[Ukfreebsd] NFS from within a jail

Sevan / Venture37 venture37 at gmail.com
Fri Apr 30 20:02:08 BST 2010

On 29 April 2010 18:52, Robert N. M. Watson <rwatson at freebsd.org> wrote:
> On 27 Apr 2010, at 20:59, Sevan / Venture37 wrote:
>> I'm trying to get tinderbox running in a jail but falling short on the
>> NFS config side of things, when initiating a build I'm getting
>> RPCPROG_NFS: RPC: Program not registered, anyone had any joy with NFS
>> from within jails?
>> I'm running 8.0-RELEASE.
> In general, you have to do any mounting from outside the Jail, and then the Jail is able to use the file system if it's visible in the Jail's file system namespace. It could be that you're not running one of a pile of daemons sometimes/often required with NFS -- normally rpcbind, rpc.statd, and rpc.lockd, which should run in the host environment.
> Robert

Thanks for the pointers guys.
I needed to be able to mount from within a jail because tinderbox
mount a copy of ports & src into the build directory, so though I
could do the sharing from the host I'd still be stuck.
I managed to get as far as serving an NFS share from a jail without
having any NFS related services running on the host using net/unfs3
from ports, I couldn't however mount any shares from jails as this is
not supported. As ports-mgmt/tinderbox can mount from NFS or nullfs I
decided to give nullfs a try but again this is not supported within a
jail, looking around for possible work arounds I found a thread on
freebsd-current@ with a snipet of code to allow nullfs mounts from a
Security was not an issue here as the system has one user account,
myself, and this is a dev system for testing ports so I gave it a try.
After a compile & install of a new kernel followed up by a three
fingered salute I was able to do nullfs mounts from the jail.
I fired off a build process to test if it was working & it kind of did
except as tinderbox cant mount an  instance of devfs in the dev
directory of a build, so a lot of things wont compile or tinderbox
complains when it checks that the port cleansup after itself properly
because there is a file called null in the dev directory that wasn't
there before, It is not possible to mount an instance of devfs in the
correct place from the host but because in-between build attempts
tinderbox cleans up after itself so this only works for a single
attempt & then fails again.
I'm sure there are other problems aswell with the jail itself,
tinderbox creates a jail with the build inside so I guess if tinderbox
itself is running in a jail you'd need nested jail support right?
If a jail is started via the rc script with no references to
children.max (like in my case) how is tinderbox able to create these
Anyway long story short, tinderbox needs to run on the host operating system.


More information about the Ukfreebsd mailing list