jails Mounting an image file inside a jail

I am trying to mount a Raspberry Pi FreeBSD image file in my "dev" jail for I can modify it.

I had to make a few tweaks to my jail configuration to allow access to /dev/md* devices. I am able to intialize the image with mdconfig. The image gets assigned to /dev/md0, but when I try to run mount /dev/md0s2 /mnt/pi it says "Operation not permitted".

I already checked that I have jail configuration options for allowing mounting. Below is my config file, I am not sure which part I am missing.

Code:
dev01 {

    devfs_ruleset = 6;
    mount.devfs = true;
    //mount.fdescfs = true;
    //mount.procfs=  true;

    enforce_statfs= 2;
    allow.mount = true;
    allow.mount.devfs = true;

    host.hostname = "dev01";

    vnet;
    vnet.interface = "epair2b";
    allow.raw_sockets;

    path ="/usr/local/jails/dev01/root";

    exec.clean;
    exec.consolelog = "/var/log/jail.$name.console.log";

    exec.prestart = "ifconfig epair2 create up";
    exec.prestart += "ifconfig bridge0 addm epair2a";

    exec.start = "/bin/sh /etc/rc";
    exec.start += "ifconfig epair2b inet 172.16.0.13/24";
    exec.start += "route add default 172.16.0.1";

    exec.stop = "/bin/sh /etc/rc.shutdown";

    exec.prestop += "ifconfig epair2b -vnet $name";

    exec.poststop = "ifconfig bridge0 deletem epair2a";
    exec.poststop += "sleep 2";
    exec.poststop += "ifconfig epair2a destroy";

}
 
I had to make a few tweaks to my jail configuration to allow access to /dev/md* devices. I am able to intialize the image with mdconfig. The image gets assigned to /dev/md0, but when I try to run mount /dev/md0s2 /mnt/pi it says "Operation not permitted".
Which image did you use? Because I'm not so sure about the s2 slice you're trying to mount here. It's probably md0s2a, but check with gpart show md0.
 
This is what I am seeing from gpart.

Code:
root@dev01:/ # gpart show md0
=>     63  6291393  md0  MBR  (3.0G)
       63     2016       - free -  (1.0M)
     2079   102312    1  fat32lba  [active]  (50M)
   104391  6187041    2  freebsd  (3.0G)
  6291432       24       - free -  (12K)

The image I used is FreeBSD-13.1-RELEASE-arm64-aarch64-RPI.img right from the main website.

I did try tossing an "a" on the end of the slice number. It did not make any difference.
 
Didn't try this in a jail, on a host it seems to work:
Code:
dice@molly:~/test % sudo mdconfig -a -f FreeBSD-13.1-RELEASE-arm64-aarch64-RPI.img
md0
dice@molly:~/test % gpart show md0
=>     63  6291393  md0  MBR  (3.0G)
       63     2016       - free -  (1.0M)
     2079   102312    1  fat32lba  [active]  (50M)
   104391  6187041    2  freebsd  (3.0G)
  6291432       24       - free -  (12K)

dice@molly:~/test % sudo mount /dev/md
md0%    md0s1%  md0s2%  md0s2a% mdctl%
dice@molly:~/test % sudo mount /dev/md0s2
md0s2%  md0s2a%
dice@molly:~/test % sudo mount /dev/md0s2a /mnt/
dice@molly:~/test % ll /mnt/
total 88
-rw-r--r--   2 root  wheel     1023 May 12 10:45 .cshrc
-rw-r--r--   2 root  wheel      507 May 12 10:45 .profile
drwxrwxr-x   2 root  operator   512 May 12 10:33 .snap
-r--r--r--   1 root  wheel     6109 May 12 10:45 COPYRIGHT
drwxr-xr-x   2 root  wheel     1024 May 12 10:36 bin
drwxr-xr-x  15 root  wheel     1024 May 12 10:46 boot
dr-xr-xr-x   2 root  wheel      512 May 12 10:33 dev
drwxr-xr-x  28 root  wheel     2048 May 12 10:46 etc
-rw-r--r--   1 root  wheel        0 May 12 10:46 firstboot
drwxr-xr-x   3 root  wheel      512 May 12 10:46 home
drwxr-xr-x   5 root  wheel     1536 May 12 10:37 lib
drwxr-xr-x   3 root  wheel      512 May 12 10:36 libexec
drwxr-xr-x   2 root  wheel      512 May 12 10:33 media
drwxr-xr-x   2 root  wheel      512 May 12 10:33 mnt
drwxr-xr-x   2 root  wheel      512 May 12 10:33 net
dr-xr-xr-x   2 root  wheel      512 May 12 10:33 proc
drwxr-xr-x   2 root  wheel     2560 May 12 10:36 rescue
drwxr-xr-x   2 root  wheel      512 May 12 10:45 root
drwxr-xr-x   2 root  wheel     3072 May 12 10:41 sbin
drwxrwxrwt   2 root  wheel      512 May 12 10:33 tmp
drwxr-xr-x  13 root  wheel      512 May 12 10:33 usr
drwxr-xr-x  24 root  wheel      512 May 12 10:33 var
 
I had found this while sifting through the Googles.

Seems maybe using mdconfig in a jail is a hardstop. What I find strange is the mdconfig component works though, its the mounting of the image (assuming UFS2) that doesn't work.

Is UFS a jail friendly FS? From the listing it doesn't appear to be.

Code:
root@dev01:/ # lsvfs
Filesystem                              Num  Refs  Flags
-------------------------------- ---------- -----  ---------------
cd9660                           0x000000bd     0  read-only
nfs                              0x0000003a     0  network
procfs                           0x00000002     4  synthetic, jail
tmpfs                            0x00000087     0  jail
ufs                              0x00000035     0
msdosfs                          0x00000032     1
zfs                              0x000000de    21  jail, delegated-administration
devfs                            0x00000071     6  synthetic, jail
fdescfs                          0x00000059     5  synthetic, jail
linprocfs                        0x000000b5     0  synthetic, jail
linsysfs                         0x0000008a     0  synthetic, jail
 
Back
Top