Skip to content

Commit 47c886a

Browse files
committed
Introduce JAILED_DATASET option to poudriere.conf
This option allows passing a temporary ZFS dataset into the jail along with full control over it from within the jail. Sponsored by: Future Crew, LLC
1 parent 284e683 commit 47c886a

File tree

2 files changed

+37
-5
lines changed

2 files changed

+37
-5
lines changed

src/etc/poudriere.conf.sample

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,14 @@
1818
# root of the poudriere zfs filesystem, by default /poudriere
1919
# ZROOTFS=/poudriere
2020

21+
# ZFS dataset relative to ZROOTFS that will be passed into jail using zfs-jail(8)
22+
# The jail will have full control over this dataset
23+
# The dataset is recreated from scratch on every jail start and is destroyed
24+
# when jail is stopped
25+
# Enabling this feature will set "allow.mount=1", "allow.mount.zfs=1"
26+
# and "enforce_statfs=1" parameters for the jail
27+
#JAILED_DATASET=
28+
2129
# the host where to download sets for the jails setup
2230
# You can specify here a host or an IP
2331
# replace _PROTO_ by http or ftp

src/share/poudriere/common.sh

Lines changed: 29 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -890,6 +890,7 @@ injail_tty() {
890890
jstart() {
891891
local mpath name network
892892
local MAX_MEMORY_BYTES
893+
local allow_mount_args
893894

894895
unset MAX_MEMORY_BYTES
895896
case "${MAX_MEMORY:+set}" in
@@ -906,6 +907,12 @@ jstart() {
906907
;;
907908
esac
908909

910+
case "${JAILED_DATASET}" in
911+
"") ;;
912+
*)
913+
allow_mount_args="allow.mount=1 allow.mount.zfs=1 enforce_statfs=1"
914+
esac
915+
909916
_my_name name
910917

911918
mpath=${MASTERMNT:?}${MY_JOBID:+/../${MY_JOBID}}
@@ -915,13 +922,21 @@ jstart() {
915922
# Restrict to no networking (if RESTRICT_NETWORKING==yes)
916923
jail -c persist name=${name:?} \
917924
path=${mpath:?} \
918-
host.hostname=${BUILDER_HOSTNAME-${name}} \
919-
${network} ${JAIL_PARAMS}
925+
host.hostname=${BUILDER_HOSTNAME-${name:?}} \
926+
${network} ${allow_mount_args} ${JAIL_PARAMS}
920927
# Allow networking in -n jail
921-
jail -c persist name=${name}-n \
928+
jail -c persist name=${name:?}-n \
922929
path=${mpath:?} \
923-
host.hostname=${BUILDER_HOSTNAME-${name}} \
924-
${ipargs} ${JAIL_PARAMS} ${JAIL_NET_PARAMS}
930+
host.hostname=${BUILDER_HOSTNAME-${name:?}} \
931+
${ipargs} ${allow_mount_args} ${JAIL_PARAMS} ${JAIL_NET_PARAMS}
932+
933+
if [ "${JAILED_DATASET}" ]; then
934+
local jailed_dataset_name=${ZPOOL}${ZROOTFS}${JAILED_DATASET}_${name:?}
935+
zfs destroy -Rf ${jailed_dataset_name} 2>/dev/null || :
936+
zfs create -o jailed=on ${jailed_dataset_name}
937+
zfs jail ${name:?} ${jailed_dataset_name}
938+
zfs jail ${name:?}-n ${jailed_dataset_name}
939+
fi
925940
return 0
926941
}
927942

@@ -961,6 +976,10 @@ jstop() {
961976
_my_name name
962977
jail -r ${name:?} 2>/dev/null || :
963978
jail -r ${name:?}-n 2>/dev/null || :
979+
980+
if [ "${JAILED_DATASET}" ]; then
981+
zfs destroy -Rf ${ZPOOL}${ZROOTFS}${JAILED_DATASET}_${name:?} 2>/dev/null || :
982+
fi
964983
}
965984

966985
eargs() {
@@ -10239,6 +10258,11 @@ set) ;;
1023910258
case ${ZROOTFS} in
1024010259
[!/]*) err 1 "ZROOTFS should start with a /" ;;
1024110260
esac
10261+
: ${JAILED_DATASET=""}
10262+
case ${JAILED_DATASET} in
10263+
"") ;;
10264+
[!/]*) err 1 "JAILED_DATASET should start with a /" ;;
10265+
esac
1024210266
;;
1024310267
esac
1024410268

0 commit comments

Comments
 (0)