9.1-PRERELEASE - allow.mount - allow.mount.zfs - do not get
passed to child
Bryan Drewery
bryan at shatow.net
Tue Sep 11 00:01:15 UTC 2012
On 9/4/2012 12:50 AM, Bryan Drewery wrote:
> On 9/4/2012 12:46 AM, Bryan Drewery wrote:
>> On 9/4/2012 12:42 AM, Bryan Drewery wrote:
>>> I am unable to get these to pass into jails via /etc/rc.d/jail + ezjail.
>>>
>>> I set them in the host:
>>>
>>> security.jail.mount_allowed=1
>>> security.jail.mount_zfs_allowed=1
>>>
>>> What is the proper way to get these set?
>>>
>>>
>>
>> I used `jail -m` to set these, but they don't seem to work:
>>
>> In host:
>>
>> # jail -m jid=3 allow.mount allow.mount.zfs
>> # sysctl vfs.usermount=1
>>
>> In jail:
>>
>> # sysctl -a|grep mount
>> vfs.usermount: 1
>> ...
>> security.jail.mount_zfs_allowed: 1
>> security.jail.mount_allowed: 1
>>
>> # zfs mount -a
>> cannot mount 'backup': Insufficient privileges
>>
>> This dataset is properly jailed=on and 'zfs jail' ran on it as well.
>
> Sorry for the noise..
>
> # jail -m jid=3 enforce_statfs=1
>
> Now it works.
>
> Yes, I read the jail(8) and zfs(8) manpages. My biggest problem was the
> params not being passed in at startup.
>
> Bryan
>
Anyone else who runs into this,
r239382 allows this to work using /etc/rc.d/jail with deprecated
rc.conf/ezjail setups. You can specify jail_NAME_parameters=... with
that patch.
--
Regards,
Bryan Drewery
bdrewery at freenode/EFNet
More information about the freebsd-jail
mailing list