Date: Sat, 20 Jan 2024 13:54:51 -0500 From: Charles Sprickman <spork@bway.net> To: Rick Macklem <rick.macklem@gmail.com> Cc: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>, freeBSd-stable@freebsd.org Subject: Re: mounting NFS share from the jail Message-ID: <40470D94-B175-4718-A80E-23B06B747C52@bway.net> In-Reply-To: <CAM5tNy4pALP1A_d3vCJbeYA3TBx=79b3ibF%2BGpRaOpFC15dmyg@mail.gmail.com> References: <ZavdGlzmEJzEwtxN@plan-b.pwste.edu.pl> <CAM5tNy4pALP1A_d3vCJbeYA3TBx=79b3ibF%2BGpRaOpFC15dmyg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Jan 20, 2024, at 10:09=E2=80=AFAM, Rick Macklem = <rick.macklem@gmail.com> wrote: >=20 > On Sat, Jan 20, 2024 at 6:48=E2=80=AFAM Marek Zarychta > <zarychtam@plan-b.pwste.edu.pl> wrote: >>=20 >> Dear List, >>=20 >> there were some efforts to allow running nfsd(8) inside the jail, but = is >> mounting an NFS share from the jail allowed? Inside the jail >> "security.jail.mount_allowed" is set to 1, I also added "add path net >> unhide" to the ruleset in devfs.rules but when trying to mount the = NFS >> share I get only the error: >>=20 >> mount_nfs: nmount: /usr/src: Operation not permitted >>=20 >> It's not a big deal, the shares can be mounted from the jail host, = but I >> am surprised that one can run NFSD inside the jail while mounting NFS >> shares is still denied. >>=20 >> Am I missing anything or is mounting NFS from inside the jail still >> unsupported? The tests were done on the recent stable/14 from the = vnet >> jail. Any clues h will be appreciated. > You are correct. Mounting from inside a jail is not supported. > After doing the vnet conversion for nfsd, I tried doing it for the NFS = client. > There were a moderate # of global variables that needed to be vnet'd, > which I did. The hard/messy part was having the threads (anything = that > calls an NFS VFS/VOP call) set to the proper vnet. > It would have required a massive # of CURVET_SET()/CURVET_RESTORE() > macros and I decided that it was just too messy. (slight hijack) I'm curious, I currently have a need for either have an nfs server or = client in a jail and have had no luck even with the userspace nfsd = (https://unfs3.github.io/ / https://www.freshports.org/net/unfs3/). Is = there any in-jail solution that works on FreeBSD? It's mainly for very = light log-parsing and I want it all inside a jail for portability = between hosts. Not even married to nfs if there's another in-jail = option... Charles > If it becomes a necessary feature, it is ugly but doable. >=20 > rick >=20 >>=20 >> Cheers >>=20 >> -- >> Marek Zarychta
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40470D94-B175-4718-A80E-23B06B747C52>