Discussion:
Mounting NFS From Within a Jail
Tim Gustafson
2010-05-29 03:26:06 UTC
Permalink
Hi,

I previously sent this message to the freebsd-questions list, but I think perhaps I should have posted it to the freebsd-jail list instead.

Is it possible to mount an NFS file system from within a jail?

On my jail host, I have:

security.jail.mount_allowed: 1
***@jailhost: mount
/dev/da0s1a on / (ufs, local)
devfs on /dev (devfs, local, multilabel)
nfsserver:/usr/ports on /usr/ports (nfs)
nfsserver:/usr/src on /usr/src (nfs)
nfsserver:/usr/obj on /usr/obj (nfs)

However, from within a jail, I get:

***@jailguest: mount nfsserver:/usr/ports /usr/ports
mount_nfs: /usr/ports, : Operation not permitted

Am I missing something else here?

Tim Gustafson
Baskin School of Engineering
UC Santa Cruz
***@soe.ucsc.edu
831-459-5354
Glen Barber
2010-05-29 18:06:39 UTC
Permalink
Hi Tim,
Post by Tim Gustafson
Hi,
I previously sent this message to the freebsd-questions list, but I think perhaps I should have posted it to the freebsd-jail list instead.
Is it possible to mount an NFS file system from within a jail?
You cannot mount NFS shares inside a jail because of rpcbind.

The best solution I've found is to mount the NFS share on the jail host,
and create a nullfs mount of that mountpoint to the jail.

Regards,
--
Glen Barber
Tim Gustafson
2010-06-01 21:57:42 UTC
Permalink
Post by Glen Barber
You cannot mount NFS shares inside a jail because of
rpcbind. The best solution I've found is to mount the
NFS share on the jail host, and create a nullfs mount
of that mountpoint to the jail.
Ok, that makes sense (I guess), but what's the deal with these options in rc.conf then:

jail_fstab="/etc/fstab.jails"
jail_mount_enable="yes"

I've got those both set exactly as shown, but I can't find much documentation about them and they seem to be ineffective (except that when I put an invalid file name for jail_fstab, it complains about the file being invalid). /etc/fstab.jails contains:

# Device Mountpoint FStype Options Dump Pass#
nfshost:/usr/ports /usr/ports nfs rw,bg 0 0
nfshost:/usr/src /usr/src nfs rw,bg 0 0
nfshost:/usr/obj /usr/obj nfs rw,bg 0 0

I was thinking that the rc.conf options listed above would somehow mount the file systems from the host OS and then start the jail, but that appears to not be the case. Am I misunderstanding the intent of these rc.conf options?

Tim Gustafson
Baskin School of Engineering
UC Santa Cruz
***@soe.ucsc.edu
831-459-5354

Loading...