ZFS in jails 9.2-RC1 permission denied
Trond Endrestøl
Trond.Endrestol at fagskolen.gjovik.no
Fri Aug 9 11:22:38 UTC 2013
On Fri, 9 Aug 2013 14:07+0300, George Kontostanos wrote:
> On Fri, Aug 9, 2013 at 1:57 PM, Trond Endrestøl <
> Trond.Endrestol at fagskolen.gjovik.no> wrote:
>
> > On Fri, 9 Aug 2013 13:35+0300, George Kontostanos wrote:
> >
> > > On Fri, Aug 9, 2013 at 8:55 AM, Trond Endrestøl <
> > > Trond.Endrestol at fagskolen.gjovik.no> wrote:
> > >
> > > > On Thu, 8 Aug 2013 19:04+0300, George Kontostanos wrote:
> > > >
> > > > > On Thu, Aug 8, 2013 at 2:59 PM, Mark Felder <feld at freebsd.org>
> > wrote:
> > > > >
> > > > > > On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote:
> > > > > > >
> > > > > > > Anybody?
> > > > > > >
> > > > > >
> > > > > > Can you provide your jail configuration? I think 9.2 introduces
> > the new
> > > > > > /etc/jail.conf functionality and perhaps it somehow it broke the
> > way
> > > > you
> > > > > > were doing it previously? If so, the old method is supposed to be
> > work
> > > > > > as well...
> > > > >
> > > > > jail_enable="YES"
> > > > > jail_list="jail1"
> > > > > jail_jail1_rootdir="/tank/jails/jail1"
> > > > > jail_jail1_hostname="jail1"
> > > > > jail_jail1_interface="em0"
> > > > > jail_jail1_ip="172.16.154.32"
> > > > > jail_jail1_devfs_enable="YES"
> > > >
> > > > During my experimentation yesterday, I had to add:
> > > >
> > > > jail_jail1_parameters="enforce_statfs=1 allow.mount=1
> > allow.mount.zfs=1"
> > > >
> > > > I wish there was a way of executing a command in the host environment
> > > > _after_ the jail is created, but _before_ exec.start is run from
> > > > within the jail environment, exec.prestart is run in the host
> > > > environment before the jail is created and is of no use for attaching
> > > > a ZFS dataset to a particular jail with the zfs jail command.
> > > >
> > > > Until this issue is resolved, I see no other way than manually
> > > > attaching a ZFS dataset to a jail, and manually running the mount
> > > > command from within the jail environment.
> > >
> > > Excellent, this worked like a charm!
> > >
> > > Does this means that the sysctl parameters are not honored or they have
> > to
> > > be also passed in the jail parameters?
> >
> > I guess so. Setting the sysctls in /etc/sysctl.conf doesn't seem to
> > propagate to the jail environments at all in 9.2-BETA2.
> >
> > > Thanks!
> >
> > You're welcome, and thanks for pushing me to explore jails and ZFS
> > even further. ;-)
> >
> > Maybe the jail people should erect exec.afterprestart, enabling us to
> > attach ZFS datasets to our jails prior to launching the jails.
>
> I think that the process of attaching a dataset or a pool to a jail has to
> be done after the JID has been created. The way I attach them is from the
> host system:
>
> #zfs jail <JID> pool/dataset
That's why I propose the exec.afterprestart. This is how I imagine it
should work:
1. The operator attempts to create a jail: jail -c somejail
2. The exec.prestart is run within the _host_ environment. It is of no
concern regarding attaching ZFS datasets to our jail.
3. The jail is actually created, say, with /jails/somejail
(zjails/jails/somejail) as it root.
4. The exec.afterprestart is run within the _host_ environment, and in
our case is configured to attach some ZFS datasets, say:
zfs jail somejail zjails/jaildata/somejail
5. The exec.start is run within the _jail_ environment, typically
running /etc/rc.
6. /etc/fstab within the _jail_ environment contains the necessary
information to mount zjails/jaildata/somejail as /jaildata.
7. Everything else remains unchanged.
--
+-------------------------------+------------------------------------+
| Vennlig hilsen, | Best regards, |
| Trond Endrestøl, | Trond Endrestøl, |
| IT-ansvarlig, | System administrator, |
| Fagskolen Innlandet, | Gjøvik Technical College, Norway, |
| tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, |
| sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. |
+-------------------------------+------------------------------------+
More information about the freebsd-stable
mailing list