# zfs + usermount in a jail?



## oliver@ (Apr 12, 2014)

Hi,

has someone zfs + usermount in a jail working?

What works:
- usermount on the host

```
root@reis /root> sysctl security.jail.jailed
security.jail.jailed: 0
root@reis /root> su -m bacula
bacula@reis /root> mount -t zfs zbackup /mnt/backup/
bacula@reis /root> df zbackup
Filesystem  1K-blocks      Used      Avail Capacity  Mounted on
zbackup    1915746156 715677784 1200068372    37%    /mnt/backup
bacula@reis /root> umount zbackup
```
- mount as root in the jail

```
root@arborio /root> sysctl security.jail.jailed
security.jail.jailed: 1
root@arborio /root> mount -t zfs zbackup /mnt/backup/
root@arborio /root> df zbackup
Filesystem  1K-blocks      Used      Avail Capacity  Mounted on
zbackup    1915746156 715677784 1200068372    37%    /mnt/backup
root@arborio /root> umount zbackup
```

What does not work:
- usermount in the jail

```
root@arborio /tmp> su -m bacula
bacula@arborio /tmp> mount -t zfs zbackup /mnt/backup/
mount: zbackup: Operation not permitted
Exit 1
bacula@arborio /tmp>
```


----------



## asteriskRoss (May 15, 2014)

Hi @oliver@, I posted about a similar unsolved issue here: Thread 46146.  However, I noticed the error message you received was different.  You may be using a different FreeBSD/ZFS version but it may also be worth looking at my post to compare your configuration, though of course something about my configuration isn't right either.


----------



## SirDice (May 15, 2014)

oliver@ said:
			
		

> What does not work:
> - usermount in the jail
> 
> ```
> ...


It doesn't work that way. On the host side you need to specify the dataset as "jailed" and use the `zfs jail` command to assign it to a specific jail. For example (short form):


```
host# zfs create -o jailed=on zroot/jailzfs
host# zfs jail myjail zroot/jailzfs # assigns zroot/jailzfs to the jail named "myjail"

myjail# zfs set mountpoint=/storage zroot/jailzfs
myjail# zfs mount -a
```

You need the jail options allow.mount, allow.mount.zfs and enforce_statfs must be set to 1.

Unfortunately, I can't seem to get the ZFS dataset to mount when the jail starts. I always have to login on the jail and enter `zfs mount -a`. For some reason setting zfs_enable="YES" in the jail's /etc/rc.conf doesn't seem to work. But perhaps that's an issue with my jails themselves. I still need to update them to 10.0-STABLE (the host runs 10.0-STABLE but the jails are still 10.0-RELEASE).


----------

