Date: Sun, 5 Jan 2025 13:47:51 +0100 From: Harry Schmalzbauer <freebsd@omnilan.de> To: Alan Somers <asomers@freebsd.org>, freebsd-fs@freebsd.org Subject: Re: jails and fusefs - D16371 question regarding unprivileged user Message-ID: <9c5b2002-99e7-4ae4-8a70-7f2a5b0a68e4@omnilan.de> In-Reply-To: <CAOtMX2jraMCtZEJxM9XkWuU9Ay66g72Wdtw7idH7hbVzTkrg5A@mail.gmail.com> References: <908d635a-ab6f-42cf-89ac-f805d2048c4d@omnilan.de> <CAOtMX2iNrvwp8S1_e%2BZvttKG5Y_F-ja=n30k4BK1VzWkS7Dkig@mail.gmail.com> <91fbc680-5496-48da-9d1d-4b2c806cf82f@omnilan.de> <CAOtMX2j0VaojtrF_t26aCA=RgwYOQovcaByMwmEW2aFvkrAPkA@mail.gmail.com> <41d077bb-dd57-492c-92cd-fadee8e680cc@omnilan.de> <CAOtMX2jraMCtZEJxM9XkWuU9Ay66g72Wdtw7idH7hbVzTkrg5A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2025-01-04 22:53, Alan Somers wrote: > On Sat, Jan 4, 2025 at 2:39 PM Harry Schmalzbauer <freebsd@omnilan.de> wrote: .... >> For now I set the setuid bit to JAILROOT/bin/mount_fusefs. >> >> **This works fine** (signing in via RDP as unprivileged user (with >> freerdp/remmina) allows me to access my shared remote-client directory >> in the jailed XFCE4 session). ... > > What is the value of enforce_statfs in your jail? It must be < 2 for > mounting within the jail to work. Thanks for your help. The jail config is fine (enforce_statfs is set to 1 in that case), like mentioned utilizing mount_fusefs(8) is working as expected in my jail as long as the process invoking it is privileged. My issue is that vfs.usermount doesn't affect how mount requests from jails are handled. Even if setting vfs.usermount to 1 on my host would enable unprivileged users in my jail to mount_fusefs(8), this setting has unwanted side effects - I don't want users to mount anything on the host. *I don't know if it is intentional* that vfs.usermount is ignored for jailed processes. What we really would need is a jail-only setting allowing user mounts. Global for all jails might be sufficient, since you have to selectively allow.mount each fs-type separately. Per jail would be the best implementation. Maybe I oversee any other security impact of allowing unprivileged processes to mount from/inside jails!?! For my current use case, I could tolerate vfs.usermount affecting the host security because no users other than the su(1)-permitted admin can sign in. But I'm not sure I can cope with the security implication having the /sbin/mount_fusefs SUID permission bit set, which is my current solution (which makes user-mounting RDPDR fusefs working!). Thanks, -harry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9c5b2002-99e7-4ae4-8a70-7f2a5b0a68e4>