Date: Mon, 12 Feb 2024 18:56:07 +0000 From: Brooks Davis <brooks@freebsd.org> To: Chuck Tuffli <chuck@tuffli.net> Cc: fs@freebsd.org Subject: Re: when is VFCF_JAIL allowed? Message-ID: <Zcppx_-4MJ0808Gz@spindle.one-eyed-alien.net> In-Reply-To: <896c3f19-e758-4e73-aab2-3a69a9534d82@app.fastmail.com> References: <acb057e2-9a77-4bef-9b99-307c4e23a26d@app.fastmail.com> <Zcpgg9lHA22ejscd@spindle.one-eyed-alien.net> <896c3f19-e758-4e73-aab2-3a69a9534d82@app.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 12, 2024 at 10:41:12AM -0800, Chuck Tuffli wrote: > On Mon, Feb 12, 2024, at 10:16 AM, Brooks Davis wrote: > > On Mon, Feb 12, 2024 at 10:02:01AM -0800, Chuck Tuffli wrote: > > > I was experimenting with a workflow and needed to allow a jail to mount an ISO image. This fails because the cd9660 file system does not set VFCF_JAIL: > > > can be mounted from within a jail if allow.mount and > > > allow.mount.<vfc_name> jail parameters are set > > > Is there a reason jails should not be allowed to mount an ISO or is it because no one has added the support? > > > > File systems where the kernel parses a binary disk image aren't generally > > safe because a bad image can corrupt kernel state. It should be safe > > and allowed to mount an ISO via fusefs (not sure if we have a module > > available in ports, but I'd guess so.) > Thanks for the feedback, Brooks. This makes sense, but I must be missing the safety difference between host and the jail. On the host, I can do: > > # mdconfig -a -t vnode -f ./seed.iso -u 1 > # mount_cd9660 /dev/iso9660/cidata /media/ > > Does this not run the same risk of corrupting kernel state, or maybe this is a bug? If you trust the jail completely then there is no difference. If the jail is for isolation then outside you can choose as an administrator to risk corrupting the kernel, but inside you likely don't want to allow that since it could be a jail escape via arbitrary code execution. > I'm also noticing the msdosfs cannot be mounted in a jail either: > > $ lsvfs cd9660 msdosfs > Filesystem Num Refs Flags > -------------------------------- ---------- ----- --------------- > cd9660 0x000000bd 0 read-only > msdosfs 0x00000032 1 > > Is there a similar issue with this file system as well? Same thing. Also with UFS and ext2fs. The IIRC the only disk-based file system that can be mounted is ZFS and that's because root in the jail isn't supplying the underlying bits, instead it's mounting a file system from a previously attached pool. -- Brooks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Zcppx_-4MJ0808Gz>