# ezjail and zfs from inside the jail



## wonslung (May 30, 2009)

how do you make zfs commands work inside of an ezjail jail.
i get this:
internal error: failed to initialize ZFS library


----------



## vivek (May 30, 2009)

Inside jail direct file system access, mounting and accessing raw devices are not allowed. Put your jail in zfs file system itself.


----------



## phoenix (May 30, 2009)

Yeah, think of it from the outside in:  create a ZFS filesystem and use that as the root of the jail.


----------



## wonslung (May 30, 2009)

so it's impossible to create zfs filesystems inside the jail?
i really hope not....i would think because you can set quotas and all it should be easy to control from outside if you need to but i really want to be able to use zfs INSIDE the jail as well for the exact same reason....i would think theres got to be a way to do this....

but you bring up an interesting question....when i first made the jail i didn't know ezjail had support for using ZFS itself via the ezjail_use_zfs="YES" in rc.conf

how hard would it be to convert to using zfs for the jails themselves?

(i want to have all my jails in a zfs filesystem....i didn't set that up at first...can i move the contents of /usr/jails then do zfs create tank/usr/jails and copy it back in? or will that cause me major problems?)


----------



## phoenix (May 31, 2009)

Jails are all about limiting what you can do inside the jail.  If you had full access to create/modify/use zfs inside the jail, then you could easily DoS the box.

Jails are also (usually) single-use setups (run a web server, run a mail server, run a database server, etc).  Why would you need to be able to create unlimited numbers of filesystems and snapshots inside the jail?

Management of system resources is done from outside the jail.  Inside the jail, you can use only those resources that have been given to you.

That just doesn't match up with ZFS.  Use ZFS to set the limits for the jail (reservation, quota, compression, etc), and to create backups of the jail (snapshots, clones, etc).

In theory, you should be able to stop all your jails, move the directory, create the ZFS directory with the same mountpoint, and then either move or "cp -Rp" or "tar c | tar x" or "dump | restore" to move the files over, retaining permissions.


----------



## wonslung (Jun 1, 2009)

well considering the new version of zfs allows you to grant non super user accounts access to zfs create i figured it would only make sense that you would be able to do it inside a jail as well.

i can think of a few scenerios where it would be useful....i see jails as being about flexability too.


----------



## phoenix (Jun 1, 2009)

That might work, in theory.  Haven't use ZFSv13 yet, though.


----------



## vivek (Jun 1, 2009)

I highly doubt that ... may be someone need to write a patch to provide raw access or may be devfs can provide the access. But never tried out...


----------



## wonslung (Jun 1, 2009)

i was under the impression you COULD edit devfs.rules to allow other stuff....


----------



## vivek (Jun 2, 2009)

Yes, you can but I'm not sure about zfs, e.g

```
devfs -m /jails/example.com/dev rule -s 20 applyset
```
See /etc/defaults/devfs.rules and /usr/share/examples/etc/devfs.conf for more details about each rule. Usually, devfsrules_jail (#4) is applied to jail. You may need to dig out man pages (devfs(5) and devfs(8)) to get it working...


----------

