From nobody@FreeBSD.org  Fri Aug 20 11:31:51 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E0F80106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 20 Aug 2010 11:31:51 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id CFD678FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 20 Aug 2010 11:31:51 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o7KBVpNb028063
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 20 Aug 2010 11:31:51 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o7KBVpeB028062;
	Fri, 20 Aug 2010 11:31:51 GMT
	(envelope-from nobody)
Message-Id: <201008201131.o7KBVpeB028062@www.freebsd.org>
Date: Fri, 20 Aug 2010 11:31:51 GMT
From: Kenneth Vestergaard <kvs@binarysolutions.dk>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH] add support to /etc/rc.d/jail for delegating ZFS-filesystems to jails
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         149831
>Category:       conf
>Synopsis:       [PATCH] add support to /etc/rc.d/jail for delegating ZFS-filesystems to jails
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-rc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 20 11:40:01 UTC 2010
>Closed-Date:    Sun May 04 03:49:00 UTC 2014
>Last-Modified:  Sun May 04 03:49:00 UTC 2014
>Originator:     Kenneth Vestergaard
>Release:        8.1-RELEASE
>Organization:
pil.dk
>Environment:
FreeBSD mckusick.pil.dk 8.1-RELEASE FreeBSD 8.1-RELEASE #12: Fri Aug  6 00:18:40 CEST 2010     root@mckusick.pil.dk:/usr/obj/dana/src/freebsd8/src/sys/MCKUSICK  amd64

>Description:
A simple patch adding an rc.conf-variable to make /etc/rc.d/jail run 'zfs jail $jid' on all
filesystems with 'jailed=on' set beneath the path specified in jail_$name_delegate_path.

>How-To-Repeat:

>Fix:


Patch attached with submission follows:

# $PIL$

Add a jail_NAME_delegate_path-variable to rc.conf, which'll delegate
all jailed zfs's under that path to the newly-started jail.

--- src/etc/rc.d/jail.orig	2010-08-20 12:15:24.720731927 +0200
+++ src/etc/rc.d/jail	2010-08-20 13:16:24.744226221 +0200
@@ -41,6 +41,7 @@
 	eval _ip=\"\$jail_${_j}_ip\"
 	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
 	eval _exec=\"\$jail_${_j}_exec\"
+	eval _delegate_path=\"\$jail_${_j}_delegate_path\"
 
 	i=0
 	while : ; do
@@ -132,6 +133,7 @@
 	debug "$_j procdir: $_procdir"
 	debug "$_j ruleset: $_ruleset"
 	debug "$_j fstab: $_fstab"
+	debug "$_j delegate_path: $_delegate_path"
 
 	i=0
 	while : ; do
@@ -640,6 +642,14 @@
 
 		if [ "$?" -eq 0 ] ; then
 			_jail_id=$(head -1 ${_tmp_jail})
+
+			if [ ! -z "${_delegate_path}" ] ; then
+				/sbin/zfs get -s local -rH -o name,value jailed ${_delegate_path} | \
+				    /usr/bin/awk '$2 == "on" { print $1 }' | \
+				    /usr/bin/xargs -I % /sbin/zfs jail ${_jail_id} %
+				jail -m jid=${_jail_id} allow.mount=1
+			fi
+
 			i=1
 			while : ; do
 				eval out=\"\${_exec_afterstart${i}:-''}\"


>Release-Note:
>Audit-Trail:

From: Kenneth Vestergaard <kvs@binarysolutions.dk>
To: bug-followup@FreeBSD.org,
 kvs@binarysolutions.dk
Cc:  
Subject: Re: misc/149831: [PATCH] add support to /etc/rc.d/jail for delegating ZFS-filesystems to jails
Date: Fri, 20 Aug 2010 16:03:16 +0200

 --Apple-Mail-4--936881281
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain;
 	charset=us-ascii
 
 Improved patch - it is necessary to get a stable jail-id before
 launching the jail, since the delegated filesystems need to be
 delegated before launching /etc/rc.
 
 
 
 --Apple-Mail-4--936881281
 Content-Disposition: attachment;
 	filename=zfs-fix-delegated-paths-in-jail.diff.txt
 Content-Type: text/plain;
 	name="zfs-fix-delegated-paths-in-jail.diff.txt"
 Content-Transfer-Encoding: 7bit
 
 --- src/etc/rc.d/jail.orig	2010-08-19 12:39:01.000000000 +0200
 +++ src/etc/rc.d/jail	2010-08-20 15:57:07.508674101 +0200
 @@ -41,6 +41,7 @@
  	eval _ip=\"\$jail_${_j}_ip\"
  	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
  	eval _exec=\"\$jail_${_j}_exec\"
 +	eval _delegate_path=\"\$jail_${_j}_delegate_path\"
  
  	i=0
  	while : ; do
 @@ -132,6 +133,7 @@
  	debug "$_j procdir: $_procdir"
  	debug "$_j ruleset: $_ruleset"
  	debug "$_j fstab: $_fstab"
 +	debug "$_j delegate_path: $_delegate_path"
  
  	i=0
  	while : ; do
 @@ -635,8 +637,23 @@
  			i=$((i + 1))
  		done
  
 -		eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
 -			\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
 +		# create jail with 'persist', so we can get a jid before starting it,
 +		# which is needed if we need to delegate any zfs-filesystems to it.
 +		jail -i -c name=${_jail} path=${_rootdir} persist > ${_tmp_jail} 2>&1
 +		_jail_id=$(head -1 ${_tmp_jail})
 +		echo started jail ${_jail} with id ${_jail_id}
 +
 +		if [ ! -z "${_delegate_path}" ] ; then
 +			jail -m jid=${_jail_id} allow.mount=1
 +			/sbin/zfs get -s local -rH -o name,value jailed ${_delegate_path} | \
 +			    /usr/bin/awk '$2 == "on" { print $1 }' | \
 +			    /usr/bin/xargs -I % /sbin/zfs jail ${_jail_id} %
 +		fi
 +
 +		eval ${_setfib} jail ${_flags} -m \
 +			jid=${_jail_id} \
 +			host.hostname=${_hostname} \
 +			ip4.addr=\"${_addrl}\" command=${_exec_start} 2>&1
  
  		if [ "$?" -eq 0 ] ; then
  			_jail_id=$(head -1 ${_tmp_jail})
 @@ -669,6 +686,7 @@
  			echo " cannot start jail \"${_jail}\": "
  			tail +2 ${_tmp_jail}
  		fi
 +		jail -m jid=${_jail_id} nopersist # remove 'persist' set at create-time
  		rm -f ${_tmp_jail}
  	done
  	rmdir ${_tmp_dir}
 
 --Apple-Mail-4--936881281--
Responsible-Changed-From-To: freebsd-bugs->freebsd-rc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Aug 20 21:10:55 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=149831 

From: Kenneth Vestergaard <kvs@binarysolutions.dk>
To: bug-followup@FreeBSD.org,
 kvs@binarysolutions.dk
Cc:  
Subject: Re: conf/149831: [PATCH] add support to /etc/rc.d/jail for delegating ZFS-filesystems to jails
Date: Mon, 23 Aug 2010 14:34:32 +0200

 --Apple-Mail-7--683005463
 Content-Transfer-Encoding: quoted-printable
 Content-Type: text/plain;
 	charset=us-ascii
 
 Small update to fix a regression where output didn't go to =
 /var/log/jail_NAME_console.log any more.
 
 
 --Apple-Mail-7--683005463
 Content-Disposition: attachment;
 	filename=zfs-fix-delegated-paths-in-jail.diff.txt
 Content-Type: text/plain;
 	x-unix-mode=0644;
 	name="zfs-fix-delegated-paths-in-jail.diff.txt"
 Content-Transfer-Encoding: 7bit
 
 # $PIL$
 
 Add a jail_NAME_delegate_path-variable to rc.conf, which'll delegate
 all jailed zfs's under that path to the newly-started jail.
 
 http://www.freebsd.org/cgi/query-pr.cgi?pr=149831
 
 --- src/etc/rc.d/jail.orig	2010-08-19 12:39:01.000000000 +0200
 +++ src/etc/rc.d/jail	2010-08-20 15:57:07.508674101 +0200
 @@ -41,6 +41,7 @@
  	eval _ip=\"\$jail_${_j}_ip\"
  	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
  	eval _exec=\"\$jail_${_j}_exec\"
 +	eval _delegate_path=\"\$jail_${_j}_delegate_path\"
  
  	i=0
  	while : ; do
 @@ -132,6 +133,7 @@
  	debug "$_j procdir: $_procdir"
  	debug "$_j ruleset: $_ruleset"
  	debug "$_j fstab: $_fstab"
 +	debug "$_j delegate_path: $_delegate_path"
  
  	i=0
  	while : ; do
 @@ -635,8 +637,23 @@
  			i=$((i + 1))
  		done
  
 -		eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
 -			\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
 +		# create jail with 'persist', so we can get a jid before starting it,
 +		# which is needed if we need to delegate any zfs-filesystems to it.
 +		jail -i -c name=${_jail} path=${_rootdir} persist > ${_tmp_jail} 2>&1
 +		_jail_id=$(head -1 ${_tmp_jail})
 +		echo started jail ${_jail} with id ${_jail_id}
 +
 +		if [ ! -z "${_delegate_path}" ] ; then
 +			jail -m jid=${_jail_id} allow.mount=1
 +			/sbin/zfs get -s local -rH -o name,value jailed ${_delegate_path} | \
 +			    /usr/bin/awk '$2 == "on" { print $1 }' | \
 +			    /usr/bin/xargs -I % /sbin/zfs jail ${_jail_id} %
 +		fi
 +
 +		eval ${_setfib} jail ${_flags} -m \
 +			jid=${_jail_id} \
 +			host.hostname=${_hostname} \
 +			ip4.addr=\"${_addrl}\" command=${_exec_start} >> ${_tmp_jail} 2>&1
  
  		if [ "$?" -eq 0 ] ; then
  			_jail_id=$(head -1 ${_tmp_jail})
 @@ -669,6 +686,7 @@
  			echo " cannot start jail \"${_jail}\": "
  			tail +2 ${_tmp_jail}
  		fi
 +		jail -m jid=${_jail_id} nopersist # remove 'persist' set at create-time
  		rm -f ${_tmp_jail}
  	done
  	rmdir ${_tmp_dir}
 
 --Apple-Mail-7--683005463--

From: Kenneth Vestergaard <kvs@binarysolutions.dk>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: conf/149831: [PATCH] add support to /etc/rc.d/jail for delegating ZFS-filesystems to jails
Date: Fri, 9 Sep 2011 12:10:46 +0200

 Please close this PR - =
 http://people.freebsd.org/~mm/patches/jail/jail_etc.patch is a better
 version.
 
 
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Sun May 4 03:48:15 UTC 2014 
State-Changed-Why:  
Submitter notes this was later done a different way 

http://www.freebsd.org/cgi/query-pr.cgi?pr=149831 
>Unformatted:
