From owner-svn-src-head@freebsd.org  Fri Jul 20 21:35:32 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id ABD271053359;
 Fri, 20 Jul 2018 21:35:32 +0000 (UTC)
 (envelope-from asomers@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4E9858E30C;
 Fri, 20 Jul 2018 21:35:32 +0000 (UTC)
 (envelope-from asomers@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2A26015BEC;
 Fri, 20 Jul 2018 21:35:32 +0000 (UTC)
 (envelope-from asomers@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w6KLZVgd023175;
 Fri, 20 Jul 2018 21:35:31 GMT (envelope-from asomers@FreeBSD.org)
Received: (from asomers@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w6KLZVtU023172;
 Fri, 20 Jul 2018 21:35:31 GMT (envelope-from asomers@FreeBSD.org)
Message-Id: <201807202135.w6KLZVtU023172@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: asomers set sender to
 asomers@FreeBSD.org using -f
From: Alan Somers <asomers@FreeBSD.org>
Date: Fri, 20 Jul 2018 21:35:31 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r336565 - in head: etc/defaults sys/fs/fuse usr.sbin/jail
X-SVN-Group: head
X-SVN-Commit-Author: asomers
X-SVN-Commit-Paths: in head: etc/defaults sys/fs/fuse usr.sbin/jail
X-SVN-Commit-Revision: 336565
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 21:35:32 -0000

Author: asomers
Date: Fri Jul 20 21:35:31 2018
New Revision: 336565
URL: https://svnweb.freebsd.org/changeset/base/336565

Log:
  Allow mounting FUSE filesystems in jails
  
  Reviewed by:	jamie
  MFC after:	2 weeks
  Relnotes:	yes
  Differential Revision:	https://reviews.freebsd.org/D16371

Modified:
  head/etc/defaults/devfs.rules
  head/sys/fs/fuse/fuse_main.c
  head/usr.sbin/jail/jail.8

Modified: head/etc/defaults/devfs.rules
==============================================================================
--- head/etc/defaults/devfs.rules	Fri Jul 20 18:59:48 2018	(r336564)
+++ head/etc/defaults/devfs.rules	Fri Jul 20 21:35:31 2018	(r336565)
@@ -84,4 +84,5 @@ add path stderr unhide
 add include $devfsrules_hide_all
 add include $devfsrules_unhide_basic
 add include $devfsrules_unhide_login
+add path fuse unhide
 add path zfs unhide

Modified: head/sys/fs/fuse/fuse_main.c
==============================================================================
--- head/sys/fs/fuse/fuse_main.c	Fri Jul 20 18:59:48 2018	(r336564)
+++ head/sys/fs/fuse/fuse_main.c	Fri Jul 20 21:35:31 2018	(r336565)
@@ -91,7 +91,7 @@ static struct vfsconf fuse_vfsconf = {
 	.vfc_name = "fusefs",
 	.vfc_vfsops = &fuse_vfsops,
 	.vfc_typenum = -1,
-	.vfc_flags = VFCF_SYNTHETIC
+	.vfc_flags = VFCF_JAIL | VFCF_SYNTHETIC
 };
 
 SYSCTL_INT(_vfs_fuse, OID_AUTO, kernelabi_major, CTLFLAG_RD,

Modified: head/usr.sbin/jail/jail.8
==============================================================================
--- head/usr.sbin/jail/jail.8	Fri Jul 20 18:59:48 2018	(r336564)
+++ head/usr.sbin/jail/jail.8	Fri Jul 20 21:35:31 2018	(r336565)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd May 4, 2018
+.Dd July 20, 2018
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -575,6 +575,14 @@ Module-specific parameters include:
 .It Va allow.mount.fdescfs
 privileged users inside the jail will be able to mount and unmount the
 fdescfs file system.
+This permission is effective only together with
+.Va allow.mount
+and only when
+.Va enforce_statfs
+is set to a value lower than 2.
+.It Va allow.mount.fusefs
+privileged users inside the jail will be able to mount and unmount 
+fuse-based file systems.
 This permission is effective only together with
 .Va allow.mount
 and only when