Solved Unexpected behavior mounting NFS share to jail data

J

jbo@

Developer
The following scenario is happening on two freshly installed FreeBSD 13.0-RELEASE hosts.
Host A acts as an NFSv4 server. It provides the following share: 192.168.250.61:/myshare

Host B can successfully mount and browse the share using mount -t nfs -o nfsv4,rw 192.168.250.61:/mysare /mnt.
Host B also hosts a jail named myjail. My goal is to make the NFS share available to the jail.

My jail's data directory is located under /ssd/cbsd/jails-data/myjail-data.
Inside the jail I created the directory /usr/local/storage. This directory was created with the jail's root user.
After unmounting the NFS share from Host A's /mnt I attempt to do this: mount -t nfs -o nfsv4,rw 192.168.250.61:/mysare /ssd/cbsd/jails-data/myjail-data/usr/local/storage.

Now the funny part: On host A, I can do ls /ssd/cbsd/jails-data/myjail-data/usr/local/storage and I can see the files present at the NFS share. However, if I log into the jail and do ls /usr/local/storage the directory appears empty (using the jail's root user again).

What exactly causes this behavior? What am I missing?
 
Not entirely sure how cbsd works but it's possible it's overlaying directories and myjail-data only contains the root filesystem and /usr/local is mounted from somewhere else.
 
Do you have any recommendations of how to handle this situation?
Prior to posting here I also created a "storage" user in the jail and tried to mount under /usr/home/storage/nfs with the same result.

Is there a "known good mounting point" in jails?
 
joel.bodenmann said:
Do you have any recommendations of how to handle this situation?
Click to expand...
On the host look at the output from mount. Then you will have a better idea how cbsd runs jails. As I said, some jail tools do all sorts of mounting tricks to overlay various parts of the filestructure. I just don't know enough of cbsd to tell you how it works. It's usually just a case of finding the right "overlayed" directory to mount things on. Alternatively, as this is NFS after all, you can do the actual mounting of the NFS share inside the jail itself. You probably do need the allow.mount and enforce_statfs settings for that jail.

Code: 
             allow.mount
                     privileged users inside the jail will be able to mount
                     and unmount file system types marked as jail-friendly.
                     The lsvfs(1) command can be used to find file system
                     types available for mount from within a jail.  This
                     permission is effective only if enforce_statfs is set to
                     a value lower than 2.
 
I attempted mounting the NFS share directly in the jail (by using the jail's fstab.local before posting here. This unfortunately did not work as expected either.

This turned out to be a small bug in cbsd. It has been fixed by the author: https://github.com/cbsd/cbsd/issues/594

Thank you for your help!
 
You must log in or register to reply here.
Back
Top