From owner-freebsd-jail@FreeBSD.ORG  Thu Apr 11 18:48:09 2013
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id CDD29A02
 for <freebsd-jail@freebsd.org>; Thu, 11 Apr 2013 18:48:09 +0000 (UTC)
 (envelope-from erdgeist@erdgeist.org)
Received: from elektropost.org (elektropost.org [217.13.206.130])
 by mx1.freebsd.org (Postfix) with ESMTP id 2E2D312DC
 for <freebsd-jail@freebsd.org>; Thu, 11 Apr 2013 18:48:08 +0000 (UTC)
Received: (qmail 24284 invoked from network); 11 Apr 2013 18:48:07 -0000
Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org)
 by elektropost.org with CAMELLIA256-SHA encrypted SMTP;
 11 Apr 2013 18:48:07 -0000
Message-ID: <51670567.5070602@erdgeist.org>
Date: Thu, 11 Apr 2013 20:48:07 +0200
From: Dirk Engling <erdgeist@erdgeist.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8;
 rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: freebsd-jail@freebsd.org
Subject: jail(8) vs. rc.d/jail features - fstab, zfs, vnet
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2013 18:48:09 -0000

Dear jail hackers,

in my ongoing quest to understand the direction jail development is
heading, I noticed that per-jail-fstabs are not (anymore?, yet?)
supported by the new jail(8)-rc.d/jail2-combo. Are there official plans
to drop the support?

A nice new jail+zfs feature is the "zfs jail" command, allowing to
attach a zfs to a jail. The way[tm] to properly use this feature is to
first create a prison, attach the zfs file system(s) to the jid and only
then run the exec.start command. So either jail(8) needs to be zfs aware
and execute the zfs jail command(s) by itself, or a exec.postprestart
command that is being passed the prison id of the new jail needs to be
run in system context. (For shutting down and unjail-ing vice versa).

The same goes with the vimage features. Most of the ways I can think of
using vnet interfaces require some configuration in the host system
after the vnet has been attached to the jid but before exec.start (and
thus the jail's rc.d/netif) is executed.

Since I speak C, posix and sh fluidly, I am willing to implement or help
implementing any of the proposals in question, so do not misunderstand
them as just demands ;)

  erdgeist