Solved Allowing mount_nullfs in jails built with ezjail

[quamenzullo]

Hello,

I would like to be able to use mount_nullfs from inside one of my jails.

I created it with ezjail(7), which does not use /etc/jail.conf yet (seems like it builds it, from its own old-style conf files, at each jail's startup).

In /usr/local/etc/ezjail/my_jail, there is no option to let the jail mount nullfs filesystem. But jail(8) mentions that it's possible to allow a privileged user inside a specific jail to mount nullfs filesystem by setting allow.mount.nullfs to "true":

allow.*
Some restrictions of the jail environment may be set on a per-
jail basis.

[...]

allow.mount.nullfs
privileged users inside the jail will be able to mount
and unmount the nullfs file system. This permission is
effective only together with allow.mount and only when
enforce_statfs is set to a value lower than 2.

I don't know how to do this, because the description of the line allowing to modify a parameter shows no way to tell to which jail the modification should apply:

SYNOPSIS
jail [-dhilqv] [-J jid_file] [-u username] [-U username] [-cmr]
param=value ... [command=command ...]

This doesn't work (as expected):

jail -mr allow.mount.nullfs="true" jail_name

I don't want to allow all the jails to mount nullfs filesystems. How is it possible?

 

[SirDice]

Just edit the /usr/local/etc/ezjail/<jail> script. Add the parameter to a similar line as this:

export jail_<jail>_parameters="allow.mount=1 allow.mount.nullfs=1 enforce_statfs=1"

After that the jail should be able to use nullfs(5).

 

[quamenzullo]

Hum I couldn't find it from the doc. Now I read it again and find where it is. Maybe I should print it and read everything (instead of browsing it with man looking for something).