[Bug 260160] zfs jailed: snapshots not accessible

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260160] zfs jailed: snapshots not accessible"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 07 Feb 2023 20:49:36 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260160

--- Comment #24 from Jim Long <freebsd-bugzilla@umpquanet.com> ---
Thanks to everyone who has contributed to the significant progress on this
issue.

It definitely feels like progress, but IMO it would be infinitely better if the
"zfs.mount_snapshot" attribute was honored at startup.  I'll spend some time
thinking about how to write a service script that can either piggy-back on
/etc/rc.d/jail or a patch to /etc/rc.d/jail that will incorporate the "jail -m"
in the start-up process.  But "The Right Thing" would certainly seem to be to
have /etc/rc.d/jail honor the settings placed in /etc/jail.conf.

Interestingly, my testing suggests that once a "jail -m" operation has been
done, the mount_snapshot setting somehow survives any subsequent destruction
and re-creation of the jail.

Here's a dialogue commenced shortly after a fresh boot:

# w
12:26PM  up 54 secs, 3 users, load averages: 0.89, 0.24, 0.09
USER       TTY      FROM    LOGIN@  IDLE WHAT
jim        v0       -      12:26PM     - /bin/sh /usr/local/bin/startx
jim        pts/0    :0     12:26PM     - -
jim        pts/1    :0     12:26PM     - w

# jls
   JID  IP Address      Hostname                     Path
     1  192.168.1.50    test.example.edu             /jail/test
     2  192.168.1.50    test2.example.edu            /jail/test2

# jexec test ls -ld /.zfs/snapshot/xfer
ls: /.zfs/snapshot/xfer: Operation not permitted
# jexec test2 ls -ld /.zfs/snapshot/xfer
ls: /.zfs/snapshot/xfer: Operation not permitted

# jail -m test
test: updated
# jail -m test2
test2: updated
# jexec test ls -ld /.zfs/snapshot/xfer
drwxr-xr-x  33 root  wheel  38 Feb  6 10:22 /.zfs/snapshot/xfer
# jexec test2 ls -ld /.zfs/snapshot/xfer
drwxr-xr-x  33 root  wheel  38 Feb  6 10:22 /.zfs/snapshot/xfer

The odd thing to me is that once "jail -m" has been performed, the change
persists even beyond the destruction and re-creation of either jail.  Here I
stop jail 1 and jail 2, then start jail 3 and jail 4.  Without any "jail -m"
command, jails 3 and 4 are able to see snapshots:

# jls
   JID  IP Address      Hostname                     Path
     1  192.168.1.50    test.example.edu             /jail/test
     2  192.168.1.50    test2.example.edu            /jail/test2
# service jail stop
Stopping jails: test test2.
# service jail start
Starting jails: test test2.
# jls
   JID  IP Address      Hostname                     Path
     3  192.168.1.50    test.example.edu             /jail/test
     4  192.168.1.50    test2.example.edu            /jail/test2
# jexec test ls -ld /.zfs/snapshot/xfer
drwxr-xr-x  33 root  wheel  38 Feb  6 10:22 /.zfs/snapshot/xfer
# jexec test2 ls -ld /.zfs/snapshot/xfer
drwxr-xr-x  33 root  wheel  38 Feb  6 10:22 /.zfs/snapshot/xfer

Thanks again to Allan, Martin, Ryan, and everyone else for their time and
expertise.

-- 
You are receiving this mail because:
You are the assignee for the bug.