Read-only view of a ZFS filesystem inside a bhyve guest?

[Rodney W. Grimes]

> Hello.
> 
> I'm looking to do what the subject says: I have an existing ZFS
> filesystem (/storage/xyz) and I'd like to provide a read-only view of
> the filesystem to a set of bhyve guests. The guests in this case could
> be solely FreeBSD guests, but if there's a pleasant way to allow for
> OpenBSD or Linux guests, I'd like that.
> 
> I'm essentially looking to move some jail-based infrastructure to bhyve
> guests. With the jails, I have a ZFS filesystem on the host that's
> mounted read-only inside some of the jails using nullfs. I'm not sure
> if there's something analogous for bhyve guests.
> 
> I've looked at NFS, but this seems like overkill and possibly hard to
> secure. Same applies to Samba. sshfs might be an option, but I'd really
> prefer to have as few daemons listening on the host machine as possible
> for security reasons.

You should be able to "plumb" NFS from the host to the guests on a
local bridge device, possibly evening playing games with the use
of an unroutable network like 127.1.0.0/24.

Host would have 127.1.0.1/24, /etc/exports would list 127.1.0.0/24
as who has access to the NFS shares, guests would be on 127.1.0.2 and
up.

Create the host bridge and assign it IP 127.1.0.1,
create guests taps,
inside gueests assign them 127.1.0.2 and up.

Untested, but should work.

-- 
Rod Grimes                                                 rgrimes at freebsd.org