Borg Backup in a Jail?

Mon Oct 5 15:08:07 UTC 2020

Jacques Foucry wrote:
> Hello colleagues,
> 
> Did somebody sucessfully install and run `borg backup` intã½ a jail?
> 
> My jail definition looks like:
> 
> ```
> backup{
>    host.hostname="backup.FQN";
>    path="/jails/backup";
>    ip4.addr="lo1|192.168.12.29/24";
>    ip4.addr+="lo0|127.0.1.29/32";
>    ip6.addr="em0|<IPv6::29/64";
>    enforce_statfs = 1;
>    allow.mount=1;
>    allow.mount.fusefs=1;
>    persist=true;
> }
> ```
> I runi on the host and the jail:
> 
> `FreeBSD 12.1-RELEASE-p6 amd64`
> 
> 
> Since FreeBSD 12 fusefs become jail compatible:
> 
> ```
> lsvfs
> Filesystem                              Num  Refs  Flags
> -------------------------------- ---------- -----  ---------------
> devfs                            0x00000071    14  synthetic, jail
> cd9660                           0x000000bd     0  read-only
> procfs                           0x00000002     2  synthetic, jail
> nfs                              0x0000003a     0  network
> zfs                              0x000000de    48  jail,
> delegated-administration
> ufs                              0x00000035     0  
> nullfs                           0x00000029     7  loopback, jail
> msdosfs                          0x00000032     0  
> fdescfs                          0x00000059     2  synthetic, jail
> tmpfs                            0x00000087     1  jail
> linprocfs                        0x000000b5     1  synthetic, jail
> fusefs                           0x000000ed     0  synthetic, jail
> ```
> 
> But inside the jail I cannot load fusefs kernel module:
> 
> ```
> backup# kldload fuse
> kldload: can't load fuse: Operation not permitted
> ```
> 
> And BorgBackup need it. :-(
> 
> Is there something I miss? Something wrong in my configuration?
> 
> Thnaks in advane for your advices,

It looks like you have fusefs running on the host so all jails should 
see it. You may need a jail rule with device fusefs access for the jail 
in question to use it.