Support NFS mounts within a jail

[clownphish]

This is a feature request from an issue I had .

Currently, FreeNAS-8.3.0-RELEASE-p1 allows you to mount filesystems on the host system that you want the jail to be able to access. These are limited, however, to NULLFS devices (or devices on the local system). I'd like to be able to mount other types of filesystem on jail startup, namely NFS to a remote NFS server (not FreeNAS).

 

[ProtoSD]

I replied to your other post. NFS mounts work fine inside a jail. NULLFS isn't the correct way to use NFS in a jail.

 

[clownphish]

Thanks for the reply. I've also added one :) Happy to keep the discussion in one thread or the other - possibly best in the other one until we work out how/what is wrong (user error?!)

 

[ProtoSD]

Ok, after checking into this again it is not working like it did for me before, I'm getting "operation not permitted". I suspect it might have to do with use of the VIMAGE network module which was implemented when the plugin jail was officially added. I think it was before this that NFS worked for me.

I tried the port "net/unfs3", whose pkg-desc says:

UNFS3 is a user-space implementation of the NFSv3 server specification. It
provides a daemon for the MOUNT and NFS protocols, which are used by NFS
clients for accessing files on the server.
Since it runs in user-space, you can use it in a jail.

I tried installing this in the jail but it did not solve the problem.

I'll dig into it a little more and see if I can find an answer.

William, if you read this and have any ideas it would be great ;)

 

[William Grzybowski]

There isn't much we can do about it for now except wait. Especially because it is not a killer feature and there are workarounds.

I would point you to nightly images because there is a feature to run scripts pre/post-init there but currently nightly images are not in a sane state and plugin jail probably would not work.
That being said, maybe what you want is /conf/base/etc/rc.conf for now.

Another thing that comes to mind is setting the sysctl security.jail.mount_allowed, you'd need to set it before start the jail, but I've not tested it.

 

[ProtoSD]

There isn't much we can do about it for now except wait. Especially because it is not a killer feature and there are workarounds.[

I would point you to nightly images because there is a feature to run scripts pre/post-init there but currently nightly images are not in a sane state and plugin jail probably would not work.
That being said, maybe what you want is /conf/base/etc/rc.conf for now.

Thanks, the pre/post-init features are going to make a lot of people happy, probably get a few into trouble too ;)

Another thing that comes to mind is setting the sysctl security.jail.mount_allowed, you'd need to set it before start the jail, but I've not tested it.

I already tested that sysctl and it didn't help. I did find this post below in the freebsd mailing list that might give some insight, but no solution. I'll add that to the ticket for reference.

freebsd-questions/2011-August/233207.html

 

[clownphish]

Thanks for looking at this.

That being said, maybe what you want is /conf/base/etc/rc.conf for now.

Sounds interesting. I took a look at both the file and the man page but couldn't figure out how it might be useful for me. I was hoping it might be similar to an rc.local script (I'm fine with mounting somewhere even if the jail is not started) but it seemed like a lot of FreeNAS options which I wasn't sure how they'd be relevant. Any help or pointers you could offer here would be great.

Another thing that comes to mind is setting the sysctl security.jail.mount_allowed, you'd need to set it before start the jail, but I've not tested it.

I set this value to 1, shutdown all the plugins, shutdown the jail, started up the jail and then tried the mount command - no dice either.

 

[William Grzybowski]

Sorry, it was a typo, I meant rc.local, not rc.conf.

 

[clownphish]

I don't seem to have one on my build :( If I create the file will FreeNAS load it during boot (and presumably copy it to /etc/rc.local) ?

Code:

root@hostname:~$ ll /conf/base/etc/rc.*
-rw-r--r--  2 root  wheel   4611 Dec 12 13:05 /conf/base/etc/rc.bsdextended
-rw-r--r--  2 root  wheel   1194 Dec 12 13:07 /conf/base/etc/rc.conf
-rwxr-xr-x  2 root  wheel  14067 Oct 31 13:35 /conf/base/etc/rc.conf.local*
-rw-r--r--  2 root  wheel  18592 Dec 12 13:05 /conf/base/etc/rc.firewall
-rw-r--r--  2 root  wheel  23374 Dec  2 19:19 /conf/base/etc/rc.freenas
-rw-r--r--  2 root  wheel  12871 Dec 12 13:07 /conf/base/etc/rc.initdiskless
-rwxr-xr-x  2 root  wheel   2320 Dec 12 13:05 /conf/base/etc/rc.resume*
-rw-r--r--  2 root  wheel   5790 Dec 12 13:05 /conf/base/etc/rc.sendmail
-rw-r--r--  2 root  wheel   3309 Dec 12 13:05 /conf/base/etc/rc.shutdown
-rw-r--r--  2 root  wheel     27 Oct 31 13:36 /conf/base/etc/rc.shutdown.local
-rw-r--r--  2 root  wheel  39681 Dec 12 13:05 /conf/base/etc/rc.subr
-rwxr-xr-x  2 root  wheel   2291 Dec 12 13:05 /conf/base/etc/rc.suspend*

 

[William Grzybowski]

Yes, it will.

 

[Jcwang59]

Hi, I know this an old issue. But now I am running 9.10.2U5(just updated). And want to mount a NFS from another FreeNAS in a jail, I still get the same error. Should I patch the above metioned?