FreeBSD: Add zfs jail property

A read-only property to report name of the jail that mounted the
dataset.

Sponsored-by: SkunkWerks, GmbH
Signed-off-by: Igor Ostapenko <[email protected]>

Author: ihoro

include/sys/dsl_dataset.h

@@ -268,6 +268,10 @@ typedef struct dsl_dataset {
 
 	/* Protected by ds_lock; keep at end of struct for better locality */
 	char ds_snapname[ZFS_MAX_DATASET_NAME_LEN];
+
+#ifdef __FreeBSD__
+	char *ds_jailname;
+#endif
 } dsl_dataset_t;
 
 static inline dsl_dataset_phys_t *

include/sys/fs/zfs.h

@@ -203,6 +203,7 @@ typedef enum {
 	ZFS_PROP_DEFAULTUSEROBJQUOTA,
 	ZFS_PROP_DEFAULTGROUPOBJQUOTA,
 	ZFS_PROP_DEFAULTPROJECTOBJQUOTA,
+	ZFS_PROP_ZONE,
 	ZFS_NUM_PROPS
 } zfs_prop_t;
 

lib/libzfs/libzfs.abi

@@ -2259,7 +2259,8 @@
       <enumerator name='ZFS_PROP_DEFAULTUSEROBJQUOTA' value='103'/>
       <enumerator name='ZFS_PROP_DEFAULTGROUPOBJQUOTA' value='104'/>
       <enumerator name='ZFS_PROP_DEFAULTPROJECTOBJQUOTA' value='105'/>
-      <enumerator name='ZFS_NUM_PROPS' value='106'/>
+      <enumerator name='ZFS_PROP_ZONE' value='106'/>
+      <enumerator name='ZFS_NUM_PROPS' value='107'/>
     </enum-decl>
     <typedef-decl name='zfs_prop_t' type-id='4b000d60' id='58603c44'/>
     <enum-decl name='zprop_source_t' naming-typedef-id='a2256d42' id='5903f80e'>

man/man7/zfsprops.7

@@ -2095,6 +2095,16 @@ for more information.
 Jails are a
 .Fx
 feature and this property is not available on other platforms.
+.It Sy jail
+This read-only property reports name of the jail that mounted the jailed
+dataset.
+The "0" name is used for datasets that are not mounted or not jailed.
+This differs from the normal ZFS convention to print dash ('-') for unset
+values, since it can be a valid jail name.
+If the jail is renamed, the property will still report its old name from
+the time the dataset was mounted.
+The reported jail may no longer exist, while the dataset remains mounted.
+The property is not revealed to jails themselves, the "0" is reported instead.
 .It Sy zoned Ns = Ns Sy off Ns | Ns Sy on
 Controls whether the dataset is managed from a non-global zone or namespace.
 See

module/os/freebsd/zfs/zfs_vfsops.c

@@ -1310,6 +1310,18 @@ zfs_domount(vfs_t *vfsp, char *osname)
 
 	if (!zfsvfs->z_issnap)
 		zfsctl_create(zfsvfs);
+
+#ifdef __FreeBSD__
+	if (error == 0) {
+		/* zone dataset visiblity was checked before in zfs_mount() */
+		struct prison *pr = curthread->td_ucred->cr_prison;
+		if (pr != &prison0) {
+			zfsvfs->z_os->os_dsl_dataset->ds_jailname =
+			    kmem_strdup(pr->pr_name);
+		}
+	}
+#endif
+
 out:
 	if (error) {
 		dmu_objset_disown(zfsvfs->z_os, B_TRUE, zfsvfs);
@@ -1783,6 +1795,12 @@ zfs_umount(vfs_t *vfsp, int fflag)
 		dmu_objset_set_user(os, NULL);
 		mutex_exit(&os->os_user_ptr_lock);
 
+#ifdef __FreeBSD__
+		if (os->os_dsl_dataset->ds_jailname)
+			kmem_strfree(os->os_dsl_dataset->ds_jailname);
+		os->os_dsl_dataset->ds_jailname = NULL;
+#endif
+
 		/*
 		 * Finally release the objset
 		 */

module/zcommon/zfs_prop.c

@@ -516,9 +516,13 @@ zfs_prop_init(void)
 	zprop_register_index(ZFS_PROP_ZONED, "jailed", 0, PROP_INHERIT,
 	    ZFS_TYPE_FILESYSTEM, "on | off", "JAILED", boolean_table,
 	    sfeatures);
+	zprop_register_string(ZFS_PROP_ZONE, "jail", NULL, PROP_READONLY,
+	    ZFS_TYPE_FILESYSTEM, "<jailname> | 0", "JAIL", sfeatures);
 #else
 	zprop_register_index(ZFS_PROP_ZONED, "zoned", 0, PROP_INHERIT,
 	    ZFS_TYPE_FILESYSTEM, "on | off", "ZONED", boolean_table, sfeatures);
+	zprop_register_string(ZFS_PROP_ZONE, "zone", NULL, PROP_READONLY,
+	    ZFS_TYPE_FILESYSTEM, "<zonename>", "ZONE", sfeatures);
 #endif
 	zprop_register_index(ZFS_PROP_VSCAN, "vscan", 0, PROP_INHERIT,
 	    ZFS_TYPE_FILESYSTEM, "on | off", "VSCAN", boolean_table, sfeatures);

module/zfs/dsl_prop.c

@@ -1230,6 +1230,15 @@ dsl_prop_get_all_ds(dsl_dataset_t *ds, nvlist_t **nvp,
 			goto out;
 	}
 
+#ifdef __FreeBSD__
+		nvlist_t *propval = fnvlist_alloc();
+		fnvlist_add_string(propval, ZPROP_VALUE,
+		    (ds->ds_jailname && INGLOBALZONE(curproc)) ?
+		    ds->ds_jailname : "0");
+		fnvlist_add_nvlist(*nvp, "jail", propval);
+		nvlist_free(propval);
+#endif
+
 	for (; dd != NULL; dd = dd->dd_parent) {
 		if (dd != ds->ds_dir || (flags & DSL_PROP_GET_SNAPSHOT)) {
 			if (flags & (DSL_PROP_GET_LOCAL |

tests/runfiles/freebsd.run

@@ -23,7 +23,7 @@ failsafe = callbacks/zfs_failsafe
 tags = ['functional']
 
 [tests/functional/cli_root/zfs_jail:FreeBSD]
-tests = ['zfs_jail_001_pos']
+tests = ['zfs_jail_001_pos', 'zfs_jail_property']
 tags = ['functional', 'cli_root', 'zfs_jail']
 
 [tests/functional/pam:FreeBSD]

tests/zfs-tests/tests/Makefile.am

@@ -761,6 +761,7 @@ nobase_dist_datadir_zfs_tests_tests_SCRIPTS += \
 	functional/cli_root/zfs_jail/cleanup.ksh \
 	functional/cli_root/zfs_jail/setup.ksh \
 	functional/cli_root/zfs_jail/zfs_jail_001_pos.ksh \
+	functional/cli_root/zfs_jail/zfs_jail_property.ksh \
 	functional/cli_root/zfs_load-key/cleanup.ksh \
 	functional/cli_root/zfs_load-key/setup.ksh \
 	functional/cli_root/zfs_load-key/zfs_load-key_all.ksh \

tests/zfs-tests/tests/functional/cli_root/zfs_jail/zfs_jail_001_pos.ksh

@@ -35,7 +35,7 @@
 # 1. Create a jail.
 # 2. Perform some basic ZFS operations on a dataset both in the host and
 #    in the jail to confirm the dataset is functional in the host
-#    and hidden in in the jail.
+#    and hidden in the jail.
 # 3. Run `zfs jail` to expose the dataset in the jail.
 # 4. Perform some basic ZFS operations on the dataset both in the host and
 #    in the jail to confirm the dataset is functional in the jail and host.