Skip to content

Instantly share code, notes, and snippets.

@dlangille

dlangille/mounts Secret

Created Jan 3, 2021
Embed
What would you like to do?
The nullfs mounts required in a FreshPorts ingress jail
I was wondering how to effeciently do all these mounts for a simple jail.
I found a reference here: https://forums.freebsd.org/threads/mount-nullfs-in-a-jail.72715/
"Still, the fstab.jail (see mount.fstab inside /etc/jail.conf) is best way to resolve this"
And another here: https://forums.freebsd.org/threads/using-nullfs-in-etc-fstab.59061/
"Don't add it to /etc/fstab if it's specific for this jail. Make use of /etc/fstab.<jailname> to mount
it "on-the-fly" when the jail starts."
So why is this not documented in man jail.conf?
Then I found: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244569
"please document path for mount.fstab in jail.conf(5)
#
# For the FreshPorts chroot within this jail
#
/jails/ingress01/root/bin /jails/ingress01/root/var/db/freshports/ports-jail/bin nullfs ro,nosuid 0 0
none /jails/ingress01/root/var/db/freshports/ports-jail/dev devfs rw 0 0
/jails/ingress01/root/lib /jails/ingress01/root/var/db/freshports/ports-jail/lib nullfs ro,nosuid 0 0
/jails/ingress01/root/libexec /jails/ingress01/root/var/db/freshports/ports-jail/libexec nullfs ro,nosuid 0 0
/jails/ingress01/root/sbin /jails/ingress01/root/var/db/freshports/ports-jail/sbin nullfs ro,nosuid 0 0
/jails/ingress01/root/usr/share/mk /jails/ingress01/root/var/db/freshports/ports-jail/usr/share/mk nullfs ro,nosuid,noexec 0 0
/jails/ingress01/root/usr/sbin /jails/ingress01/root/var/db/freshports/ports-jail/usr/sbin nullfs ro,nosuid 0 0
/jails/ingress01/root/usr/bin /jails/ingress01/root/var/db/freshports/ports-jail/usr/bin nullfs ro,nosuid 0 0
/jails/ingress01/root/usr/lib /jails/ingress01/root/var/db/freshports/ports-jail/usr/lib nullfs ro,nosuid 0 0
/jails/ingress01/root/usr/libexec /jails/ingress01/root/var/db/freshports/ports-jail/usr/libexec nullfs ro,nosuid 0 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment