Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

FreeBSD: Add zfs jail property#17768

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
ihoro wants to merge1 commit intoopenzfs:master
base:master
Choose a base branch
Loading
fromihoro:0064-zfs-jail-prop

Conversation

@ihoro
Copy link
Contributor

Sponsored-by: SkunkWerks, GmbH

Motivation and Context

It targets#15710 feature request to add a read-only property to report name of the jail that mounted the dataset.

Description

The decisions made:

  • The0 name is used for datasets that are not mounted or not jailed. The default zfs style is to use- for a missing value, but it's allowed to have a jail named like that. At the same time there is no way to name a jail as0:jail: name cannot be numeric (unless it is the jid).
  • The mechanism remembers the name only, not jid. It can be treated as a caching mechanism to avoid time complexity increase. The reason is that all properties are prepared before listing only requested ones, and traversing all prisons (withallprison_lock) to lookup jail name by jid does not feel good for the cases with many jailed datasets and/or jails.
  • Because of the above, jail renaming is not supported -- it will still report the old name.
  • Nested jails are not supported for simplicity -- only non-jailed root can see actual value of the jail property, others are provided with0. Such way it covers the requirement not to reveal jail name to the jail itself.
  • As long as the name is cached, it's okay to have a situation when the dataset is still mounted even though the jail reported by this property is no longer present. It's not expected to be a usual case.
  • Thezfsprops.7 man page was extended to outline the property. It is mentioned within the section of tunables even though it is a read-only one, it seems to be better to keep it closer to thejailed property.

Hence, the mechanism is simple:

  • zfs_domount() cachespr_name
  • zfs_umount() clears the name

The proposed implementation covers usual cases without extra complexity and property retrieval performance impact. The opportunities for improvements are left for the future.

How Has This Been Tested?

Originally the patch was created months ago for 15-CURRENT, it was re-tested for the latest 16-CURRENT. The UI/UX demonstration:

# cat /etc/jail.confjail1 {        host.hostname = "jail1.local";        path = "/root/tmp/jailroot_15current_1";        persist = true;        mount.devfs = true;        allow.mount = true;        allow.mount.zfs = true;        enforce_statfs = 1;        exec.created = "/sbin/zfs jail jail1 p3/dataset2";        exec.start = "/bin/sh /etc/rc.d/zfs start";        exec.stop = "/bin/sh /etc/rc.d/zfs stop";        exec.poststop = "/sbin/zfs unjail jail1 p3/dataset2";        children.max = 99;}# zpool import -d tmp/p3 p3# zfs list -o name,mountpoint,mounted,jailed,jailNAME         MOUNTPOINT     MOUNTED  JAILED  JAILp3           /p3            yes      off     0p3/dataset1  /p3/dataset1   yes      off     0p3/dataset2  /dataset2_mnt  no       on      0p3/dataset3  /dataset3_mnt  no       on      0# service jail onestart jail1# zfs list -o name,mountpoint,mounted,jailed,jailNAME         MOUNTPOINT     MOUNTED  JAILED  JAILp3           /p3            yes      off     0p3/dataset1  /p3/dataset1   yes      off     0p3/dataset2  /dataset2_mnt  yes      on      jail1p3/dataset3  /dataset3_mnt  no       on      0# jexec jail1 zfs list -o name,mountpoint,mounted,jailed,jailNAME         MOUNTPOINT     MOUNTED  JAILED  JAILp3           /p3            no       off     0p3/dataset2  /dataset2_mnt  yes      on      0# jexec jail1 jail -c persist name=child allow.mount=true allow.mount.zfs=true enforce_statfs=1# zfs jail jail1.child p3/dataset3# jexec jail1.child zfs mount p3/dataset3# jexec jail1.child zfs list -o name,mountpoint,mounted,jailed,jailNAME         MOUNTPOINT     MOUNTED  JAILED  JAILp3           /p3            yes      off     0p3/dataset3  /dataset3_mnt  yes      on      0# jexec jail1 zfs list -o name,mountpoint,mounted,jailed,jailNAME         MOUNTPOINT     MOUNTED  JAILED  JAILp3           /p3            no       off     0p3/dataset2  /dataset2_mnt  yes      on      0# zfs list -o name,mountpoint,mounted,jailed,jailNAME         MOUNTPOINT     MOUNTED  JAILED  JAILp3           /p3            yes      off     0p3/dataset1  /p3/dataset1   yes      off     0p3/dataset2  /dataset2_mnt  yes      on      jail1p3/dataset3  /dataset3_mnt  yes      on      jail1.child

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Performance enhancement (non-breaking change which improves efficiency)
  • Code cleanup (non-breaking change which makes code smaller or more readable)
  • Quality assurance (non-breaking change which makes the code more robust against bugs)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
  • Documentation (a change to man pages or other documentation)

Checklist:

@ikozhukhov
Copy link
Contributor

under illumos based platform we havezone property. probably we can prepare and use universal name for all platforms ?
zones are virtual environment where we can provide dataset and exclude it from global zone and others.
I think we can usezone property or rename it to more universal/applicable name and use it.
I see duplicate logic for the same properties.

@ihoro
Copy link
ContributorAuthor

under illumos based platform we havezone property. probably we can prepare and use universal name for all platforms ? zones are virtual environment where we can provide dataset and exclude it from global zone and others. I think we can usezone property or rename it to more universal/applicable name and use it. I see duplicate logic for the same properties.

Thanks for taking this moment into consideration. Indeed, the cross-platform term in the codebase iszone, and it's turned out that in the past the decision was made to follow FreeBSD specific terminology when FreeBSD Jails support was added. Hence, we have already established interface with "jail" word:zfs jail,zfs unjail,zfs get jailed,zfs list -o jailed, etc. As long as it is directly related to the existingjailed feature, the FreeBSD users expect to have this new property namedjail, otherwise it could be misleading.

This read-only property reports the name of the jail that mounted the jailed
dataset.
The "0" name is used for datasets that are not mounted or not jailed.
If a jail is renamed, the property will still report its old name from
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

We should mention the reasoning for "0". What do you think of?:

The "0" name is used for datasets that are not mounted or not jailed.+ This differs from the normal ZFS convention to print dash ('-') for unset values,+ since '-' can be a valid jail name.

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

This is a great idea. Fixed, thanks.

@tonyhutter
Copy link
Contributor

  1. I saw this in the JSON output (zfs list -j ...):
"jail": {"value":"0","source": {"type":"LOCAL","data":"-"          }        }

I would have expectedtype to be NONE since this is read-only.

  1. Could you updatetests/zfs-tests/tests/functional/cli_root/zfs_jail/zfs_jail_001_pos.ksh with some simple tests to verifyzfs list -o jail ... works?

@behlendorfbehlendorf added the Status: Code Review NeededReady for review and testing labelSep 25, 2025
zfsvfs->z_os->os_dsl_dataset->ds_jailname=
kmem_zalloc(strlen(pr->pr_name)+1,KM_SLEEP);
strcpy(zfsvfs->z_os->os_dsl_dataset->ds_jailname,
pr->pr_name);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

You can usekmem_strdup(pr->pr_name); to simplify this.

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Indeed. Fixed.

(ds->ds_jailname&&INGLOBALZONE(curproc)) ?
ds->ds_jailname :"0"));
VERIFY0(nvlist_add_string(propval,ZPROP_SOURCE,setpoint));
VERIFY0(nvlist_add_nvlist(*nvp,"jail",propval));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Thefnvlist_* wrappers should be used here, or better yet add the required error handling even if they're almost certain never to fail.

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Sure. It seems I followed the examples fromdsl_prop_get_all_impl() itself. Migrated tofnvlist_*, thanks.

A read-only property to report name of the jail that mounted thedataset.Sponsored-by: SkunkWerks, GmbHSigned-off-by: Igor Ostapenko <pm@igoro.pro>
@ihoro
Copy link
ContributorAuthor

  1. I saw this in the JSON output (zfs list -j ...):
"jail": {"value":"0","source": {"type":"LOCAL","data":"-"          }        }

I would have expectedtype to be NONE since this is read-only.

Fixed.

  1. Could you updatetests/zfs-tests/tests/functional/cli_root/zfs_jail/zfs_jail_001_pos.ksh with some simple tests to verifyzfs list -o jail ... works?

Sure, especially that existing test provides a working baseline. I've added a separate test not to mix multiple concerns into a single one.

Comment on lines +2104 to +2105
If the jail is renamed, the property will still report its old name from
the time the dataset was mounted.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

It makes me wonder if reporting jail ID would be more predictable.

chards_snapname[ZFS_MAX_DATASET_NAME_LEN];

#ifdef__FreeBSD__
char*ds_jailname;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I am not familiar with zones, but wouldn't this functionality apply there too? Would someds_zonename without theifdef be more universal?

structprison*pr=curthread->td_ucred->cr_prison;
if (pr!=&prison0) {
zfsvfs->z_os->os_dsl_dataset->ds_jailname=
kmem_strdup(pr->pr_name);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Again, I am not closely familiar with the zone/jail code in ZFS, but I am not sure the delegation should necessarily be tied to a mounting. I suppose some dataset may not be mounted, but be controlled by the jail. Am I wrong?

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@behlendorfbehlendorfbehlendorf left review comments

@amotinamotinamotin left review comments

@tonyhuttertonyhuttertonyhutter left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Status: Code Review NeededReady for review and testing

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ihoro@ikozhukhov@tonyhutter@behlendorf@amotin
[8]ページ先頭
©2009-2025 Movatter.jp