Introduce JAILED_DATASET option to poudriere.conf#1197
Introduce JAILED_DATASET option to poudriere.conf#1197arrowd wants to merge 1 commit intofreebsd:masterfrom
Conversation
|
Could we add some hooks, or use existing hooks, to achieve this? |
|
I agree, the hooks feels like a more proper place for this feature, but from what I gather, even the "jail start" hook is ran after the jail is actually created, so there is no way for it to pass |
|
How do we move this forward? |
|
Bump. Can we get this in? |
This option allows passing a temporary ZFS dataset into the jail along with full control over it from within the jail. Sponsored by: Future Crew, LLC
|
The problem is that you want it in so it can be maintained upstream. But without tests it will quickly break and rot and I can't promise it will work tomorrow. It is very niche and I don't see the use case outside of your special port. I think we need to add more hooks to let you have your code run exactly where and how needed.
This could be set in poudriere.conf I'll comment in the code where I think to try hooks. |
| case "${JAILED_DATASET}" in | ||
| "") ;; | ||
| *) | ||
| allow_mount_args="allow.mount=1 allow.mount.zfs=1 enforce_statfs=1" |
There was a problem hiding this comment.
poudriere.conf JAIL_PARAMS="allow.mount=1 allow.mount.zfs=1 enforce_statfs=1"
| if [ "${JAILED_DATASET}" ]; then | ||
| local jailed_dataset_name=${ZPOOL}${ZROOTFS}${JAILED_DATASET}_${name:?} | ||
| zfs destroy -Rf ${jailed_dataset_name} 2>/dev/null || : | ||
| zfs create -o jailed=on ${jailed_dataset_name} | ||
| zfs jail ${name:?} ${jailed_dataset_name} | ||
| zfs jail ${name:?}-n ${jailed_dataset_name} | ||
| fi |
There was a problem hiding this comment.
run_hook jstart post "${name}"
|
|
||
| if [ "${JAILED_DATASET}" ]; then | ||
| zfs destroy -Rf ${ZPOOL}${ZROOTFS}${JAILED_DATASET}_${name:?} 2>/dev/null || : | ||
| fi |
|
If the hooks work for you let me know and I can add them in or you can PR it. If you need an ability for a hook to return something we can discuss that too. |
|
Thank you. I only rebased this PR to catch up with upstream changes and solve conflicts. This is now a very low priority for me, so maybe you should remove this PR from the |
2 participants
Rationale for the change:
We at $WORK are using Poudriere as a part of the CI process. For a selected set of ports we define
WITH_TESTING_PORTS, which makes thetesttarget a part of the pipeline. It works quite well for many of ports we're using.However, one of the projects we've developed requires creating a ZFS dataset as part of its tests. The #1175 PR made it possible for
zfscommand to run, but no datasets or pools are visible from within the jail. This follow-up change passes through a throw-away ZFS dataset into the jail and gives full access to it.I understand that the feature is quite niche, but it doesn't add much complexity to the code, so I hope it will be accepted.