zones can commit suicide by zvol
From the original Joyent bug report:
creating a zvol from within a zone with a delegated dataset causes the zone to fail to boot
[root@bh1-build0 ~]# zonecfg -z johns info dataset dataset: name: zones/johns/data
[root@bh1-build0 ~]# zoneadm -z johns reboot cannot verify zfs dataset zones/johns/data/usbkey: volumes cannot be specified as a zone dataset resource zoneadm: zone johns failed to verify
And Jerry's analysis:
This check is coming from usr/src/cmd/zoneadm/zfs.c in the verify_datasets() function where we are calling zfs_iter_children to check for zvols. Disabling this call allows the zone to boot, but it looks like the original thought here is that since there is no /dev/zvol hierarchy inside the zone it doesn't make sense to allow zvols to be created. There are a couple of options here. We could either try to get /dev/zvol inside the zone or we could modify zfs create so that it errors if we try to create a zvol inside a zone.