Solved Share ZFS filesystem in host and jail

tetsuo

tetsuo

Hello
I have a jail configured like this:

jellyfin {
# STARTUP/LOGGING
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_console_${name}.log";

# PERMISSIONS
allow.raw_sockets;
exec.clean;
mount.devfs;
allow.mount = true;
allow.mount.zfs = true;
allow.mount;
securelevel = 0;
allow.mlock = 1;
allow.sysvipc = 1;
allow.nfsd = 1;
enforce_statfs=1;

# HOSTNAME/PATH
host.hostname = "${name}";
path = "/stranger/jails/${name}";

# NETWORK
ip4.addr = "bge4|192.168.1.173/24";
ip4.addr += "vlan0|10.100.0.142/25";

}


I have in the host /etc/fstab the following line to mount the /stranger/media ZFS filesystem onto the jail:
/stranger/media /stranger/jails/jellyfin/stranger/media nullfs rw,noatime 0 0

To get access to /stranger on other machines on the network, I use NFS (both v3 and v4) to mount the filesystem. I can access the rest of filesystems in /stranger but I cannot access /stranger/media especifically:


~ [qmdx] % doas mount -t nfs4 192.168.1.230:/stranger nfs
~ [qmdx] % ls nfs/media
"nfs/media": Input/output error (os error 5)


So, the main question is, is there a better way to share a dataset between host and a jail? I tried zfs-jail too, but that makes the /stranger/jail filesystem unavailable in the host, so i cannot access it from NFS anyways.

Thank you
 
I was curious about this too and found this forum post awhile back, but haven’t had a chance to try it yet, as I’m still working on my current project. Perhaps the solution of mounting the directories with nullfs in the jail will work for you?
 
I'm not sure how I fixed this, but apparently changing the nullfs mount options in the jail to exec.prestart = "/sbin/mount_nullfs -o rw,noatime,nosuid,nocache /stranger/media /stranger/jails/jellyfin/stranger/media";
Changed my /etc/exports to:
V4: / -sec=sys -network 192.168.1.0/24
/stranger/media -maproot=root -alldirs -network 192.168.1.0 -mask 255.255.255.0
While having the following sharenfs property on the stranger filesystem
~ [icarus] % zfs get sharenfs stranger
NAME PROPERTY VALUE SOURCE
stranger sharenfs -alldirs,-maproot=root,-network=192.168.1.0/24 received
 
BTW, I'm curious, and this may be unrelated to any problems you're having, is there a reason you're running standard jail networking and not VNET? I'm unsure how this would affect the ZFS sharing; it may require different configuration settings.
 
Because for what I need this jail (torrenting, and streaming movies in jellyfin, and music) i have not needed vnet features so far, the vlan you can see routes the traffic into a wireguard vpn so I don't have to create a vnet jail to make the jail accesible on the vpn.

For ZFS sharing, I ended up using nullfs with other options, and it works now. Also managed to use NFSv4 which seems to be better
 
You must log in or register to reply here.
Back
Top