[RESOLVED] Zfs snapshot and jail

Hello,

I can do snapshots on my FreeBSD host but not inside the jails themselves. Could someone tell me if it is actually possible to do snapshot directly from the jails or if I must do them via the host? Is there any configuration to do?

Thank you,
Fred
 
Re: Zfs snapshot and jail

fred974 said:
Could someone tell me if it is actually possible to do snapshot directly from the jails or if I must do them via the host?
You can do this from the jail if the dataset has the jailed property and is assigned a jail using the zfs jail command. Your jail will also need the allow.mount and allow.mount.zfs properties.

Most jails however don't have this as they don't require mounting additional ZFS datasets. In that case you will have to snapshot from the host.
 
Re: Zfs snapshot and jail

SirDice said:
fred974 said:
Could someone tell me if it is actually possible to do snapshot directly from the jails or if I must do them via the host?
You can do this from the jail if the dataset has the jailed property and is assigned a jail using the zfs jail command. Your jail will also need the allow.mount and allow.mount.zfs properties.

Most jails however don't have this as they don't require mounting additional ZFS datasets. In that case you will have to snapshot from the host.
Thank you.

So will I do better doing the snapshot from the host? Is there any security problem in doing allow.mount and allow.mount.zfs on the jail?
 
Re: Zfs snapshot and jail

fred974 said:
SirDice said:
fred974 said:
Could someone tell me if it is actually possible to do snapshot directly from the jails or if I must do them via the host?
You can do this from the jail if the dataset has the jailed property and is assigned a jail using the zfs jail command. Your jail will also need the allow.mount and allow.mount.zfs properties.

Most jails however don't have this as they don't require mounting additional ZFS datasets. In that case you will have to snapshot from the host.
Thank you.

So will I do better doing the snapshot from the host? Is there any security problem in doing allow.mount and allow.mount.zfs on the jail?

I would definitely not allow mount or ZFS dataset management in the jail if security was the first priority, too many possibilities to forget something and leave a gaping security hole.
 
Re: Zfs snapshot and jail

Thank you @kpa.

I really won't bother to carry on doing snapshot from the host :)
 
Last edited by a moderator:
Back
Top