Date: Thu, 08 Aug 2013 14:06:40 +0100 From: Matthew Seaman <matthew@freebsd.org> To: freebsd-stable@freebsd.org Subject: Re: ZFS in jails 9.2-RC1 permission denied Message-ID: <520397E0.1090209@freebsd.org> In-Reply-To: <1375963526.32115.7488635.39B9BAB2@webmail.messagingengine.com> References: <CA%2BdUSyqDY9CQUrTDGNT5xwGjRce=JvAJrJHATxAocvffbz=ewg@mail.gmail.com> <CA%2BdUSypajBopACJt4HiNOGGYb2RqSfvrL0iP3eA_j%2BRd7hVi%2BA@mail.gmail.com> <alpine.BSF.2.00.1308081356490.90799@mail.fig.ol.no> <1375963526.32115.7488635.39B9BAB2@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/08/2013 13:05, Mark Felder wrote: > On Thu, Aug 8, 2013, at 6:59, Trond Endrestøl wrote: >> >> I'm just guessing, but I doubt a jail would be able to create new ZFS >> filesystems outside its own structure, if at all able. A jail would >> however be allowed to (un)mount already existing filesystems within >> its own structure, i.e. Pool/test1. >> > > When I first reviewed his post I clearly confused "mounting" with > "creating a new zfs filesystem". Is that even supposed to be permitted > in a jail? I almost feel a sysctl disabling that by default would be > nice... DoS by zfs filesystem creation/deletion, anyone? There's a 'zfs jail' command and a 'jailed' property you can set on a ZFS which I believes allow you to manage that ZFS from within the jail. I think that extends to creating other ZFSes beneath that one (which would inherit the 'jailed' property), BICBW. Mostly I find it easier to just manage the ZFSes from the host system but then again, I'm not really making very extensive use of jails. Cheers, Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?520397E0.1090209>