The ezjail rc script: 1. starts the jail first 2. -> calls /etc/rc in the jail 3. -> runs /etc/rc.d/zfs (and any other rc scripts which might depend on a /zfs path being mounted) 4. Finally after the jail is started the ezjail rc script runs 'zfs jail' to attach the datasets. This ordering makes the use of startup scripts impossible in the jail which depend on the ZFS dataset being jailed. I'm not sure how to fix this without using a post_start script to restart rc services or to rework /etc/rc.d/jail to: 1. start the jail 2. zfs jail datasets 3. jexec run the startcmd I think the only sane thing is to fix /etc/rc.d/jail. I'm logging this as a tracking/discussion issue though.
Maintainers CC'd
Moving this to "open" since maintainer was notified and there's no patch to apply with the timeout.
Hi, This this problem still relevant for the current systems?
Same question: Is this still relevant?
Yup this is still relevant. A simple workaround for *startup* is to use exec.created. exec.poststart is too late if you want rc scripts depending on the zfs dataset. exec.start before /etc/rc might work but I didn't try. To be clear the "zfs jail" needs to occur between jail(2) and jexec "sh /etc/rc". --- /tmp/jail 2022-06-07 21:56:17.886298000 -0700 +++ /etc/rc.d/jail 2022-06-07 21:56:19.863706000 -0700 @@ -213,6 +213,7 @@ parse_options() echo " exec.system_user = \"root\";" echo " exec.jail_user = \"root\";" extract_var $_jv exec_prestart exec.prestart 0 "" + extract_var $_jv exec_created exec.created - "" extract_var $_jv exec_poststart exec.poststart 0 "" extract_var $_jv exec_prestop exec.prestop 0 "" extract_var $_jv exec_poststop exec.poststop 0 "" Then in the ezjail/jail.conf file something like this: # Must not set zfs_datasets or /usr/local/etc/rc.d/ezjail does the "zfs jail" too late (which is ignored but causes a warning) export jail_backups_exec_created="zfs jail \$name backup" There is no corresponding place in the jail stop to do "zfs unjail". It needs to occur after /etc/rc.shutdown but before jail_remove(2). jail.*stop* are all just wrong for this. In practice the "zfs unjail" piece does not seem important but I could be wrong. iocage avoids all of this by not using /etc/rc.d/jail like ezjail does. It uses jail(8) and controls the ordering properly.
Bryan, should this PR be closed? As you noted, #15484 is the corresponding basesystem one, and we can't do anything in FreeBSD to fix this in ezjail (and ezjail doesn't seem to be mantained anymore). The only thing we can do is to work on #15484. Note, for my use case in ezjail, I used the poststart inside the ezjail jail config file, to run "service -j jailname zfs start" and "service -j jailname xxx restart" (for suitable XXX which depend upon it).
Oppps, #154484, one digit lost in my previous comment.