jail and dedicated zfs dataset
Jacques Foucry
jacques+freebsd at foucry.net
Tue Feb 4 21:44:09 UTC 2020
Hi folks,
I'm trying to create a jail (for the mail) with a dedicated zfs dataset.
On the host, the dataset in tank/root/mails wiht /var/mail as mountpoint.
jailed property in on
# zfs get mountpoint tank/root/mails
NAME PROPERTY VALUE SOURCE
tank/root/mails mountpoint /var/mail local
# zfs get jailed tank/root/mails
NAME PROPERTY VALUE SOURCE
tank/root/mails jailed on local
I also set allow properties:
# zfs allow tank/root/mails
---- Permissions on tank/root/mails ----------------------------------
Local+Descendent permissions:
user root mount
group wheel create,destroy,mount,snapshot
My /etc/jail.conf¹ definition for the dataset is:
exec.poststart = "/sbin/zfs jail mail tank/root/mails";
exec.poststart += "zfs mount -a";
exec.stop = "/sbin/zfs unjail mail tank/root/mails";
persist=true;
mount.fstab="/etc/fstab.${name}";
On the guest, things seems good:
# zfs allow tank/root/mails
---- Permissions on tank/root/mails ----------------------------------
Local+Descendent permissions:
user root mount
group wheel create,destroy,mount,snapshot
# zfs list
NAME USED AVAIL REFER MOUNTPOINT
tank 42.2G 6.92T 88K legacy
tank/root 36.7G 6.92T 3.60G legacy
tank/root/mails 200K 6.92T 88K /var/mail
But the dataset in not mounted:
# df -h /var/mail
Filesystem Size Used Avail Capacity Mounted on
tank/root/jails/mail 6.9T 2.9G 6.9T 0% /
And mounting by hand failed:
# zfs mount -a
cannot mount 'tank/root/mails': Insufficient privileges
What could be wrong? The /var/mail mount point permissions? The host /var/mail
permissions (that should not be used)? Something in zfs allow?
¹ I know there is the old ezjail or iocage, but I'm more comfortable with the
system way.
Thanks for you help if you can.
--
Jacques Foucry
More information about the freebsd-questions
mailing list