Crashplan jail access to jail directory?

[ddimick]

I'd like my Crashplan plugin jail to be able to backup the jails directory that's on my FreeNAS host. However, it doesn't appear that a jail can see the jails directory on mounted storage. I imagine this is probably for security purposes.

I'm thinking of running some kind of rsync backup from the jails to the host storage somewhere as a workaround. Before I do that I thought I'd ask if anyone knows if the default behavior can be changed?

 

[dlavigne]

Before I do that I thought I'd ask if anyone knows if the default behavior can be changed?

Not that I'm aware of.

 

[fracai]

It can't see the storage because the jails are independent datasets that are mounted in the jails directory, which itself is a dataset. To make this data visible to the Crashplan plugin you'd add each jail as storage to the Crashplan jail, just as you presumably did for your main pool. Note that I don't think you'll be able to, nor should you need to, add the Crashplan jail in this way.

 

[SweetAndLow]

I'm assuming you want to do this just in caseyou have to restore from backup and want to restore your jail. If this is the case you should test it to make sure it works. Restoring a jail can be hit or miss.

 

[Xelas]

Just brainstorming here, most of this is guesswork, and I'm new to Linux and Freenas, but anyway - wouldn't it be safer to create a snapshot, rsync the snapshot somewhere, and back that up? That way, you aren't in danger of having crashplan trying to access opened files that are being modified, locked files, etc, right? I'm not sure how crashplan deals with this on FreeBSD/Linux - Windows has Shadow Copy functionality, and if it's running in Windows, you can safely assume it's running on NTFS. I'm not sure if Crashplan can do the same on Freenas because I'm assuming it cannot make assumptions about what file system it's running on. Also, I would be concerned with moving directories containing ssh certs out to locations out of my control - presumably, you can run a script to nuke pem and ppk files (and anything else very sensitive) from the snapshot before it gets backed up or exclude them from the rsync or cp/mv script . . .

 

[fracai]

I guess you could do that, but it seems like you're adding a lot of extra complexity and duplicated data (rsync to another location).

I'm not aware of any issues with file locking and backing up snapshotted data would have just as much issue with partially written files as backing up the live files. Linux / BSD doesn't have the same concept of exclusively locking a file from being accessed by other processes. And I'm not sure what you're concerned about with "moving directories". You shouldn't need to actually move anything. Why would it be out of your control? You could always "add the storage" as read only. You could always exclude any sensitive files from the Crashplan backup. You could specify an encryption key that you created yourself to keep the files from being readable by anyone except yourself.