Re: RFC: nfsd in a vnet jail

On Thu, Dec 1, 2022 at 2:30 AM Alexander Leidinger <Alexander@leidinger.net>
wrote:

>
> Quoting Alan Somers <asomers@freebsd.org> (from Tue, 29 Nov 2022
> 17:28:10 -0700):
>
> > On Tue, Nov 29, 2022 at 5:21 PM Rick Macklem <rick.macklem@gmail.com>
> wrote:
>
> >> So, what do others think of enforcing the requirement that each jail
> >> have its own file systems for this?
> >
> > I think that's a totally reasonable requirement.  Especially so for
> > ZFS users, who already create a filesystem per jail for other reasons.
>
> While I agree that it is a reasonable requirement, just a note that we
> can not assume that every existing jail resides on its own file
> system. The base system jail infrastructure doesn't check this, and
> the ezjail port doesn't either. The iocage port does it.
>

I have several jails that all live on the same zfs data set that I setup
ages ago before
I understood the full benefits of ZFS... but I could migrate in a pinch.
But they aren't in
their own vnet, so maybe that doesn't apply.


> Is there a way to detect this inside a jail and error out in nfsd/mountd?
>

Whatever we do, there will be people bitten by it, so we need to make the
messaging around
it good (the error messages from the system, as well as the documentation).

Warner