ZFS poudriere jail - not mounting filesystem

tyson

Member

Reaction score: 41
Messages: 79

I have a minor problem with my jail configuration for poudriere builder.
Everything works, except poudriere jail dataset is not getting mounted on jail start
filesystems hierarchy is :
fbsd/usr/jails/JAIL_NAME for jails root /
fbsd/pdr/w0 poudriere jail filesystem.
zfs set jailed=on fbsd/pdr/w0 is done.
Configuration:
/etc/jail.buildbot-worker0.conf
Code:
buildbot-worker0 {
    host.hostname = buildbot-worker0.localdomain;
    ip4.addr = "lo1|10.0.0.3/24";
    ip4.addr += "lo0|127.0.0.3";
    path = "/usr/jails/buildbot-worker0";
    exec.start = "/bin/sh /etc/rc";
    exec.stop = "/bin/sh /etc/rc.shutdown";
    exec.consolelog = "/var/log/jail_buildbot-worker0_console.log";
    mount.devfs; # need /dev/*random for Python
    persist;

    exec.poststart += "/sbin/zfs jail buildbot-worker0 fbsd/pdr/w0";
   
    allow.chflags;
    allow.mount=1;
    allow.mount.devfs;
    allow.mount.nullfs;
    allow.mount.procfs;
    allow.mount.tmpfs;
    allow.mount.zfs=1; # only needed if you use ZFS
    allow.raw_sockets; # optional
    allow.socket_af; # optional
    allow.sysvipc; # optional
    children.max=16;
    enforce_statfs=1;
}
jail rc.conf:
Code:
cron_flags="$cron_flags -J 15"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
syslogd_flags="-c -ss"
ipv6_activate_all_interfaces="NO"
sshd_enable="NO"


buildbot_worker_basedir="/var/buildbot-worker"
buildbot_worker_uid="buildbot-worker"
buildbot_worker_gid="buildbot-worker"
buildbot_worker_enable="YES"

Zfs props :
zfs get canmount fbsd/pdr/w0
Code:
NAME         PROPERTY  VALUE     SOURCE
fbsd/pdr/w0  canmount  on        default
Problem is fbsd/pdr/w0 is not getting mounted after jail start. I have to do services zfs start inside jail manually.


FreeBSD 13
Code:
FreeBSD kowalczt.ddns.net 13.0-STABLE FreeBSD 13.0-STABLE #0 stable/13-2947fc2cc: Wed Feb 24 15:03:24 CET 2021     root@kowalczt.ddns.net:/usr/obj/usr/src/amd64.amd64/sys/tyson-13-stable  amd64
 
OP
T

tyson

Member

Reaction score: 41
Messages: 79

So to make things little more clear.
If Im correct, after setting jailed property of the filesystem,
allow.mount, allow.mount.zfs, and enforce_statfs to 1
jail should have full control of the filesystem right ?
Does setting zfs_enable="YES" in jail's /etc/rc.conf would just mount this filesystem inside jail ?
 

twllnbrck

Well-Known Member

Reaction score: 206
Messages: 275

On the host try to turn on the following values in /etc/sysctl.conf:
Code:
security.jail.mount_allowed=1
security.jail.mount_devfs_allowed=1
security.jail.mount_zfs_allowed=1
 
OP
T

tyson

Member

Reaction score: 41
Messages: 79

On the host try to turn on the following values in /etc/sysctl.conf:
Code:
security.jail.mount_allowed=1
security.jail.mount_devfs_allowed=1
security.jail.mount_zfs_allowed=1
I already have that (except devfs, but i think its not relevant anyway), so it doesn't working for me.

PS. Strange thing is, if i put zfs_enable="YES" in jail rc.conf it doesnt mount it, but after manual running it later its being mounted.
 

twllnbrck

Well-Known Member

Reaction score: 206
Messages: 275

It worked for me with mount.devfs in /etc/jail.conf.
Anyway you can simply use nullfs(5) in your jails fstab, thats what I do.
 
OP
T

tyson

Member

Reaction score: 41
Messages: 79

I can live with it. Was only wondering what should be correct behavior for that.
 
Top