From owner-freebsd-hackers@FreeBSD.ORG  Thu May 19 12:44:27 2011
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B9964106566C;
	Thu, 19 May 2011 12:44:27 +0000 (UTC)
	(envelope-from alexander@leidinger.net)
Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de
	[217.11.53.44])
	by mx1.freebsd.org (Postfix) with ESMTP id 613718FC1A;
	Thu, 19 May 2011 12:44:27 +0000 (UTC)
Received: from outgoing.leidinger.net (p5B155EB3.dip.t-dialin.net
	[91.21.94.179])
	by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 9438B844015;
	Thu, 19 May 2011 14:44:12 +0200 (CEST)
Received: from webmail.leidinger.net (webmail.Leidinger.net
	[IPv6:fd73:10c7:2053:1::3:102])
	by outgoing.leidinger.net (Postfix) with ESMTP id D2B762714;
	Thu, 19 May 2011 14:44:09 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net;
	s=outgoing-alex; t=1305809049;
	bh=npMA8ixizRGzpacyuVrm5XvMREztD8ng/mf70RoeX3w=;
	h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To:
	MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=RUZbd/97E9KQFE3LiYdvFMhvFzRSQVyB2qZKah9x71jsZIQnqF8E72LVZRxOsJ7zR
	q4Lahk4GzIoe18YWwcJ1hVYt9emqmlnNDfZ6V7Q9DA9OzHfx7SwN6sM8YHwkfBz7sG
	cscQQouiA0rDWCcyjDdERUgUrh8YvoxPj1+q2odDXoTgDi39b3WH1qCeM7LxYB4HyQ
	lITWihdOJcAytizgpNY2clWKhhZM2O7RVyFfl7nSL/nFrg4P6fDSbR+b2JKWT4TzDR
	53DwsAleFaw3p0ya9kEz/fqo1m5tpLz4uJmEBl6v+a0FlqA4wQB5JBSGxCxmdz/KQ/
	97rzI9croVDgA==
Received: (from www@localhost)
	by webmail.leidinger.net (8.14.4/8.14.4/Submit) id p4JCi8s9023537;
	Thu, 19 May 2011 14:44:08 +0200 (CEST)
	(envelope-from Alexander@Leidinger.net)
X-Authentication-Warning: webmail.leidinger.net: www set sender to
	Alexander@Leidinger.net using -f
Received: from pslux.ec.europa.eu (pslux.ec.europa.eu [158.169.9.14]) by
	webmail.leidinger.net (Horde Framework) with HTTP; Thu, 19 May 2011
	14:44:08 +0200
Message-ID: <20110519144408.472431slzujrg49k@webmail.leidinger.net>
Date: Thu, 19 May 2011 14:44:08 +0200
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Arnaud Lacombe <lacombar@gmail.com>
References: <1305662200.2633.11.camel@hitfishpass-lx.corp.yahoo.com>
	<20110517221712.00006e91@unknown>
	<20110518140326.GD1867@garage.freebsd.pl>
	<BANLkTi=iLvAzB0hQPN7vAKqh-nPKc0-M=w@mail.gmail.com>
In-Reply-To: <BANLkTi=iLvAzB0hQPN7vAKqh-nPKc0-M=w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=UTF-8;
 DelSp="Yes";
 format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.6)
X-EBL-MailScanner-Information: Please contact the ISP for more information
X-EBL-MailScanner-ID: 9438B844015.AE055
X-EBL-MailScanner: Found to be clean
X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN,
	SpamAssassin (not cached, score=-0.1, required 6, autolearn=disabled,
	DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10)
X-EBL-MailScanner-From: alexander@leidinger.net
X-EBL-MailScanner-Watermark: 1306413853.50703@IcECKYaL7rHvU17CON3zvg
X-EBL-Spam-Status: No
X-Mailman-Approved-At: Thu, 19 May 2011 13:20:42 +0000
Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>,
	Pawel Jakub Dawidek <pjd@freebsd.org>
Subject: Re: NFS mount inside jail fails
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2011 12:44:27 -0000

Quoting Arnaud Lacombe <lacombar@gmail.com> (from Wed, 18 May 2011 =20
22:37:24 -0400):

> Hi,
>
> On Wed, May 18, 2011 at 10:03 AM, Pawel Jakub Dawidek =20
> <pjd@freebsd.org> wrote:

>> There are some file systems types that can't be securely mounted within
>> a jail no matter what, like UFS, MSDOFS, EXTFS, XFS, REISERFS, NTFS,
>> etc. =C2=A0because the user mounting it has access to raw storage and ca=
n
>> corrupt it in a way that it will panic entire system.
>>
> This should at least be configurable somehow for people who are using
> jails for separation and do not care about security. I'd expect that
> security decision whether or not to allow something is user relevant,
> not developer relevant.

The hardcoded version of this which I use exacly for the purpose you =20
told here is at
   http://www.leidinger.net/FreeBSD/current-patches/sys:fs.diff

Bye,
Alexander.

--=20
I think my career is ruined!

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID =3D B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID =3D 72077137