misc/149831: [PATCH] add support to /etc/rc.d/jail for delegating ZFS-filesystems to jails

Kenneth Vestergaard kvs at binarysolutions.dk
Fri Aug 20 11:40:10 UTC 2010 

>Number:         149831
>Category:       misc
>Synopsis:       [PATCH] add support to /etc/rc.d/jail for delegating ZFS-filesystems to jails
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 20 11:40:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Kenneth Vestergaard
>Release:        8.1-RELEASE
>Organization:
pil.dk
>Environment:
FreeBSD mckusick.pil.dk 8.1-RELEASE FreeBSD 8.1-RELEASE #12: Fri Aug  6 00:18:40 CEST 2010     root at mckusick.pil.dk:/usr/obj/dana/src/freebsd8/src/sys/MCKUSICK  amd64

>Description:
A simple patch adding an rc.conf-variable to make /etc/rc.d/jail run 'zfs jail $jid' on all
filesystems with 'jailed=on' set beneath the path specified in jail_$name_delegate_path.

>How-To-Repeat:

>Fix:


Patch attached with submission follows:

# $PIL$

Add a jail_NAME_delegate_path-variable to rc.conf, which'll delegate
all jailed zfs's under that path to the newly-started jail.

--- src/etc/rc.d/jail.orig	2010-08-20 12:15:24.720731927 +0200
+++ src/etc/rc.d/jail	2010-08-20 13:16:24.744226221 +0200
@@ -41,6 +41,7 @@
 	eval _ip=\"\$jail_${_j}_ip\"
 	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
 	eval _exec=\"\$jail_${_j}_exec\"
+	eval _delegate_path=\"\$jail_${_j}_delegate_path\"
 
 	i=0
 	while : ; do
@@ -132,6 +133,7 @@
 	debug "$_j procdir: $_procdir"
 	debug "$_j ruleset: $_ruleset"
 	debug "$_j fstab: $_fstab"
+	debug "$_j delegate_path: $_delegate_path"
 
 	i=0
 	while : ; do
@@ -640,6 +642,14 @@
 
 		if [ "$?" -eq 0 ] ; then
 			_jail_id=$(head -1 ${_tmp_jail})
+
+			if [ ! -z "${_delegate_path}" ] ; then
+				/sbin/zfs get -s local -rH -o name,value jailed ${_delegate_path} | \
+				    /usr/bin/awk '$2 == "on" { print $1 }' | \
+				    /usr/bin/xargs -I % /sbin/zfs jail ${_jail_id} %
+				jail -m jid=${_jail_id} allow.mount=1
+			fi
+
 			i=1
 			while : ; do
 				eval out=\"\${_exec_afterstart${i}:-''}\"


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list