Hi! Is anyone hosting userspace nfs (unfs3 or nfs-ganesha) from a non-vm zone (either smartos or lx)? Curious if this is viable.

The normal kernel server is also available.

Not sure if this adds any real security or is just silly, but my line of thinking was only hypervisors would have access to an iscsi vlan. Portions of the iscsi backed filesystems would be lofs mounted into zones, and then shared via user space nfs. The goal being a strong barrier between client VMs and raw storage such that a root’ed vm wouldn’t give any additional access to raw storage (it would only have access to the small portion that is lofs

mounted in the zone)

what I don’t want is any VMs having direct access to storage vlans.

bahamat: might work, in case e1000 is compiled in. would need to setup an extra vnic assigned to the zone I guess. would be much much nicer to have this integrated into in the brand bhyve.

tomww: Well if you find that it works then maybe we can plumb it up.