ZFS under FreeBSD lets one assign filesystems to a jail, such that an account in the jail with the appropriate privileges can access the filesystem, create new subordinate filesystems, and so forth. At least with 8-STABLE, these features are not integrated into the existing /etc/rc.d/jail
script. The basic process looks something like:
sysctl -w security.jail.enforce_statfs=0
sysctl -w security.jail.mount_allowed=1
zfs set jailed=on <filesystem>
zfs jail <jid> <filesystem>
And also requires exposing the zfs
device node inside the jail.
At the same time, there appear to be a profusion of tools out there (ezjail, jailer, warden, and generally /usr/ports/sysutils/*jail*
) that claim to be easier/better/more powerful/etc, but most of which appear to only be lightly maintained and not really much of a win vs. the standard jail script.
I would like to avoid reinventing the wheel. Is there a jail management tool out there that is well integrated with ZFS? I'm looking for something that would take care of setting up the necessary devfs rules, sysctl settings, and zfs attributes when booting a jail...and ideally permit name-based references to jails, which while supported by many of the third-party tools is tragically missing from the stock jail script.