# ZFS poudriere jail - not mounting filesystem



## tyson (Feb 28, 2021)

I have a minor problem with my jail configuration for poudriere builder.
Everything works, except poudriere jail dataset is not getting mounted on jail start
filesystems hierarchy is :
fbsd/usr/jails/JAIL_NAME for jails root /
fbsd/pdr/w0 poudriere jail filesystem.
`zfs set jailed=on fbsd/pdr/w0` is done.
Configuration:
/etc/jail.buildbot-worker0.conf


Spoiler: /etc/jail.buildbot-worker0.conf





```
buildbot-worker0 {
    host.hostname = buildbot-worker0.localdomain;
    ip4.addr = "lo1|10.0.0.3/24";
    ip4.addr += "lo0|127.0.0.3";
    path = "/usr/jails/buildbot-worker0";
    exec.start = "/bin/sh /etc/rc";
    exec.stop = "/bin/sh /etc/rc.shutdown";
    exec.consolelog = "/var/log/jail_buildbot-worker0_console.log";
    mount.devfs; # need /dev/*random for Python
    persist;

    exec.poststart += "/sbin/zfs jail buildbot-worker0 fbsd/pdr/w0";
   
    allow.chflags;
    allow.mount=1;
    allow.mount.devfs;
    allow.mount.nullfs;
    allow.mount.procfs;
    allow.mount.tmpfs;
    allow.mount.zfs=1; # only needed if you use ZFS
    allow.raw_sockets; # optional
    allow.socket_af; # optional
    allow.sysvipc; # optional
    children.max=16;
    enforce_statfs=1;
}
```



jail rc.conf:


Spoiler: jail rc.conf





```
cron_flags="$cron_flags -J 15"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
syslogd_flags="-c -ss"
ipv6_activate_all_interfaces="NO"
sshd_enable="NO"


buildbot_worker_basedir="/var/buildbot-worker"
buildbot_worker_uid="buildbot-worker"
buildbot_worker_gid="buildbot-worker"
buildbot_worker_enable="YES"
```




Zfs props :
`zfs get canmount fbsd/pdr/w0`

```
NAME         PROPERTY  VALUE     SOURCE
fbsd/pdr/w0  canmount  on        default
```
Problem is fbsd/pdr/w0 is not getting mounted after jail start. I have to do `services zfs start` inside jail manually.


FreeBSD 13

```
FreeBSD kowalczt.ddns.net 13.0-STABLE FreeBSD 13.0-STABLE #0 stable/13-2947fc2cc: Wed Feb 24 15:03:24 CET 2021     root@kowalczt.ddns.net:/usr/obj/usr/src/amd64.amd64/sys/tyson-13-stable  amd64
```


----------



## tyson (Feb 28, 2021)

So to make things little more clear.
If Im correct, after setting `jailed` property of the filesystem,
`allow.mount`, `allow.mount.zfs`, and `enforce_statfs` to 1
jail should have full control of the filesystem right ?
Does setting `zfs_enable="YES"` in jail's /etc/rc.conf would just mount this filesystem inside  jail ?


----------



## twllnbrck (Feb 28, 2021)

On the host try to turn on the following values in /etc/sysctl.conf:

```
security.jail.mount_allowed=1
security.jail.mount_devfs_allowed=1
security.jail.mount_zfs_allowed=1
```


----------



## tyson (Feb 28, 2021)

twllnbrck said:


> On the host try to turn on the following values in /etc/sysctl.conf:
> 
> ```
> security.jail.mount_allowed=1
> ...


I already have that (except devfs, but i think its not relevant anyway), so it doesn't working for me.

PS. Strange thing is, if i put `zfs_enable="YES"` in jail rc.conf it doesnt mount it, but after manual running it later its being mounted.


----------



## twllnbrck (Mar 2, 2021)

It worked for me with `mount.devfs` in /etc/jail.conf. 
Anyway you can simply use nullfs(5) in your jails fstab, thats what I do.


----------



## tyson (Mar 2, 2021)

I can live with it. Was only wondering what should be correct behavior for that.


----------



## thutuid (Jan 24, 2022)

This can happen if you configure Poudriere before you provide the jail with all of the permissions it needs. You can fix it by setting the 'mountpoint' property  of zroot/iocage/jails/<jailname>/data to /usr/local/poudriere or whichever folder you configured poudriere to put its data.


----------

