bizarre mount_nullfs issue with jails / ezjail

Dan Naumov dan.naumov at gmail.com
Tue Apr 6 21:43:14 UTC 2010 

On Wed, Apr 7, 2010 at 12:37 AM, Glen Barber <glen.j.barber at gmail.com> wrote:
> Hi Dan,
>
> Dan Naumov wrote:
>> So, I want the basejail to only contain the world and link the ports
>> tree from the host into each individual jail when it's time to update
>> the ports inside them, but I am running into a bit of a bizarre issue:
>> I can mount_nullfs /usr/ports elsewhere on the host just fine, but it
>> doesn't work if I try to mount_nullfs it to /usr/ports inside the
>> jail:
>>
>> mount_nullfs /usr/ports/ /usr/ports2
>>
>> df -H | grep ports
>> cerberus/usr-ports                34G    241M     34G     1%    /usr/ports
>> cerberus/usr-ports-distfiles      34G      0B     34G     0%
>> /usr/ports/distfiles
>> cerberus/usr-ports-packages       34G      0B     34G     0%
>> /usr/ports/packages
>> /usr/ports                        34G    241M     34G     1%    /usr/ports2
>>
>> mount | grep ports
>> cerberus/usr-ports on /usr/ports (zfs, local)
>> cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local)
>> cerberus/usr-ports-packages on /usr/ports/packages (zfs, local)
>> /usr/ports on /usr/ports2 (nullfs, local)
>>
>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
>> mount_nullfs: /basejail: No such file or directory
>>
>> What is going on here? I also note that the error actually wants a
>> /basejail on the host, which is even more bizarre:
>>
>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
>> mount_nullfs: /basejail: No such file or directory
>>
>> mkdir /basejail
>>
>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
>> mount_nullfs: /basejail/usr: No such file or directory
>>
>> Yet, this works:
>>
>> mkdir /usr/jails/semipublic/test
>> mount_nullfs /usr/ports/ /usr/jails/semipublic/test
>> umount /usr/jails/semipublic/test
>>
>> Any ideas?
>>
>>
>
> The ports directory in an ezjail is a link to /basejail/usr/ports (in the
> jail).
>
> Breaking the link (from the host) allows the mount to work successfully.
>
> orion# ll usr/ports
> lrwxr-xr-x  1 root  wheel  19 Mar  8 18:06 usr/ports -> /basejail/usr/ports
> orion# unlink usr/ports
> orion# mkdir usr/ports
> orion# mount_nullfs /usr/ports usr/ports
> orion#
>
> Regards,
>
> --
> Glen Barber

Thanks for the tip.

An additional question: how come "sade" and "sysinstall" which are run
inside the jail can see (and I can only assume they can also operate
on and damage) the real underlying disks of the host?

- Sincerely
Dan Naumov

More information about the freebsd-jail mailing list