Date: Fri, 9 Dec 2016 12:21:06 +0000 From: SK <fbstable@cps-intl.org> To: Miroslav Lachman <000.fbsd@quip.cz>, freebsd-jail <freebsd-jail@freebsd.org> Subject: Re: ZFS and Jail :: nullfs mount :: nothing visible from host Message-ID: <3851c5d9-7646-b670-357e-ae937fcc7e8f@cps-intl.org> In-Reply-To: <584A9D89.4040003@quip.cz> References: <aa078173-e9f1-3f09-41d4-6613014b1119@cps-intl.org> <584986D0.3040109@quip.cz> <2b6346f8-ed02-0e6d-bd89-106098e7eb2d@cps-intl.org> <58499446.3050403@quip.cz> <eed9efad-9bac-9d36-b75e-c41f9ea72a8b@cps-intl.org> <5849C5BF.7020005@quip.cz> <fb56ab21-026b-408d-f712-ed7479e1f269@cps-intl.org> <584A9179.9060508@quip.cz> <b53fba06-bb7d-06d8-34a4-4677805fb175@cps-intl.org> <584A9D89.4040003@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/12/2016 12:03, Miroslav Lachman wrote: > > I am not sure, maybe it is not possible to hide them when you need to > manage zfs inside jail. > If you can live with not managing zfs inside but from the host, then > you can use enforce_statfs=2. Then you will see just a root dataset > inside jail. > > enforce_statfs=0 ~ you will see all datasets and partitions from the host > > enforce_statfs=1 ~ you will see all related to this jail (parents, > devfs etc) > > enforce_statfs=2 ~ only root mount is visible > I will try enforce_statfs=2, maybe that will give me what I need. But still, not sure what is happening with jailed=on >>> >>> zfs set jailed=on gT/JailS/testJail << Did you set this property? >> Now this is an interesting bit. I tried this, and as soon as I ran the >> command, the dataset vanished :P >> >> Not only that, I could not run jail any more. Given that gT/JailS is >> mounted on /JailS and the path parameter in jail.conf is >> /JailS/testJail, I am not surprised that the jail did not run (it >> initially complained about not being able to mount /dev, as it cannot >> find /JailS/testJail/dev) >> >> As a workaround, I removed mount.devfs, mount.procfs (that complained >> too), mount.fdesc (complained too), and then the jail ran >> >> But now that I do not have devfs, I could not do anything with zfs -- I >> could not even see them. So, manipulation from within the jail or >> outside the jail was no longer possible. > > Interesting. All documentation says jailed=on must be set. > Yes, I know. I checked everywhere and that seems to be the norm. But the moment I do it, my jail no longer functions :P > > "Everybody" say "use ezjail" because it was the first tool to > manipulate jails available for the masses. I tried it after I learned > all things about jails the hard way and then I realised ezjail is > doing strange things in some cases. I know it evolved, but I you need > to use some tool there are some better tools (in my opinion) which > were developed with ZFS features from the start. > You can try iocage or cbsd. They also can manage bhyve guests. > I did try iocage for bhyve some time back, honestly, I did not like it (maybe because it tried to do things on my behalf without letting me know what it was doing). I settled for vm-bhyve instead and am quite happy about it. cbsd I have not tried, maybe I'll give that a shot. Still, my desire for keeping it simple and raw is preventing me from taking any of these routes. I would very much like NOT to run any additional package on the host/base itself. I already have screen, mc and wget -- that is an overkill in my own personal opinion. Let us see how it goes. If I discover something, I will post it back. Thanks again for your support and suggestions, they had been very very helpful. Best regards SK
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3851c5d9-7646-b670-357e-ae937fcc7e8f>