Update the warden to support jailed ZFS datasets. This can be

enabled by setting "allow.mount.zfs=1" on a jail. If this is set, the jails ZFS dataset will be set to jailed mode, and made visible to the jail. The user should also set "enforce_statfs=0" and "allow.mount=1" on the jails flags as well, for this to work properly. Requested vie RedMine: #6495
trueos · Nov 10, 2014 · dcad170 · dcad170
1 parent 0b2cdde
commit dcad170
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 17 deletions.
diff --git a/src-sh/pc-extractoverlay/pc-extractoverlay b/src-sh/pc-extractoverlay/pc-extractoverlay
@@ -116,11 +116,13 @@ post_extract_setup()
   fi
 
   # Make sure we are using correct linux emulation
-  cp /etc/sysctl.conf /etc/sysctl.conf.bak
-  cat /etc/sysctl.conf | grep -v "compat.linux.osrelease" > /etc/sysctl.conf.new
-  echo "compat.linux.osrelease=2.6.18" >> /etc/sysctl.conf.new
-  mv /etc/sysctl.conf.new /etc/sysctl.conf
-  sysctl compat.linux.osrelease=2.6.18
+  if [ -e "/boot/grub/grub.cfg" ] ; then
+    cp /etc/sysctl.conf /etc/sysctl.conf.bak
+    cat /etc/sysctl.conf | grep -v "compat.linux.osrelease" > /etc/sysctl.conf.new
+    echo "compat.linux.osrelease=2.6.18" >> /etc/sysctl.conf.new
+    mv /etc/sysctl.conf.new /etc/sysctl.conf
+    sysctl compat.linux.osrelease=2.6.18
+  fi
 
   # Update the pkgng configuration
   pc-updatemanager syncconf 2>/dev/null >/dev/null

diff --git a/src-sh/warden/scripts/backend/deletejail.sh b/src-sh/warden/scripts/backend/deletejail.sh
@@ -59,16 +59,22 @@ if [ $hasmount -eq 1 ] ; then
    exit 5
 fi
 
+
 echo -e "Deleting Jail...\c"
 isDirZFS "${JAILDIR}" "1"
 if [ $? -eq 0 ] ; then
   # Get the dataset of the jails mountpoint
-  rDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
-  tSubDir=`basename $JAILDIR`
-  jDataSet="${rDataSet}/${tSubDir}"
-
-  # Create ZFS mount
-  rc_halt "zfs destroy -r ${jDataSet}"
+  jDataSet=`mount | grep "on ${JAILDIR} " | awk '{print $1}'`
+
+  # Delete ZFS mount
+  umount -f "${JAILDIR}" >/dev/null 2>/dev/null
+  zfs destroy -r ${jDataSet}
+  if [ $? -ne 0 ] ; then
+     # Remount the dataset so we can try again later
+     mount -t zfs $jDataSet $JAILDIR
+     exit_err "Failed destroying $jDataSet"
+     exit 1
+  fi
   rmdir ${JAILDIR} 2>/dev/null
 else
   chflags -R noschg "${JAILDIR}"

diff --git a/src-sh/warden/scripts/backend/startjail.sh b/src-sh/warden/scripts/backend/startjail.sh
@@ -363,6 +363,30 @@ fi
 
 HOST="`cat ${JMETADIR}/host`"
 
+jFlags=""
+# Grab any additional jail flags
+if [ -e "${JMETADIR}/jail-flags" ] ; then
+  jFlags=`cat ${JMETADIR}/jail-flags`
+fi
+
+# Make sure the dataset is mounted
+jDataSet=`mount | grep "on ${JAILDIR} " | awk '{print $1}'`
+if [ -z "$jDataSet" ] ; then
+  pDataSet=`mount | grep "on ${JDIR} " | awk '{print $1}'`
+  rc_halt "mount -t zfs $pDataSet/$JAILNAME $JAILDIR"
+  jDataSet="$oDataSet/$JAILNAME"
+fi
+
+# If the user has enabled mounting of ZFS dataset, lets export this dataset to the jail
+echo $jFlags | grep -q "allow.mount.zfs=1"
+if [ $? -eq 0 ] ; then
+   jProp=`zfs get -H jailed $jDataSet | awk '{print $3}'`
+   if [ "$jProp" = "off" ] ; then
+     rc_halt "zfs set jailed=on $jDataSet"
+     if [ ! -d "$JAILDIR" ] ; then mkdir ${JAILDIR} ; fi
+     rc_halt "mount -t zfs $jDataSet ${JAILDIR}"
+   fi
+fi
 if is_symlinked_mountpoint ${JAILDIR}/dev; then
    echo "${JAILDIR}/dev has symlink as parent, not mounting"
 else
@@ -450,12 +474,6 @@ if [ -e "${JMETADIR}/alias-ipv6" ] ; then
   done < ${JMETADIR}/alias-ipv6
 fi
 
-jFlags=""
-# Grab any additional jail flags
-if [ -e "${JMETADIR}/jail-flags" ] ; then
-  jFlags=`cat ${JMETADIR}/jail-flags`
-fi
-
 # Are we using VIMAGE, if so start it up!
 if [ "$VIMAGEENABLE" = "YES" ] ; then
   start_jail_vimage
@@ -464,6 +482,14 @@ else
   start_jail_standard
 fi
 
+# If the user has enabled mounting of ZFS dataset, lets export this dataset to the jail
+echo $jFlags | grep -q "allow.mount.zfs=1"
+if [ $? -eq 0 ] ; then
+   # Run the ZFS command to export the dataset
+   jDataSet=`mount | grep "on ${JAILDIR} " | awk '{print $1}'`
+   zfs jail $JID $jDataSet
+fi
+
 if [ "$LINUXJAIL" = "YES" ] ; then
   # If we have a custom start script
   if [ -e "${JMETADIR}/jail-start" ] ; then

diff --git a/src-sh/warden/scripts/backend/stopjail.sh b/src-sh/warden/scripts/backend/stopjail.sh
@@ -73,6 +73,20 @@ JID="`jls | grep ${JAILDIR}$ | tr -s " " | cut -d " " -f 2`"
 
 echo -e ".\c"
 
+jFlags=""
+# Grab any additional jail flags
+if [ -e "${JMETADIR}/jail-flags" ] ; then
+  jFlags=`cat ${JMETADIR}/jail-flags`
+fi
+
+# If the user has enabled mounting of ZFS dataset, lets un-export this dataset to the jail
+echo $jFlags | grep -q "allow.mount.zfs=1"
+if [ $? -eq 0 ] ; then
+   # Run the ZFS command to export the dataset
+   jDataSet=`mount | grep "on ${JAILDIR} " | awk '{print $1}'`
+   zfs unjail $JID $jDataSet
+fi
+
 # Check if we need umount x mnts
 if [ -e "${JMETADIR}/jail-portjail" ] ; then umountjailxfs ${JAILNAME} ; fi