# Jails, zfs quotas, and nullfs



## ravinald (Nov 23, 2009)

Has anyone figured a good method for using jails following the method in section 15.6 of the Handbook while using zfs with quotas?

Right now each jailspace has its own zpool with a quota in /z/jail/${jail}.  The mroot is just in the general pool without a quota also in /z/jail.  I nullfs RO mount the mroot to /z/jail/mount/${jail} but the problem is the free disk space reported within the jail is that of mroot (which makes sense) and not that of the RW mount of the jail's jail space.

One seeming unavoidable, unappealing alternative is to have the mroot physically be in /z/jail/${jail} along with the jailspace and the jail's actual mount point.  Doing a nullfs mount all within the same zfs pool should correctly report the available disk as expected however this makes updating less appealing.

Am I over engineering this?  Did I even articulate my problem well enough that anyone has an idea what I'm trying to do?


----------



## wonslung (Nov 24, 2009)

why not just use ezjails, and before you create the jail make a zfs filesystem for it.

For example, if your jail dir is /usr/jails

```
zfs create tank/jails/
zfs set mountpoint=/usr/jails tank/jails
zfs create tank/jails/newjail
ezjail-admin create newjail 10.0.0.1
```


----------



## ravinald (Nov 24, 2009)

wonslung said:
			
		

> why not just use ezjails, and before you create the jail make a zfs filesystem for it.



I'm not sure how ezjail will address maintaining a RO system space and RW user space.  Did you reference 15.6 Application of Jails of the Handbook?


----------



## wonslung (Nov 24, 2009)

yes, i read the handbook.  Did you read about ezjails?

ezjail does exactly that.




> Overview (from http://erdgeist.org/arts/software/ezjail/ )
> 
> A Jail in FreeBSD-speak is one or more tasks with the same kernel Jail-ID, bound on a single IP address, having the same chroot-environment. One usecase of the FreeBSD Jail Subsystem is to provide virtual FreeBSD-systems within a Host-system. ezjail is about making this as easy as possible, aiming for minimum system resource usage. All further references to the term Jail are to a virtual FreeBSD-system consisting of a host name, an IP-address and a Jail root.
> 
> ...



It builds a basejail and mounts it ro using a bunch of symbolic links.

the basejail is in /usr/jails/basejail which it mounts using the /etc/fstab.jailname file on /usr/jails/jailname/basejail

then it uses symbolic links to point to stuff in /usr/jails/jailname/basejail

i also tend to use the /etc/fstab.jailname file to mount the base system /usr/src and /usr/ports (some of the ports need /usr/src, i don't think it's many) and i mount them ro just like the basejail.

by default, ezjail builds all ports in $JAIL/var/ports/ so mounting it ro is fine.

but even without using ezjails, you should be able to do what you're saying.  make a zfs filesystem, then make a dir inside of that to mount your basejail on ro, set up your links pointing to your stuff in the basejail and it will do basically the same thing as what i said in the first post.

Unless i am misunderstanding what you want to do.


----------



## ravinald (Nov 24, 2009)

I skimmed the page far too quickly and completely missed the Overview.  It appears to do what I need so I'll give it a go and see how it works.

Thanks for helping me to read.


----------

