From owner-freebsd-jail@FreeBSD.ORG Fri Jun 17 18:58:01 2011 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A755106566B for ; Fri, 17 Jun 2011 18:58:01 +0000 (UTC) (envelope-from lars@seas.harvard.edu) Received: from Edge01.seas.harvard.edu (edge01.seas.harvard.edu [140.247.173.250]) by mx1.freebsd.org (Postfix) with ESMTP id CBB328FC0A for ; Fri, 17 Jun 2011 18:58:00 +0000 (UTC) Received: from HUB01.seas.harvard.edu (10.243.39.42) by Edge01.seas.harvard.edu (10.243.37.121) with Microsoft SMTP Server (TLS) id 14.1.255.0; Fri, 17 Jun 2011 14:46:52 -0400 Received: from mail-vx0-f182.google.com (10.243.39.38) by HUB01.seas.harvard.edu (10.243.39.42) with Microsoft SMTP Server (TLS) id 14.1.270.1; Fri, 17 Jun 2011 14:47:00 -0400 Received: by vxc34 with SMTP id 34so3086513vxc.13 for ; Fri, 17 Jun 2011 11:47:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.52.24.66 with SMTP id s2mr1117392vdf.196.1308336420006; Fri, 17 Jun 2011 11:47:00 -0700 (PDT) Received: by 10.52.185.40 with HTTP; Fri, 17 Jun 2011 11:46:59 -0700 (PDT) Date: Fri, 17 Jun 2011 14:46:59 -0400 Message-ID: From: Lars Kellogg-Stedman To: Content-Type: text/plain; charset="ISO-8859-1" X-Originating-IP: [10.243.39.38] Subject: Exposing a hierarchy of ZFS datasets inside multiple jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2011 18:58:01 -0000 Hello all, Hi there, I am trying to expose a hierarchy of home directories to a number of FreeBSD jails. The home directories are configured such that each is a unique ZFS dataset. The jails are used for development work and hence are created and destroyed on a regular basis. My first thought was simply to use nullfs to mount /home inside the jail, but nullfs doesn't provide any way to access subordinate filesystems. My second thought was to export the directories via NFS and then run the automounter daemon (amd) inside each jail. This would have Just Worked...if it were possible to perform NFS mounts inside a jail. But it's not. My third thought was to run amd on the host and provision nullfs mounts into the jails...but amd support for nullfs doesn't exist. My fourth thought was to go back to exporting the directories using NFS, because of course amd works with NFS, right? Unfortunately, rather than mounting a directory on the target mountpoint, amd likes to mount things in a temporary location (/.amd_mnt/...) and then create a symlink...which, of course, is useless inside the jail environment.t So maybe you could use nullfs to expose a subdirectory of /.amd_mnt to the jail? No! This brings us back to my first attempt, in which we find that there is no way to access subordinate filesystems using nullfs. And then my head exploded. Is there a good solution for what I'm trying to do? A bad solution would be to run a script after booting the jail that would create multiple nullfs mountpoints for all the home directories, but this is pretty clunky -- it would need to be run periodically to take into account new directories or removed directories. So basically I would have to write a poorly designed automounter. There must be a better way. How are other folks solving this? It looks like there are discussions going back several years about setting the VFCF_JAIL on NFS filesystems, but it these haven't resulted in any changes to the released code. Is this the best way to go? In theory, if I build a kernel under which NFS is jail friendly I can go ahead and run amd inside the jail -- Lars Kellogg-Stedman