bcat
Explorer
- Joined
- Oct 20, 2022
- Messages
- 84
I have, and I've just reread it now. Let's take your example there---and please do let me know if I'm not parsing it correctly.They are not, please read the entire SMB Shares section from my guide.
As I understand it, you propose a pool at
/mnt/default
containing two datasets:/mnt/default/media
: shared via SMB/mnt/default/media/center
: used as a hostpath volume for containers
What I am saying is that in this configuration, the risks that hostpath validation attempts to mitigate still exist. To give a couple examples (not an inclusive list):
- If a container maintains a database inside the hostpath volume (e.g.,
/mnt/default/media/center/foo.db
), that database can still be accessed over SMB (e.g., from Windows via\\TRUENAS\media\center\foo.db
), corrupting the application's state. - If a container expects POSIX permission semantics for
/mnt/default/media/center
, but/mnt/default/media
and its descendent datasets use NFSv4 ACLs (as is default in TrueNAS SCALE for datasets created with "Share Type" set to SMB, since NFSv4 ACLs mirror the Windows permission model), then the container may still behave unexpectedly when reading and writing files within the hostpath volume.
/mnt/default/media
) is used as both an SMB share and a hostpath volume. As far as I can tell, factoring out a child dataset of the share to use as the hostpath volume has no practical effect other than allowing the current implementation of hostpath validation to pass. It doesn't actually address the risks that hostpath validation "solves" (as I understand per the release notes and various iXsystems/TrueCharts posts on the subject).To be clear, I'm not saying that structuring datasets the way you propose is bad. What I'm saying instead is that (at least as I read your post) telling ~everyone to structure their datasets in that way can be a bit dangerous, as it makes folks think they've mitigated the risks of files accessible from both shares and hostpath volumes, when in fact the risks still exist. That's why I think iXsystems took the right route by implementing a UI toggle (with a scary warning about unsupported configurations) that folks can choose to exercise after they've thought through these implications.
Last edited: