# ZFS snapshot directory access Operation not permitted in Jail on FreeBSD13



## Mike Selner (Jun 1, 2021)

Hi,

I recently upgraded some systems from FreeBSD12 to FreeBSD13 (OpenZFS).

Inside a jail, I get "Operation not permitted" when trying to access a directory. All access as root.


```
ls /.zfs/snapshot/xxxx
```

On 11 & 12, I can view the contents of this directory inside the Jail. On 13, Operation not Permitted.

Outside the jail (host system), I can view the contents of this directory on all versions.

My jails are started/stopped by ezjail. Snapshots are done manually, not using ezjail.

I do not think it is related to the ZFS property "snapdir" which has always been "hidden" on all my datasets. 
I believe snapdir: visible only affects the display of .zfs in a directory listing. I've always been able to explicitly access /.zfs/snapshot/xxxxx in the jail prior to 13.

I don't need to manage the dataset within the jail so I've not used the "jailed" property in the past, and it is "off" on all datasets.

Has anyone experienced this and is there a known fix? 

Thanks


----------



## mer (Jun 1, 2021)

If I'm understanding correctly, the snapshot directory is on the host, accessing from the host works, but inside the jail you can't?  
Don't jails effectively have a different "/" than the host? (chrooted as a way of describing it)

If the above describes it correctly, I'm not sure it's technically a bug (If I'm wrong, I'll defer to those with the knowledge).


----------



## Mike Selner (Jun 1, 2021)

Yes - the jail is chrooted. The .zfs directory is under the root inside the jail: /.zfs/snapshot/xxx
It was always available prior to 13. I suspect a change in the ZFS implementation.


----------



## emmex (Jun 7, 2021)

I have found the same problem, but after accessing the snapshot directory from the host, the jail can access it.


----------



## bigart (Aug 19, 2021)

Mike Selner said:


> Yes - the jail is chrooted. The .zfs directory is under the root inside the jail: /.zfs/snapshot/xxx
> It was always available prior to 13. I suspect a change in the ZFS implementation.


I have the same problem. Did you resolve it ?


----------



## bigart (Aug 19, 2021)

After execute ls -li command in host for each .zfs/snapshot folder everything is back to normal.
Now I can execute ls -li command inside the jail for .zfs/snapshot without permission problem.

??


It's also resolve problem with shadow_copy2 in Samba. In my case, the previous versions stopped working after upgrade to FreeBSD 13.


----------



## Mike Selner (Aug 19, 2021)

bigart said:


> I have the same problem. Did you resolve it ?


No I have to use the ls command on the host
I set up a cron job to do this every hour so I don't have to remember to do so.
ls -al /var/jail/*/.zfs/snapshot/*


----------



## urs (Dec 2, 2021)

I have filed a bug report on bugs.freebsd.org:





						260160 – zfs jailed: snapshots not accessible
					






					bugs.freebsd.org
				




How can you access a jailed zfs-dataset from the host? (i.e. one that has jailed=on ?


----------

