Re: ZFS in jails 9.2-RC1 permission denied
On Fri, Aug 9, 2013 at 2:22 PM, Trond Endrestøl trond.endres...@fagskolen.gjovik.no wrote: On Fri, 9 Aug 2013 14:07+0300, George Kontostanos wrote: On Fri, Aug 9, 2013 at 1:57 PM, Trond Endrestøl trond.endres...@fagskolen.gjovik.no wrote: On Fri, 9 Aug 2013 13:35+0300, George Kontostanos wrote: On Fri, Aug 9, 2013 at 8:55 AM, Trond Endrestøl trond.endres...@fagskolen.gjovik.no wrote: On Thu, 8 Aug 2013 19:04+0300, George Kontostanos wrote: On Thu, Aug 8, 2013 at 2:59 PM, Mark Felder f...@freebsd.org wrote: On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: Anybody? Can you provide your jail configuration? I think 9.2 introduces the new /etc/jail.conf functionality and perhaps it somehow it broke the way you were doing it previously? If so, the old method is supposed to be work as well... jail_enable=YES jail_list=jail1 jail_jail1_rootdir=/tank/jails/jail1 jail_jail1_hostname=jail1 jail_jail1_interface=em0 jail_jail1_ip=172.16.154.32 jail_jail1_devfs_enable=YES During my experimentation yesterday, I had to add: jail_jail1_parameters=enforce_statfs=1 allow.mount=1 allow.mount.zfs=1 I wish there was a way of executing a command in the host environment _after_ the jail is created, but _before_ exec.start is run from within the jail environment, exec.prestart is run in the host environment before the jail is created and is of no use for attaching a ZFS dataset to a particular jail with the zfs jail command. Until this issue is resolved, I see no other way than manually attaching a ZFS dataset to a jail, and manually running the mount command from within the jail environment. Excellent, this worked like a charm! Does this means that the sysctl parameters are not honored or they have to be also passed in the jail parameters? I guess so. Setting the sysctls in /etc/sysctl.conf doesn't seem to propagate to the jail environments at all in 9.2-BETA2. Thanks! You're welcome, and thanks for pushing me to explore jails and ZFS even further. ;-) Maybe the jail people should erect exec.afterprestart, enabling us to attach ZFS datasets to our jails prior to launching the jails. I think that the process of attaching a dataset or a pool to a jail has to be done after the JID has been created. The way I attach them is from the host system: #zfs jail JID pool/dataset That's why I propose the exec.afterprestart. This is how I imagine it should work: 1. The operator attempts to create a jail: jail -c somejail 2. The exec.prestart is run within the _host_ environment. It is of no concern regarding attaching ZFS datasets to our jail. 3. The jail is actually created, say, with /jails/somejail (zjails/jails/somejail) as it root. 4. The exec.afterprestart is run within the _host_ environment, and in our case is configured to attach some ZFS datasets, say: zfs jail somejail zjails/jaildata/somejail 5. The exec.start is run within the _jail_ environment, typically running /etc/rc. 6. /etc/fstab within the _jail_ environment contains the necessary information to mount zjails/jaildata/somejail as /jaildata. 7. Everything else remains unchanged. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++ Sounds very good! As a side note. I noticed that if I log into the jail and issue: zail1 zfs mount -a All datasets are available. -- George Kontostanos --- http://www.aisecure.net ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Fri, Aug 9, 2013 at 8:55 AM, Trond Endrestøl trond.endres...@fagskolen.gjovik.no wrote: On Thu, 8 Aug 2013 19:04+0300, George Kontostanos wrote: On Thu, Aug 8, 2013 at 2:59 PM, Mark Felder f...@freebsd.org wrote: On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: Anybody? Can you provide your jail configuration? I think 9.2 introduces the new /etc/jail.conf functionality and perhaps it somehow it broke the way you were doing it previously? If so, the old method is supposed to be work as well... jail_enable=YES jail_list=jail1 jail_jail1_rootdir=/tank/jails/jail1 jail_jail1_hostname=jail1 jail_jail1_interface=em0 jail_jail1_ip=172.16.154.32 jail_jail1_devfs_enable=YES During my experimentation yesterday, I had to add: jail_jail1_parameters=enforce_statfs=1 allow.mount=1 allow.mount.zfs=1 I wish there was a way of executing a command in the host environment _after_ the jail is created, but _before_ exec.start is run from within the jail environment, exec.prestart is run in the host environment before the jail is created and is of no use for attaching a ZFS dataset to a particular jail with the zfs jail command. Until this issue is resolved, I see no other way than manually attaching a ZFS dataset to a jail, and manually running the mount command from within the jail environment. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++ Excellent, this worked like a charm! Does this means that the sysctl parameters are not honored or they have to be also passed in the jail parameters? Thanks! -- George Kontostanos --- http://www.aisecure.net ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Fri, 9 Aug 2013 13:35+0300, George Kontostanos wrote: On Fri, Aug 9, 2013 at 8:55 AM, Trond Endrestøl trond.endres...@fagskolen.gjovik.no wrote: On Thu, 8 Aug 2013 19:04+0300, George Kontostanos wrote: On Thu, Aug 8, 2013 at 2:59 PM, Mark Felder f...@freebsd.org wrote: On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: Anybody? Can you provide your jail configuration? I think 9.2 introduces the new /etc/jail.conf functionality and perhaps it somehow it broke the way you were doing it previously? If so, the old method is supposed to be work as well... jail_enable=YES jail_list=jail1 jail_jail1_rootdir=/tank/jails/jail1 jail_jail1_hostname=jail1 jail_jail1_interface=em0 jail_jail1_ip=172.16.154.32 jail_jail1_devfs_enable=YES During my experimentation yesterday, I had to add: jail_jail1_parameters=enforce_statfs=1 allow.mount=1 allow.mount.zfs=1 I wish there was a way of executing a command in the host environment _after_ the jail is created, but _before_ exec.start is run from within the jail environment, exec.prestart is run in the host environment before the jail is created and is of no use for attaching a ZFS dataset to a particular jail with the zfs jail command. Until this issue is resolved, I see no other way than manually attaching a ZFS dataset to a jail, and manually running the mount command from within the jail environment. Excellent, this worked like a charm! Does this means that the sysctl parameters are not honored or they have to be also passed in the jail parameters? I guess so. Setting the sysctls in /etc/sysctl.conf doesn't seem to propagate to the jail environments at all in 9.2-BETA2. Thanks! You're welcome, and thanks for pushing me to explore jails and ZFS even further. ;-) Maybe the jail people should erect exec.afterprestart, enabling us to attach ZFS datasets to our jails prior to launching the jails. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Fri, Aug 9, 2013 at 1:57 PM, Trond Endrestøl trond.endres...@fagskolen.gjovik.no wrote: On Fri, 9 Aug 2013 13:35+0300, George Kontostanos wrote: On Fri, Aug 9, 2013 at 8:55 AM, Trond Endrestøl trond.endres...@fagskolen.gjovik.no wrote: On Thu, 8 Aug 2013 19:04+0300, George Kontostanos wrote: On Thu, Aug 8, 2013 at 2:59 PM, Mark Felder f...@freebsd.org wrote: On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: Anybody? Can you provide your jail configuration? I think 9.2 introduces the new /etc/jail.conf functionality and perhaps it somehow it broke the way you were doing it previously? If so, the old method is supposed to be work as well... jail_enable=YES jail_list=jail1 jail_jail1_rootdir=/tank/jails/jail1 jail_jail1_hostname=jail1 jail_jail1_interface=em0 jail_jail1_ip=172.16.154.32 jail_jail1_devfs_enable=YES During my experimentation yesterday, I had to add: jail_jail1_parameters=enforce_statfs=1 allow.mount=1 allow.mount.zfs=1 I wish there was a way of executing a command in the host environment _after_ the jail is created, but _before_ exec.start is run from within the jail environment, exec.prestart is run in the host environment before the jail is created and is of no use for attaching a ZFS dataset to a particular jail with the zfs jail command. Until this issue is resolved, I see no other way than manually attaching a ZFS dataset to a jail, and manually running the mount command from within the jail environment. Excellent, this worked like a charm! Does this means that the sysctl parameters are not honored or they have to be also passed in the jail parameters? I guess so. Setting the sysctls in /etc/sysctl.conf doesn't seem to propagate to the jail environments at all in 9.2-BETA2. Thanks! You're welcome, and thanks for pushing me to explore jails and ZFS even further. ;-) Maybe the jail people should erect exec.afterprestart, enabling us to attach ZFS datasets to our jails prior to launching the jails. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++ I think that the process of attaching a dataset or a pool to a jail has to be done after the JID has been created. The way I attach them is from the host system: #zfs jail JID pool/dataset Best -- George Kontostanos --- http://www.aisecure.net ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Fri, 9 Aug 2013 14:07+0300, George Kontostanos wrote: On Fri, Aug 9, 2013 at 1:57 PM, Trond Endrestøl trond.endres...@fagskolen.gjovik.no wrote: On Fri, 9 Aug 2013 13:35+0300, George Kontostanos wrote: On Fri, Aug 9, 2013 at 8:55 AM, Trond Endrestøl trond.endres...@fagskolen.gjovik.no wrote: On Thu, 8 Aug 2013 19:04+0300, George Kontostanos wrote: On Thu, Aug 8, 2013 at 2:59 PM, Mark Felder f...@freebsd.org wrote: On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: Anybody? Can you provide your jail configuration? I think 9.2 introduces the new /etc/jail.conf functionality and perhaps it somehow it broke the way you were doing it previously? If so, the old method is supposed to be work as well... jail_enable=YES jail_list=jail1 jail_jail1_rootdir=/tank/jails/jail1 jail_jail1_hostname=jail1 jail_jail1_interface=em0 jail_jail1_ip=172.16.154.32 jail_jail1_devfs_enable=YES During my experimentation yesterday, I had to add: jail_jail1_parameters=enforce_statfs=1 allow.mount=1 allow.mount.zfs=1 I wish there was a way of executing a command in the host environment _after_ the jail is created, but _before_ exec.start is run from within the jail environment, exec.prestart is run in the host environment before the jail is created and is of no use for attaching a ZFS dataset to a particular jail with the zfs jail command. Until this issue is resolved, I see no other way than manually attaching a ZFS dataset to a jail, and manually running the mount command from within the jail environment. Excellent, this worked like a charm! Does this means that the sysctl parameters are not honored or they have to be also passed in the jail parameters? I guess so. Setting the sysctls in /etc/sysctl.conf doesn't seem to propagate to the jail environments at all in 9.2-BETA2. Thanks! You're welcome, and thanks for pushing me to explore jails and ZFS even further. ;-) Maybe the jail people should erect exec.afterprestart, enabling us to attach ZFS datasets to our jails prior to launching the jails. I think that the process of attaching a dataset or a pool to a jail has to be done after the JID has been created. The way I attach them is from the host system: #zfs jail JID pool/dataset That's why I propose the exec.afterprestart. This is how I imagine it should work: 1. The operator attempts to create a jail: jail -c somejail 2. The exec.prestart is run within the _host_ environment. It is of no concern regarding attaching ZFS datasets to our jail. 3. The jail is actually created, say, with /jails/somejail (zjails/jails/somejail) as it root. 4. The exec.afterprestart is run within the _host_ environment, and in our case is configured to attach some ZFS datasets, say: zfs jail somejail zjails/jaildata/somejail 5. The exec.start is run within the _jail_ environment, typically running /etc/rc. 6. /etc/fstab within the _jail_ environment contains the necessary information to mount zjails/jaildata/somejail as /jaildata. 7. Everything else remains unchanged. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Wed, Aug 7, 2013 at 7:26 PM, George Kontostanos wrote: Hi list, With a 9.1 system and the following: /etc/sysctl.conf: security.jail.mount_allowed=1 security.jail.mount_zfs_allowed=1 security.jail.enforce_statfs=1 zfs set jailed=on Pool zfs jail 1 Pool jexec 1 tcsh jail1# zfs create Pool/test1 jail1# zfs list NAME USED AVAIL REFER MOUNTPOINT Pool 223K 19.6G31K /Pool Pool/test1 31K 19.6G31K /Pool/test After upgrading to 9.2-RC1 the same operation results in: jail1# zfs create Pool/test2 cannot create 'Pool/test2': permission denied What am I missing? Thanks -- George Kontostanos --- Anybody? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: Anybody? Can you provide your jail configuration? I think 9.2 introduces the new /etc/jail.conf functionality and perhaps it somehow it broke the way you were doing it previously? If so, the old method is supposed to be work as well... ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Thu, 8 Aug 2013 14:53+0300, George Kontostanos wrote: On Wed, Aug 7, 2013 at 7:26 PM, George Kontostanos wrote: Hi list, With a 9.1 system and the following: /etc/sysctl.conf: security.jail.mount_allowed=1 security.jail.mount_zfs_allowed=1 security.jail.enforce_statfs=1 zfs set jailed=on Pool zfs jail 1 Pool jexec 1 tcsh jail1# zfs create Pool/test1 jail1# zfs list NAME USED AVAIL REFER MOUNTPOINT Pool 223K 19.6G31K /Pool Pool/test1 31K 19.6G31K /Pool/test After upgrading to 9.2-RC1 the same operation results in: jail1# zfs create Pool/test2 cannot create 'Pool/test2': permission denied What am I missing? Thanks -- George Kontostanos --- Anybody? I'm just guessing, but I doubt a jail would be able to create new ZFS filesystems outside its own structure, if at all able. A jail would however be allowed to (un)mount already existing filesystems within its own structure, i.e. Pool/test1. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Thu, Aug 8, 2013, at 6:59, Trond Endrestøl wrote: I'm just guessing, but I doubt a jail would be able to create new ZFS filesystems outside its own structure, if at all able. A jail would however be allowed to (un)mount already existing filesystems within its own structure, i.e. Pool/test1. When I first reviewed his post I clearly confused mounting with creating a new zfs filesystem. Is that even supposed to be permitted in a jail? I almost feel a sysctl disabling that by default would be nice... DoS by zfs filesystem creation/deletion, anyone? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Thu, 8 Aug 2013 07:05-0500, Mark Felder wrote: On Thu, Aug 8, 2013, at 6:59, Trond Endrestøl wrote: I'm just guessing, but I doubt a jail would be able to create new ZFS filesystems outside its own structure, if at all able. A jail would however be allowed to (un)mount already existing filesystems within its own structure, i.e. Pool/test1. When I first reviewed his post I clearly confused mounting with creating a new zfs filesystem. Is that even supposed to be permitted in a jail? I almost feel a sysctl disabling that by default would be nice... DoS by zfs filesystem creation/deletion, anyone? I started experimenting with jails last Sunday. There is certainly more to explore and learn. Just a few more hours and I'm heading home to do some lab work. ;-) -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On 08/08/2013 13:05, Mark Felder wrote: On Thu, Aug 8, 2013, at 6:59, Trond Endrestøl wrote: I'm just guessing, but I doubt a jail would be able to create new ZFS filesystems outside its own structure, if at all able. A jail would however be allowed to (un)mount already existing filesystems within its own structure, i.e. Pool/test1. When I first reviewed his post I clearly confused mounting with creating a new zfs filesystem. Is that even supposed to be permitted in a jail? I almost feel a sysctl disabling that by default would be nice... DoS by zfs filesystem creation/deletion, anyone? There's a 'zfs jail' command and a 'jailed' property you can set on a ZFS which I believes allow you to manage that ZFS from within the jail. I think that extends to creating other ZFSes beneath that one (which would inherit the 'jailed' property), BICBW. Mostly I find it easier to just manage the ZFSes from the host system but then again, I'm not really making very extensive use of jails. Cheers, Matthew ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Thu, Aug 8, 2013 at 2:59 PM, Mark Felder f...@freebsd.org wrote: On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: Anybody? Can you provide your jail configuration? I think 9.2 introduces the new /etc/jail.conf functionality and perhaps it somehow it broke the way you were doing it previously? If so, the old method is supposed to be work as well... ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org jail_enable=YES jail_list=jail1 jail_jail1_rootdir=/tank/jails/jail1 jail_jail1_hostname=jail1 jail_jail1_interface=em0 jail_jail1_ip=172.16.154.32 jail_jail1_devfs_enable=YES Do you see anything wrong here? Thanks -- George Kontostanos --- http://www.aisecure.net ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Thu, Aug 8, 2013 at 4:06 PM, Matthew Seaman matt...@freebsd.org wrote: On 08/08/2013 13:05, Mark Felder wrote: On Thu, Aug 8, 2013, at 6:59, Trond Endrestøl wrote: I'm just guessing, but I doubt a jail would be able to create new ZFS filesystems outside its own structure, if at all able. A jail would however be allowed to (un)mount already existing filesystems within its own structure, i.e. Pool/test1. When I first reviewed his post I clearly confused mounting with creating a new zfs filesystem. Is that even supposed to be permitted in a jail? I almost feel a sysctl disabling that by default would be nice... DoS by zfs filesystem creation/deletion, anyone? There's a 'zfs jail' command and a 'jailed' property you can set on a ZFS which I believes allow you to manage that ZFS from within the jail. I think that extends to creating other ZFSes beneath that one (which would inherit the 'jailed' property), BICBW. Mostly I find it easier to just manage the ZFSes from the host system but then again, I'm not really making very extensive use of jails. Cheers, Matthew ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org Yes, it is easier to manage ZFS datasets from the host system but in this case we are assigning a different jail to each customer. That jail should be able to receive snapshots. It was working fine so far with 9.1. -- George Kontostanos --- http://www.aisecure.net ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Aug 8, 2013, at 9:04 AM, George Kontostanos wrote: On Thu, Aug 8, 2013 at 2:59 PM, Mark Felder f...@freebsd.org wrote: On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: Anybody? Can you provide your jail configuration? I think 9.2 introduces the new /etc/jail.conf functionality and perhaps it somehow it broke the way you were doing it previously? If so, the old method is supposed to be work as well... ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org jail_enable=YES jail_list=jail1 jail_jail1_rootdir=/tank/jails/jail1 jail_jail1_hostname=jail1 jail_jail1_interface=em0 jail_jail1_ip=172.16.154.32 jail_jail1_devfs_enable=YES Do you see anything wrong here? Nope... though possible optimization... jail_jail1_ip=em0|172.16.154.32 # no need for jail_jail1_interface -- Devin _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Thu, 8 Aug 2013 19:04+0300, George Kontostanos wrote: On Thu, Aug 8, 2013 at 2:59 PM, Mark Felder f...@freebsd.org wrote: On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: Anybody? Can you provide your jail configuration? I think 9.2 introduces the new /etc/jail.conf functionality and perhaps it somehow it broke the way you were doing it previously? If so, the old method is supposed to be work as well... jail_enable=YES jail_list=jail1 jail_jail1_rootdir=/tank/jails/jail1 jail_jail1_hostname=jail1 jail_jail1_interface=em0 jail_jail1_ip=172.16.154.32 jail_jail1_devfs_enable=YES During my experimentation yesterday, I had to add: jail_jail1_parameters=enforce_statfs=1 allow.mount=1 allow.mount.zfs=1 I wish there was a way of executing a command in the host environment _after_ the jail is created, but _before_ exec.start is run from within the jail environment, exec.prestart is run in the host environment before the jail is created and is of no use for attaching a ZFS dataset to a particular jail with the zfs jail command. Until this issue is resolved, I see no other way than manually attaching a ZFS dataset to a jail, and manually running the mount command from within the jail environment. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org