Date: Sat, 20 Jan 2024 07:09:40 -0800 From: Rick Macklem <rick.macklem@gmail.com> To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Cc: freeBSd-stable@freebsd.org Subject: Re: mounting NFS share from the jail Message-ID: <CAM5tNy4pALP1A_d3vCJbeYA3TBx=79b3ibF%2BGpRaOpFC15dmyg@mail.gmail.com> In-Reply-To: <ZavdGlzmEJzEwtxN@plan-b.pwste.edu.pl>
index | next in thread | previous in thread | raw e-mail
On Sat, Jan 20, 2024 at 6:48 AM Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> wrote: > > Dear List, > > there were some efforts to allow running nfsd(8) inside the jail, but is > mounting an NFS share from the jail allowed? Inside the jail > "security.jail.mount_allowed" is set to 1, I also added "add path net > unhide" to the ruleset in devfs.rules but when trying to mount the NFS > share I get only the error: > > mount_nfs: nmount: /usr/src: Operation not permitted > > It's not a big deal, the shares can be mounted from the jail host, but I > am surprised that one can run NFSD inside the jail while mounting NFS > shares is still denied. > > Am I missing anything or is mounting NFS from inside the jail still > unsupported? The tests were done on the recent stable/14 from the vnet > jail. Any clues h will be appreciated. You are correct. Mounting from inside a jail is not supported. After doing the vnet conversion for nfsd, I tried doing it for the NFS client. There were a moderate # of global variables that needed to be vnet'd, which I did. The hard/messy part was having the threads (anything that calls an NFS VFS/VOP call) set to the proper vnet. It would have required a massive # of CURVET_SET()/CURVET_RESTORE() macros and I decided that it was just too messy. If it becomes a necessary feature, it is ugly but doable. rick > > Cheers > > -- > Marek Zarychta >help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy4pALP1A_d3vCJbeYA3TBx=79b3ibF%2BGpRaOpFC15dmyg>