# unknown ZFS property: jailed



## serverhamster (Jun 20, 2011)

```
zfs get all <filesystem>
```
Here you see the property jailed, but zfs(1) makes no mention of it.

A bit of googling solves pieces of the puzzle. Apparently it is used for exporting zfs filesystems to a jail. But what next? I have a jail called 'ftp' and tried the following:

```
# jls
   JID  IP Address      Hostname                      Path
     2  192.168.0.4     ftp.example.com                   /jail/ftp
# sysctl security.jail.enforce_statfs=0
security.jail.enforce_statfs: 2 -> 0
# sysctl security.jail.mount_allowed=1
security.jail.mount_allowed: 0 -> 1
```
Now, I'd like to export the zfs filesysem rpool/JAIL/test

```
# zfs set jailed=on rpool/JAIL/test
# zfs jail 2 rpool/JAIL/test
```
Then, go to the jail and list zfs filesystems:

```
# jexec 2 tcsh
ftp# zfs list
internal error: failed to initialize ZFS library
```
What am I doing wrong, and is there some documentation about this?


----------



## usdmatt (Jun 20, 2011)

Please note I've not used ZFS within jails yet but I may be able to shed some light on some of the issues.

As far as I can see, the ZFS man pages are pretty much straight from Solaris. I've noticed a few things that don't apply to FreeBSD, or things that only apply to FreeBSD that are missing. This is probably why the jail property (which is specific to FreeBSD) doesn't show up.

Also you need to make the /dev/zfs device available to the jails which might be locked down if you're using devfs rules.

I came across the following serverfault question the other day where the author seemed to answer his own question with some useful information.
http://serverfault.com/questions/278013/is-there-a-tool-for-managing-freebsd-jails-that-knows-about-zfs


----------



## SirDice (Jun 20, 2011)

serverhamster said:
			
		

> What am I doing wrong, and is there some documentation about this?


Not a lot of documentation but this post might help:

http://freebsd.1045724.n5.nabble.com/Fwd-ZFS-and-jailed-environments-best-practice-td4043042.html


----------



## serverhamster (Jun 20, 2011)

Thanks. I managed to get quite a bit further.
A /etc/devfs.rules is needed:

```
[ftp_ruleset=10]
add include $devfsrules_jail
add path zfs unhide
```
After that, restart the jail and the filesystems with property jailed=on can be exported.

There is one problem remaining. How can I make sure 
	
	



```
zfs jail 1 rpool/JAIL/test
```
 is executed on reboot? The JID might change.

(Also, the output of df and even zfs list is now quite confusing because it lists mountpoints, but doesn't mention that the mountpoint is in a jail.)


----------



## nORKy (Jun 23, 2011)

My jail name (rc.conf name) is www and its path is /jails/www/:

To set the zfs jail option on the /data directory inside the  jail (or zroot/jails/www/data in the host):

in rc.conf:

```
jail_www_exec_poststart0="/jails/www.start"
```

http://www.start :

```
#!/bin/sh

# replace www by your jail path or jail hostname
id=`jls | awk '/www/ { print $1 }'`

zfs jail $id zroot/jails/www/data

# ... some other stuffs
```


----------



## SirDice (Jun 24, 2011)

I could have sworn I'd seen that option mentioned in the zfs(8) man page. But alas, it isn't there.

Have you tried using the jail's name instead of its JID?

I've set a name on my jail with:

```
jail_intranetz_flags="-l -U root -n intranetz"
```

After that you can do:
`# jexec internetz /bin/tcsh`

Not sure if it works with *zfs jail* though but if it works it would solve the 'unknown' JID problem.


----------

