From 4058446e547ed85cea2f86ccc1a26f4f6fa4b902 Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Sun, 11 May 2025 15:04:05 -0600
Subject: [PATCH] docs: Add docs about jailing a dataset using the template
 approach

---
 docs/chapters/zfs-support.rst | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/docs/chapters/zfs-support.rst b/docs/chapters/zfs-support.rst
index 43387001..e29690eb 100644
--- a/docs/chapters/zfs-support.rst
+++ b/docs/chapters/zfs-support.rst
@@ -82,3 +82,34 @@ the file is simple.
   pool/other/dataset /other/path/in/jail
 
 To remove a dataset from being jailed, we can run ``bastille zfs TARGET unjail pool/dataset``.
+
+Template Approach
+^^^^^^^^^^^^^^^^^
+
+While it is possible to "jail" a dataset using a template, it is a bit more "hacky" than the above apporach.
+Below is a template that you can use that will add the necessary bits to the ``jail.conf`` file to "jail" a 
+dataset.
+
+.. code-block:: shell
+
+  ARG JAIL_NAME
+  ARG DATASET
+  ARG MOUNT
+
+  CONFIG set allow.mount
+  CONFIG set allow.mount.devfs
+  CONFIG set allow.mount.zfs
+  CONFIG set enforce_statfs 1
+
+  CONFIG set "exec.created += '/sbin/zfs jail ${JAIL_NAME} ${DATASET}'"
+  CONFIG set "exec.start += '/sbin/zfs set mountpoint=${MOUNT} ${DATASET}'"
+
+  RESTART
+
+  CONFIG set "exec.prestop += 'jexec -l -U root ${JAIL_NAME} /sbin/zfs umount ${DATASET}'"
+  CONFIG set "exec.prestop += '/sbin/zfs unjail ${JAIL_NAME} ${DATASET}'"
+
+  RESTART
+
+This template can be applied using ``bastille template TARGET project/template --arg DATASET=zpool/dataset --arg MOUNT=/path/inside/jail``.
+We do not need the ``JAIL_NAME`` arg, as it will be auto-filled from the supplied ``TARGET`` name.