docs: Add docs about jailing a dataset using the template approach

2026-01-03 19:23:42 +01:00 · 2025-05-11 15:04:05 -06:00
parent 4b6a4c14ae
commit 4058446e54
1 changed files with 31 additions and 0 deletions
--- a/docs/chapters/zfs-support.rst
+++ b/docs/chapters/zfs-support.rst
@@ -82,3 +82,34 @@ the file is simple.
  pool/other/dataset /other/path/in/jail

 To remove a dataset from being jailed, we can run ``bastille zfs TARGET unjail pool/dataset``.
+
+Template Approach
+^^^^^^^^^^^^^^^^^
+
+While it is possible to "jail" a dataset using a template, it is a bit more "hacky" than the above apporach.
+Below is a template that you can use that will add the necessary bits to the ``jail.conf`` file to "jail" a 
+dataset.
+
+.. code-block:: shell
+
+  ARG JAIL_NAME
+  ARG DATASET
+  ARG MOUNT
+
+  CONFIG set allow.mount
+  CONFIG set allow.mount.devfs
+  CONFIG set allow.mount.zfs
+  CONFIG set enforce_statfs 1
+
+  CONFIG set "exec.created += '/sbin/zfs jail ${JAIL_NAME} ${DATASET}'"
+  CONFIG set "exec.start += '/sbin/zfs set mountpoint=${MOUNT} ${DATASET}'"
+
+  RESTART
+
+  CONFIG set "exec.prestop += 'jexec -l -U root ${JAIL_NAME} /sbin/zfs umount ${DATASET}'"
+  CONFIG set "exec.prestop += '/sbin/zfs unjail ${JAIL_NAME} ${DATASET}'"
+
+  RESTART
+
+This template can be applied using ``bastille template TARGET project/template --arg DATASET=zpool/dataset --arg MOUNT=/path/inside/jail``.
+We do not need the ``JAIL_NAME`` arg, as it will be auto-filled from the supplied ``TARGET`` name.