zfs + usermount in a jail?

O

oliver@

Developer
Hi,

has someone zfs + usermount in a jail working?

What works:
- usermount on the host
Code: 
root@reis /root> sysctl security.jail.jailed
security.jail.jailed: 0
root@reis /root> su -m bacula
bacula@reis /root> mount -t zfs zbackup /mnt/backup/
bacula@reis /root> df zbackup
Filesystem  1K-blocks      Used      Avail Capacity  Mounted on
zbackup    1915746156 715677784 1200068372    37%    /mnt/backup
bacula@reis /root> umount zbackup
- mount as root in the jail
Code: 
root@arborio /root> sysctl security.jail.jailed
security.jail.jailed: 1
root@arborio /root> mount -t zfs zbackup /mnt/backup/
root@arborio /root> df zbackup
Filesystem  1K-blocks      Used      Avail Capacity  Mounted on
zbackup    1915746156 715677784 1200068372    37%    /mnt/backup
root@arborio /root> umount zbackup

What does not work:
- usermount in the jail
Code: 
root@arborio /tmp> su -m bacula
bacula@arborio /tmp> mount -t zfs zbackup /mnt/backup/
mount: zbackup: Operation not permitted
Exit 1
bacula@arborio /tmp>
 
Hi @oliver@, I posted about a similar unsolved issue here: Thread 46146. However, I noticed the error message you received was different. You may be using a different FreeBSD/ZFS version but it may also be worth looking at my post to compare your configuration, though of course something about my configuration isn't right either.
 
Last edited by a moderator:
oliver@ said:
What does not work:
- usermount in the jail
Code: 
root@arborio /tmp> su -m bacula
bacula@arborio /tmp> mount -t zfs zbackup /mnt/backup/
mount: zbackup: Operation not permitted
Exit 1
bacula@arborio /tmp>
Click to expand...
It doesn't work that way. On the host side you need to specify the dataset as "jailed" and use the zfs jail command to assign it to a specific jail. For example (short form):

Code: 
host# zfs create -o jailed=on zroot/jailzfs
host# zfs jail myjail zroot/jailzfs # assigns zroot/jailzfs to the jail named "myjail"

myjail# zfs set mountpoint=/storage zroot/jailzfs
myjail# zfs mount -a

You need the jail options allow.mount, allow.mount.zfs and enforce_statfs must be set to 1.

Unfortunately, I can't seem to get the ZFS dataset to mount when the jail starts. I always have to login on the jail and enter zfs mount -a. For some reason setting zfs_enable="YES" in the jail's /etc/rc.conf doesn't seem to work. But perhaps that's an issue with my jails themselves. I still need to update them to 10.0-STABLE (the host runs 10.0-STABLE but the jails are still 10.0-RELEASE).
 
You must log in or register to reply here.
Back
Top