nullfs in FreeBSD jail

Boris Samorodov bsam at ipt.ru
Fri Jul 20 17:40:14 EDT 2007


On Fri, 20 Jul 2007 17:25:20 -0400 Joe Marcus Clarke wrote:
> On Sat, 2007-07-21 at 01:10 +0400, Boris Samorodov wrote:

> > I'm installing ports-mgmt/tinderbox at a FreeBSD jail. Distfiles 
> > (/usr/ports/distfiles) from the host nullfs'ed into the jail. Now I
> > want tinderbox to use nullfs for distfiles (i.e. distfiles from the
> > FreeBSD jail nullfs to ${tc}/portstrees/...). But I get:
> > "mount_nullfs: Operation not permitted".

> Make sure you have the nullfs kernel module loaded before trying to do
> the mount in the jail.  Jails can't kldload modules.  Beyond that, I
> believe it will work.

Well, the main distfile from the host is nullfs'ing while host is
booting...

Thanks for the comment.

> > The host:
> > -----
> > % uname -a
> > FreeBSD and.ipt.ru 7.0-CURRENT FreeBSD 7.0-CURRENT #5: Fri Jul 20 18:48:45 MSD 2007     bsam at and.ipt.ru:/ms/usr/obj/usr/src/sys/GENERIC+ULE3.0  amd64
> > % sysctl security.jail
> > security.jail.jailed: 0
> > security.jail.mount_allowed: 1
> > security.jail.chflags_allowed: 1
> > security.jail.allow_raw_sockets: 0
> > security.jail.enforce_statfs: 2
> > security.jail.sysvipc_allowed: 1
> > security.jail.socket_unixiproute_only: 1
> > security.jail.set_hostname_allowed: 1
> > -----

WBR
-- 
Boris Samorodov (bsam)
Research Engineer, http://www.ipt.ru Telephone & Internet SP
FreeBSD committer, http://www.FreeBSD.org The Power To Serve


More information about the tinderbox-list mailing list