirDice]

Put quotes around the hostnames.

host.hostname = "Oksymoron.edu.pl";