ZFS snapshot directory access Operation not permitted in Jail on FreeBSD13

Mike Selner

Member

Reaction score: 6
Messages: 21

Hi,

I recently upgraded some systems from FreeBSD12 to FreeBSD13 (OpenZFS).

Inside a jail, I get "Operation not permitted" when trying to access a directory. All access as root.

Code:
ls /.zfs/snapshot/xxxx

On 11 & 12, I can view the contents of this directory inside the Jail. On 13, Operation not Permitted.

Outside the jail (host system), I can view the contents of this directory on all versions.

My jails are started/stopped by ezjail. Snapshots are done manually, not using ezjail.

I do not think it is related to the ZFS property "snapdir" which has always been "hidden" on all my datasets.
I believe snapdir: visible only affects the display of .zfs in a directory listing. I've always been able to explicitly access /.zfs/snapshot/xxxxx in the jail prior to 13.

I don't need to manage the dataset within the jail so I've not used the "jailed" property in the past, and it is "off" on all datasets.

Has anyone experienced this and is there a known fix?

Thanks
 

mer

Aspiring Daemon

Reaction score: 402
Messages: 636

If I'm understanding correctly, the snapshot directory is on the host, accessing from the host works, but inside the jail you can't?
Don't jails effectively have a different "/" than the host? (chrooted as a way of describing it)

If the above describes it correctly, I'm not sure it's technically a bug (If I'm wrong, I'll defer to those with the knowledge).
 
OP
M

Mike Selner

Member

Reaction score: 6
Messages: 21

Yes - the jail is chrooted. The .zfs directory is under the root inside the jail: /.zfs/snapshot/xxx
It was always available prior to 13. I suspect a change in the ZFS implementation.
 

emmex

Member

Reaction score: 6
Messages: 37

I have found the same problem, but after accessing the snapshot directory from the host, the jail can access it.
 

bigart

Member

Reaction score: 1
Messages: 52

Yes - the jail is chrooted. The .zfs directory is under the root inside the jail: /.zfs/snapshot/xxx
It was always available prior to 13. I suspect a change in the ZFS implementation.
I have the same problem. Did you resolve it ?
 

bigart

Member

Reaction score: 1
Messages: 52

After execute ls -li command in host for each .zfs/snapshot folder everything is back to normal.
Now I can execute ls -li command inside the jail for .zfs/snapshot without permission problem.

??


It's also resolve problem with shadow_copy2 in Samba. In my case, the previous versions stopped working after upgrade to FreeBSD 13.
 
OP
M

Mike Selner

Member

Reaction score: 6
Messages: 21

I have the same problem. Did you resolve it ?
No I have to use the ls command on the host
I set up a cron job to do this every hour so I don't have to remember to do so.
ls -al /var/jail/*/.zfs/snapshot/*
 
Top