Re: ZFS and Jail :: nullfs mount :: nothing visible from host :: solved [partial]
Alexander Leidinger wrote on 2016/12/19 20:54: Quoting Miroslav Lachman <000.f...@quip.cz> (from Mon, 19 Dec 2016 18:57:39 +0100): Alexander Leidinger wrote on 2016/12/19 17:56: Quoting Miroslav Lachman <000.f...@quip.cz> (from Sun, 18 Dec 2016 13:20:31 +0100): I don't expect it to be in the docs. I try to come up with something for the man page for zfs (for the "attach to jail" part), but anyone shall feel free to beat me with this. Anyone with an idea where in the jail man page we should add something too (I only had a look at the zfs man page when this issue came up)? It would be nice to have this mentioned in zfs(8) man page (that user in jail cannot manage jail's root dataset but can manage some sub-dataset not required to boot the jail) What about this? Better wording welcome. ---snip--- Index: zfs.8 === --- zfs.8 (Revision 298108) +++ zfs.8 (Arbeitskopie) @@ -450,8 +450,11 @@ dataset can be attached to a jail by using the .Qq Nm Cm jail subcommand. You cannot attach a dataset to one jail and the children of the -same dataset to another jails. To allow management of the dataset from within -a jail, the +same dataset to another jails. You can also not attach the root file system +of the jail or any dataset which needs to be mounted before the zfs rc script +is run inside the jail, as it would be attached unmounted until it is +mounted from the rc script inside the jail. To allow management of the +dataset from within a jail, the .Sy jailed property has to be set and the jail needs access to the .Pa /dev/zfs ---snip--- And there can be some useful example in jail(8) man page in EXAMPLES. There is section "Jails and File Systems" and there can be new section "Manage ZFS from within jail" with basic notes about required jail params, zfs set jailed property and example "hierarchy". (and warning about gotchas with jailed=0 on jail's root directory) Are you willing to come up with some text-only version/draft/outline for this one? I am not good at English but I will try something. Thank you! Miroslav Lachman ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: ZFS and Jail :: nullfs mount :: nothing visible from host :: solved [partial]
Quoting Miroslav Lachman <000.f...@quip.cz> (from Mon, 19 Dec 2016 18:57:39 +0100): Alexander Leidinger wrote on 2016/12/19 17:56: Quoting Miroslav Lachman <000.f...@quip.cz> (from Sun, 18 Dec 2016 13:20:31 +0100): Alexander Leidinger wrote on 2016/12/17 19:59: Quoting SK(from Fri, 16 Dec 2016 14:02:20 Correct. You need the data in the root of the jail to boot, if you then attribute this dataset to the jail, it will vanish until "zfs mount -a" is run (rc script inside the jail). As it will vanish during the boot of the jail (if added automatically), the rc script to mount all datasets can not be found. [...] I think what you are trying to tell here is, unless and until that "vanished" dataset is put to use (mounted) from inside the jail, it will remain vanished/unusable from the host itself; however, once that dataset is put to use, the host system should be able to "see" and maybe even work on that dataset. Could you please confirm if I understood you correctly? Correct. A sub-dataset which is not needed to boot, or a dataset not within the subtree of the jail (and not needed to boot) can be used. Thank you for this information! If it is somewhere in the docs it is well hidden to me :) I don't expect it to be in the docs. I try to come up with something for the man page for zfs (for the "attach to jail" part), but anyone shall feel free to beat me with this. Anyone with an idea where in the jail man page we should add something too (I only had a look at the zfs man page when this issue came up)? It would be nice to have this mentioned in zfs(8) man page (that user in jail cannot manage jail's root dataset but can manage some sub-dataset not required to boot the jail) What about this? Better wording welcome. ---snip--- Index: zfs.8 === --- zfs.8 (Revision 298108) +++ zfs.8 (Arbeitskopie) @@ -450,8 +450,11 @@ dataset can be attached to a jail by using the .Qq Nm Cm jail subcommand. You cannot attach a dataset to one jail and the children of the -same dataset to another jails. To allow management of the dataset from within -a jail, the +same dataset to another jails. You can also not attach the root file system +of the jail or any dataset which needs to be mounted before the zfs rc script +is run inside the jail, as it would be attached unmounted until it is +mounted from the rc script inside the jail. To allow management of the +dataset from within a jail, the .Sy jailed property has to be set and the jail needs access to the .Pa /dev/zfs ---snip--- And there can be some useful example in jail(8) man page in EXAMPLES. There is section "Jails and File Systems" and there can be new section "Manage ZFS from within jail" with basic notes about required jail params, zfs set jailed property and example "hierarchy". (and warning about gotchas with jailed=0 on jail's root directory) Are you willing to come up with some text-only version/draft/outline for this one? Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF pgpiPSC9kMRZ8.pgp Description: Digitale PGP-Signatur
Re: ZFS and Jail :: nullfs mount :: nothing visible from host :: solved [partial]
Alexander Leidinger wrote on 2016/12/19 17:56: Quoting Miroslav Lachman <000.f...@quip.cz> (from Sun, 18 Dec 2016 13:20:31 +0100): Alexander Leidinger wrote on 2016/12/17 19:59: Quoting SK(from Fri, 16 Dec 2016 14:02:20 Correct. You need the data in the root of the jail to boot, if you then attribute this dataset to the jail, it will vanish until "zfs mount -a" is run (rc script inside the jail). As it will vanish during the boot of the jail (if added automatically), the rc script to mount all datasets can not be found. [...] I think what you are trying to tell here is, unless and until that "vanished" dataset is put to use (mounted) from inside the jail, it will remain vanished/unusable from the host itself; however, once that dataset is put to use, the host system should be able to "see" and maybe even work on that dataset. Could you please confirm if I understood you correctly? Correct. A sub-dataset which is not needed to boot, or a dataset not within the subtree of the jail (and not needed to boot) can be used. Thank you for this information! If it is somewhere in the docs it is well hidden to me :) I don't expect it to be in the docs. I try to come up with something for the man page for zfs (for the "attach to jail" part), but anyone shall feel free to beat me with this. Anyone with an idea where in the jail man page we should add something too (I only had a look at the zfs man page when this issue came up)? It would be nice to have this mentioned in zfs(8) man page (that user in jail cannot manage jail's root dataset but can manage some sub-dataset not required to boot the jail) And there can be some useful example in jail(8) man page in EXAMPLES. There is section "Jails and File Systems" and there can be new section "Manage ZFS from within jail" with basic notes about required jail params, zfs set jailed property and example "hierarchy". (and warning about gotchas with jailed=0 on jail's root directory) Miroslav Lachman ___ freebsd-jail@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: ZFS and Jail :: nullfs mount :: nothing visible from host :: solved [partial]
Quoting Miroslav Lachman <000.f...@quip.cz> (from Sun, 18 Dec 2016 13:20:31 +0100): Alexander Leidinger wrote on 2016/12/17 19:59: Quoting SK(from Fri, 16 Dec 2016 14:02:20 +): If I understand you correctly, what you are suggesting is, the dataset used by the jail itself for its root/base cannot be "worked on" from within the jail, but if I define a different dataset (under the same branch below the jail dataset), and attribute it to the jail, then I can manipulate that "other" dataset. Could you please confirm if I understood it correctly? Correct. You need the data in the root of the jail to boot, if you then attribute this dataset to the jail, it will vanish until "zfs mount -a" is run (rc script inside the jail). As it will vanish during the boot of the jail (if added automatically), the rc script to mount all datasets can not be found. [...] I think what you are trying to tell here is, unless and until that "vanished" dataset is put to use (mounted) from inside the jail, it will remain vanished/unusable from the host itself; however, once that dataset is put to use, the host system should be able to "see" and maybe even work on that dataset. Could you please confirm if I understood you correctly? Correct. A sub-dataset which is not needed to boot, or a dataset not within the subtree of the jail (and not needed to boot) can be used. Thank you for this information! If it is somewhere in the docs it is well hidden to me :) I don't expect it to be in the docs. I try to come up with something for the man page for zfs (for the "attach to jail" part), but anyone shall feel free to beat me with this. Anyone with an idea where in the jail man page we should add something too (I only had a look at the zfs man page when this issue came up)? Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.orgnetch...@freebsd.org : PGP 0x8F31830F9F2772BF pgpYU_3k8pU6p.pgp Description: Digitale PGP-Signatur