jails zfs jail

T

tOsYZYny

I would like to use a ZFS dataset within a jail. I have tried this:

host:

/etc/sysctl.conf

Code: 
security.jail.mount_zfs_allowed=1
security.jail.enforce_statfs=0
security.jail.mount_allowed=1

/etc/rc.conf
Code: 
zfs_enable="YES"

Code: 
zfs jail <jail-id> <dataset>
service jail start

I have also unhidden the devices:


While I can see the dataset, it is not mounted in the jail, but on the host it is.

Any ideas what I'm missing?
 
tOsYZYny said:
Code: 
security.jail.mount_zfs_allowed=1
security.jail.enforce_statfs=0
security.jail.mount_allowed=1
Click to expand...
Those sysctls are deprecated (though they still work). They've been replaced by per jail options in jail.conf. See jail(8).

Code: 
     allow.mount.zfs
             privileged users inside the jail will be able to mount and
             unmount the ZFS file system.  This permission is effective only
             together with allow.mount and only when enforce_statfs is set to
             a value lower than 2.  See zfs(8) for information on how to
             configure the ZFS filesystem to operate from within a jail.
Code: 
     enforce_statfs
             This determines what information processes in a jail are able to
             get about mount points.  It affects the behaviour of the
             following syscalls: statfs(2), fstatfs(2), getfsstat(2), and
             fhstatfs(2) (as well as similar compatibility syscalls).  When
             set to 0, all mount points are available without any
             restrictions.  When set to 1, only mount points below the jail's
             chroot directory are visible.  In addition to that, the path to
             the jail's chroot directory is removed from the front of their
             pathnames.  When set to 2 (default), above syscalls can operate
             only on a mount-point where the jail's chroot directory is
             located.

Also see zfs-jail(8).
 
You must log in or register to reply here.
Back
Top