Date: Mon, 10 Sep 2012 19:01:06 -0500 From: Bryan Drewery <bryan@shatow.net> To: freebsd-jail@freebsd.org Subject: Re: 9.1-PRERELEASE - allow.mount - allow.mount.zfs - do not get passed to child Message-ID: <504E7F42.3080506@shatow.net> In-Reply-To: <5045969A.3020201@shatow.net> References: <504594DF.4000105@shatow.net> <504595C6.9060807@shatow.net> <5045969A.3020201@shatow.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/4/2012 12:50 AM, Bryan Drewery wrote: > On 9/4/2012 12:46 AM, Bryan Drewery wrote: >> On 9/4/2012 12:42 AM, Bryan Drewery wrote: >>> I am unable to get these to pass into jails via /etc/rc.d/jail + ezjail. >>> >>> I set them in the host: >>> >>> security.jail.mount_allowed=1 >>> security.jail.mount_zfs_allowed=1 >>> >>> What is the proper way to get these set? >>> >>> >> >> I used `jail -m` to set these, but they don't seem to work: >> >> In host: >> >> # jail -m jid=3 allow.mount allow.mount.zfs >> # sysctl vfs.usermount=1 >> >> In jail: >> >> # sysctl -a|grep mount >> vfs.usermount: 1 >> ... >> security.jail.mount_zfs_allowed: 1 >> security.jail.mount_allowed: 1 >> >> # zfs mount -a >> cannot mount 'backup': Insufficient privileges >> >> This dataset is properly jailed=on and 'zfs jail' ran on it as well. > > Sorry for the noise.. > > # jail -m jid=3 enforce_statfs=1 > > Now it works. > > Yes, I read the jail(8) and zfs(8) manpages. My biggest problem was the > params not being passed in at startup. > > Bryan > Anyone else who runs into this, r239382 allows this to work using /etc/rc.d/jail with deprecated rc.conf/ezjail setups. You can specify jail_NAME_parameters=... with that patch. -- Regards, Bryan Drewery bdrewery@freenode/EFNet
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?504E7F42.3080506>