ZFS poudriere jail - not mounting filesystem

[tyson]

I have a minor problem with my jail configuration for poudriere builder.
Everything works, except poudriere jail dataset is not getting mounted on jail start
filesystems hierarchy is :
fbsd/usr/jails/JAIL_NAME for jails root /
fbsd/pdr/w0 poudriere jail filesystem.
zfs set jailed=on fbsd/pdr/w0 is done.
Configuration:
/etc/jail.buildbot-worker0.conf

Spoiler: /etc/jail.buildbot-worker0.conf

buildbot-worker0 {
    host.hostname = buildbot-worker0.localdomain;
    ip4.addr = "lo1|10.0.0.3/24";
    ip4.addr += "lo0|127.0.0.3";
    path = "/usr/jails/buildbot-worker0";
    exec.start = "/bin/sh /etc/rc";
    exec.stop = "/bin/sh /etc/rc.shutdown";
    exec.consolelog = "/var/log/jail_buildbot-worker0_console.log";
    mount.devfs; # need /dev/*random for Python
    persist;

    exec.poststart += "/sbin/zfs jail buildbot-worker0 fbsd/pdr/w0";
   
    allow.chflags;
    allow.mount=1;
    allow.mount.devfs;
    allow.mount.nullfs;
    allow.mount.procfs;
    allow.mount.tmpfs;
    allow.mount.zfs=1; # only needed if you use ZFS
    allow.raw_sockets; # optional
    allow.socket_af; # optional
    allow.sysvipc; # optional
    children.max=16;
    enforce_statfs=1;
}

jail rc.conf:

Spoiler: jail rc.conf

cron_flags="$cron_flags -J 15"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
syslogd_flags="-c -ss"
ipv6_activate_all_interfaces="NO"
sshd_enable="NO"


buildbot_worker_basedir="/var/buildbot-worker"
buildbot_worker_uid="buildbot-worker"
buildbot_worker_gid="buildbot-worker"
buildbot_worker_enable="YES"

Zfs props :
zfs get canmount fbsd/pdr/w0

NAME         PROPERTY  VALUE     SOURCE
fbsd/pdr/w0  canmount  on        default

Problem is fbsd/pdr/w0 is not getting mounted after jail start. I have to do services zfs start inside jail manually.


FreeBSD 13

FreeBSD kowalczt.ddns.net 13.0-STABLE FreeBSD 13.0-STABLE #0 stable/13-2947fc2cc: Wed Feb 24 15:03:24 CET 2021     root@kowalczt.ddns.net:/usr/obj/usr/src/amd64.amd64/sys/tyson-13-stable  amd64

 

[tyson]

So to make things little more clear.
If Im correct, after setting jailed property of the filesystem,
allow.mount, allow.mount.zfs, and enforce_statfs to 1
jail should have full control of the filesystem right ?
Does setting zfs_enable="YES" in jail's /etc/rc.conf would just mount this filesystem inside jail ?

 

[twllnbrck]

On the host try to turn on the following values in /etc/sysctl.conf:

security.jail.mount_allowed=1
security.jail.mount_devfs_allowed=1
security.jail.mount_zfs_allowed=1

 

[tyson]

On the host try to turn on the following values in /etc/sysctl.conf:

security.jail.mount_allowed=1
security.jail.mount_devfs_allowed=1
security.jail.mount_zfs_allowed=1

I already have that (except devfs, but i think its not relevant anyway), so it doesn't working for me.

PS. Strange thing is, if i put zfs_enable="YES" in jail rc.conf it doesnt mount it, but after manual running it later its being mounted.

 

[twllnbrck]

It worked for me with mount.devfs in /etc/jail.conf.
Anyway you can simply use nullfs(5) in your jails fstab, thats what I do.

 

[tyson]

I can live with it. Was only wondering what should be correct behavior for that.

 

[thutuid]

This can happen if you configure Poudriere before you provide the jail with all of the permissions it needs. You can fix it by setting the 'mountpoint' property of zroot/iocage/jails/<jailname>/data to /usr/local/poudriere or whichever folder you configured poudriere to put its data.