Date: Thu, 19 May 2011 14:44:08 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: Arnaud Lacombe <lacombar@gmail.com> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, Pawel Jakub Dawidek <pjd@freebsd.org> Subject: Re: NFS mount inside jail fails Message-ID: <20110519144408.472431slzujrg49k@webmail.leidinger.net> In-Reply-To: <BANLkTi=iLvAzB0hQPN7vAKqh-nPKc0-M=w@mail.gmail.com> References: <1305662200.2633.11.camel@hitfishpass-lx.corp.yahoo.com> <20110517221712.00006e91@unknown> <20110518140326.GD1867@garage.freebsd.pl> <BANLkTi=iLvAzB0hQPN7vAKqh-nPKc0-M=w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Arnaud Lacombe <lacombar@gmail.com> (from Wed, 18 May 2011 =20 22:37:24 -0400): > Hi, > > On Wed, May 18, 2011 at 10:03 AM, Pawel Jakub Dawidek =20 > <pjd@freebsd.org> wrote: >> There are some file systems types that can't be securely mounted within >> a jail no matter what, like UFS, MSDOFS, EXTFS, XFS, REISERFS, NTFS, >> etc. =C2=A0because the user mounting it has access to raw storage and ca= n >> corrupt it in a way that it will panic entire system. >> > This should at least be configurable somehow for people who are using > jails for separation and do not care about security. I'd expect that > security decision whether or not to allow something is user relevant, > not developer relevant. The hardcoded version of this which I use exacly for the purpose you =20 told here is at http://www.leidinger.net/FreeBSD/current-patches/sys:fs.diff Bye, Alexander. --=20 I think my career is ruined! http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110519144408.472431slzujrg49k>