[Bug 292120] ZFS filesystem jailed and mounted causes the jail to get stuck in dying state

Thu, 01 Jan 2026 22:34:25 -0800 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292120

            Bug ID: 292120
           Summary: ZFS filesystem jailed and mounted causes the jail to
                    get stuck in dying state
           Product: Base System
           Version: 15.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: [email protected]
          Reporter: [email protected]

## Synopsis

When a jailed ZFS filesystem is mounted inside, the jail gets stuck in dying
state upon removal.

## To reproduce

Prepare a bare-bone test jail filesystem, say in /j:

    $ mkdir -p /j && find -d /etc/pkg/ /usr/local/etc/pkg/
/usr/share/keys/*/trusted/ -print0 | cpio -pdum0 --quiet /j && pkg -r /j
install -r FreeBSD-base -qy FreeBSD-runtime FreeBSD-zfs

Create a test filesystem zroot/j1 with jailed=on:

    $ zfs create -o jailed=on -o mountpoint=/j1 zroot/j1

Launch a test jail with zroot/j1 injected, and list the dataset from inside
jail:

    $ jail -c name=j path=/j mount.devfs allow.mount allow.mount.zfs
enforce_statfs=1 zfs.dataset=zroot/j1 command=zfs list zroot/j1
    NAME       USED  AVAIL  REFER  MOUNTPOINT
    zroot/j1    96K   429G    96K  /j1

Ensure that the jail has been removed (expected behavior):

    $ jls -d jid name path

Launch another test jail, but this time mount zroot/j1 from inside:

    $ jail -c name=j path=/j mount.devfs allow.mount allow.mount.zfs
enforce_statfs=1 zfs.dataset=zroot/j1 command=zfs mount zroot/j1

See that the jail is stuck in dying state:

    $ jls jid name path         # j is missing
    $ jls -d jid name path      # j is shown (it's dying)
    38 j /j

Try to unjail the filesystem - it fails:

    $ zfs unjail j zroot/j1
    invalid jail id or name
    ...
    $ zfs unjail 38 zroot/j1
    invalid jail id or name
    ...
    $ jls -d jid name path      # j is still there
    38 j /j

Try to unmount the filesystem:

    $ zfs unmount zroot/j1      # seems to succeed but...
    $ zfs get mounted zroot/j1  # it is still mounted
    NAME      PROPERTY  VALUE    SOURCE
    zroot/j1  mounted   yes      -
    $ jls -d jid name path      # j is still there
    38 j /j

## Workarounds

Destroying zroot/j1 causes the jail to be removed but it's impractical in most
use cases of jailed ZFS.

Resetting jailed property (zfs inherit jailed zroot/j1) TWICE also removes the
jail, but this is dangerous because it mounts the filesystem at the untrusted
in-jail mountpoint if it has one.  The mountpoint property cannot be set or
reset/inherited from the host side while it is jailed, with a "dataset in a
non-global zone" error.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to