ZFS in jails 9.2-RC1 permission denied
Matthew Seaman
matthew at freebsd.org
Thu Aug 8 13:06:50 UTC 2013
On 08/08/2013 13:05, Mark Felder wrote:
> On Thu, Aug 8, 2013, at 6:59, Trond Endrestøl wrote:
>>
>> I'm just guessing, but I doubt a jail would be able to create new ZFS
>> filesystems outside its own structure, if at all able. A jail would
>> however be allowed to (un)mount already existing filesystems within
>> its own structure, i.e. Pool/test1.
>>
>
> When I first reviewed his post I clearly confused "mounting" with
> "creating a new zfs filesystem". Is that even supposed to be permitted
> in a jail? I almost feel a sysctl disabling that by default would be
> nice... DoS by zfs filesystem creation/deletion, anyone?
There's a 'zfs jail' command and a 'jailed' property you can set on a
ZFS which I believes allow you to manage that ZFS from within the jail.
I think that extends to creating other ZFSes beneath that one (which
would inherit the 'jailed' property), BICBW.
Mostly I find it easier to just manage the ZFSes from the host system
but then again, I'm not really making very extensive use of jails.
Cheers,
Matthew
More information about the freebsd-stable
mailing list