# HG changeset patch
# User Franz Glasner <fzglas.hg@dom66.de>
# Date 1662752909 -7200
# Node ID 23f37702a502d828e09279849e6793c2025496ad
# Parent  9b0d83703a28bcc36afb9252fac220661150d383
Creating datasets for base and skeleton

diff -r 9b0d83703a28 -r 23f37702a502 sbin/ftjail
--- a/sbin/ftjail	Fri Sep 09 21:46:34 2022 +0200
+++ b/sbin/ftjail	Fri Sep 09 21:48:29 2022 +0200
@@ -122,7 +122,7 @@
 command_datasets_tmpl_skel() {
     local _p_base _name _dry_run
 
-    local _ds_skel _child
+    local _ds_skel _child _child_zfsopts
 
     _p_skel="${1-}"
     _name="${2-}"
@@ -160,10 +160,29 @@
     #            We typically want to use binary packages.
     #            And if we use ports they are not in usr/ports typically.
     #
-    # XXX FIXME: What about /home
+    #zfs create -u -o canmount=off "${_ds_skel}/usr/ports"
+    #
+    # XXX FIXME: What about home
     #
-    for _child in etc usr/local tmp var root ; do
-        zfs create -u -o canmount=noauto "${_ds_skel}/${_child}"
+    for _child in etc home root tmp usr/local var ; do
+        case "${_child}" in
+            "tmp"|"var/tmp")
+                _child_zfsopts="-o sync=disabled -o setuid=off"
+                ;;
+            "home")
+                _child_zfsopts="-o setuid=off"
+                ;;
+            "usr/ports/distfiles")
+                _child_zfsopts="-o exec=off -o setuid=off -o compression=off -o primarycache=metadata"
+                ;;
+            "var/mail")
+                _child_zfsopts="-o atime=on -o exec=off -o setuid=off"
+                ;;
+            *)
+                _child_zfsopts=""
+                ;;
+        esac
+        zfs create -u -o canmount=noauto ${_child_zfsopts} "${_ds_skel}/${_child}"
     done
 }