ZFS in a jail
Gelsema, P (Patrick)
I want to access a zfs dataset from within a jail. When following the
instructions on the various pages I get stuck.
I am running:
FreeBSD hulk.superhero.nl 7.0-BETA3 FreeBSD 7.0-BETA3 #1: Fri Nov 30
19:13:07 CET 2007 ad...@hulk.superhero.nl:/usr/obj/usr/src/sys/GENERIC
amd64
Jails are set up as detailed in
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-application.html.
With ro mount for system files created by buildworld and a rw mount for
the various directories which require to be read/write such as /usr/local,
/var, /home and /etc.
I am following the steps as outlined in:
http://blogs.freebsdish.org/pjd/2007/03/.
I don't have any problems with creating the zpool and the zfs dataset on
the host but when I try to create in the jail I get the following error.
batman# zfs create public/jail/public
internal error: failed to initialize ZFS library
In /var/log/messages on the host I get the following:
Dec 2 21:47:01 hulk kernel: WARNING pid 36752 (zfs): ioctl sign-extension
ioctl ffffffffcef85a2b
I do have the 2 sysctl settings set.
Even running zfs gives me a problem within the jail.
Some help would be much appreciated.
Rgds,
Patrick
Oliver Brandmueller
On Sun, Dec 02, 2007 at 09:49:38PM +0100, Gelsema, P (Patrick) wrote:
> batman# zfs create public/jail/public
> internal error: failed to initialize ZFS library
>
> In /var/log/messages on the host I get the following:
> Dec 2 21:47:01 hulk kernel: WARNING pid 36752 (zfs): ioctl sign-extension
> ioctl ffffffffcef85a2b
>
> I do have the 2 sysctl settings set.
>
> Even running zfs gives me a problem within the jail.
>
> Some help would be much appreciated.
Did you add the zfs device to be available for your jails in
devfs.rules? In the ruleset applying for the jails you need to add:
add path zfs unhide
Then it should work like a charme.
- Oliver
--
| Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197 Berlin |
| Fon +49-172-3130856 | Fax +49-172-3145027 | WWW: http://the.addict.de/ |
| Ich bin das Internet. Sowahr ich Gott helfe. |
| Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! |
Gelsema, P (Patrick)
> Hi,
>
> On Sun, Dec 02, 2007 at 09:49:38PM +0100, Gelsema, P (Patrick) wrote:
>> batman# zfs create public/jail/public
>> internal error: failed to initialize ZFS library
>>
>> In /var/log/messages on the host I get the following:
>> Dec 2 21:47:01 hulk kernel: WARNING pid 36752 (zfs): ioctl
>> sign-extension
>> ioctl ffffffffcef85a2b
>>
>> I do have the 2 sysctl settings set.
>>
>> Even running zfs gives me a problem within the jail.
>>
>> Some help would be much appreciated.
>
> Did you add the zfs device to be available for your jails in
> devfs.rules? In the ruleset applying for the jails you need to add:
>
> add path zfs unhide
hulk is the host, batman is the jail.
hulk# cat /etc/rc.conf | grep devfs
jail_batman_devfs_enable="YES"
devfs_system_ruleset="zfsenable"
hulk# cat /etc/devfs.rules
[zfsenable=10]
add path 'zfs' unhide
hulk# zpool create public raidz ad4 ad6 ad8
hulk# zfs create public/jail
hulk# zfs set jailed=on public/jail
hulk# zfs set jailed=on public/jail
hulk# zfs jail 4 public/jail
hulk# sysctl security | grep jail
security.jail.jailed: 0
security.jail.mount_allowed: 1
security.jail.chflags_allowed: 0
security.jail.allow_raw_sockets: 0
security.jail.enforce_statfs: 0
security.jail.sysvipc_allowed: 0
security.jail.socket_unixiproute_only: 1
security.jail.set_hostname_allowed: 0
hulk# tail -n 1 /var/log/messages
Dec 3 13:45:16 hulk kernel: WARNING pid 1971 (zfs): ioctl sign-extension
ioctl ffffffffcef85a2b
batman# zfs create public/jail/public
internal error: failed to initialize ZFS library
I am still getting the same error in the jail.
rgds,
Thanks Patrick
>
> Then it should work like a charme.
>
> - Oliver
>
> --
> | Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197 Berlin
> |
> | Fon +49-172-3130856 | Fax +49-172-3145027 | WWW: http://the.addict.de/
> |
> | Ich bin das Internet. Sowahr ich Gott helfe.
> |
> | Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet!
> |
> _______________________________________________
> freebsd...@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stabl...@freebsd.org"
>
Gelsema, P (Patrick)
> On Mon, December 3, 2007 14:02, Andrew Kolchoogin wrote:
>> >> > Did you add the zfs device to be available for your jails in
>> >> > devfs.rules? In the ruleset applying for the jails you need to add:
>> >> >
>> >> > add path zfs unhide
>> >>
>> >> hulk is the host, batman is the jail.
>> >>
>> >> hulk# cat /etc/rc.conf | grep devfs
>> >> jail_batman_devfs_enable="YES"
>> >> devfs_system_ruleset="zfsenable"
>>
>> They are 2 seperate lines. Any idea on how to get zfs in the jail? I
>> have
>> been told I had to add the devfs rules for zfs.
> Yes, I've told you what you should to do. First part you have been
> done already -- you've edited /etc/devfs.rules and added new
> configuration subsection with instructions to unhide /etc/zfs.
> Please do the second part: instruct the /etc/rc.d/jail to apply
> these rules to DEVFS instance mounted into your jail. Just change
> 'devfs_system_ruleset' to 'jail_batman_devfs_ruleset' and restart your
> jail -- /etc/rc.d/jail does NOT pay attention to system-wide DEVFS
> ruleset variables, it uses per-jail ones.
> If you have configured all the things correctly, you MUST
> see /path/to/root/of/your/jail/dev/zfs :)
> --
> Andrew.
>
Hi Andrew,
this is working. Thanks.
THe only problem is that after every reboot I have to rerun the following
commands to get things working again.
hulk# zfs jail 4 zfspublic/batman
batman# zfs mount -a
If I don't do the jail 4 command the command batman# zfs get all does not
return anything.
Seems like the zfs jail 4 command is not remembered.
The zfs manpage does not tell of where to store these settings.
Any pointers?
hulk# zfs get all
NAME PROPERTY VALUE SOURCE
zfspublic type filesystem -
zfspublic creation Mon Dec 3 15:13 2007 -
zfspublic used 1.69G -
zfspublic available 911G -
zfspublic referenced 24.0K -
zfspublic compressratio 1.00x -
zfspublic mounted yes -
zfspublic quota none default
zfspublic reservation none default
zfspublic recordsize 128K default
zfspublic mountpoint /zfspublic default
zfspublic sharenfs off default
zfspublic checksum on default
zfspublic compression off default
zfspublic atime on default
zfspublic devices on default
zfspublic exec on default
zfspublic setuid on default
zfspublic readonly off default
zfspublic jailed off default
zfspublic snapdir hidden default
zfspublic aclmode groupmask default
zfspublic aclinherit secure default
zfspublic canmount on default
zfspublic shareiscsi off default
zfspublic xattr off temporary
zfspublic copies 1 default
zfspublic/batman type filesystem -
zfspublic/batman creation Mon Dec 3 15:14 2007 -
zfspublic/batman used 1.69G -
zfspublic/batman available 911G -
zfspublic/batman referenced 1.69G -
zfspublic/batman compressratio 1.00x -
zfspublic/batman mounted yes -
zfspublic/batman quota none default
zfspublic/batman reservation none default
zfspublic/batman recordsize 128K default
zfspublic/batman mountpoint /s/public local
zfspublic/batman sharenfs off default
zfspublic/batman checksum on default
zfspublic/batman compression off default
zfspublic/batman atime on default
zfspublic/batman devices on default
zfspublic/batman exec on default
zfspublic/batman setuid on default
zfspublic/batman readonly off default
zfspublic/batman jailed on local
zfspublic/batman snapdir hidden default
zfspublic/batman aclmode groupmask default
zfspublic/batman aclinherit secure default
zfspublic/batman canmount on default
zfspublic/batman shareiscsi off default
zfspublic/batman xattr off temporary
zfspublic/batman copies 1 default
>
>