Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 May 2010 21:09:42 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Eugene Mitrofanov <eugene@imedia.ru>
Cc:        freebsd-fs@freebsd.org, freebsd-stable@freebsd.org
Subject:   Re: FreeBSD 8.1 prerelease "security.jail.mount_allowed" is broken?
Message-ID:  <20100525190942.GD1659@garage.freebsd.pl>
In-Reply-To: <201005251235.19833.eugene@imedia.ru>
References:  <201005251235.19833.eugene@imedia.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 

--0QFb0wBpEddLcDHQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 25, 2010 at 12:35:19PM +0400, Eugene Mitrofanov wrote:
> Hello
>=20
> I try to do mount from a jail but it failed. Could you advise me where is=
 my=20
> mistake?
>=20
> root@ftp:eugene# uname -mrs
> FreeBSD 8.1-PRERELEASE amd64
> root@ftp:eugene# sysctl -a | grep -E '(jailed|mount)'
> vfs.usermount: 1
> vfs.ffs.compute_summary_at_mount: 0
> security.jail.mount_allowed: 1
> security.jail.jailed: 1
> root@ftp:eugene# mount /dev/da2s2a /var/t
> mount: /dev/da2s2a : Operation not permitted
> root@ftp:eugene# mount /dev/md1 /var/t
> mount: /dev/md1 : Operation not permitted
> root@ftp:eugene# mount /dev/zvol/tank/ftp.journal /var/t
> mount: /dev/zvol/tank/ftp.journal : Operation not permitted

You can only mount jail-friendly file systems - those with 'jail'
keyword in lsvfs(1) output.

What you tried can't be safe. Imagine creating corrupted file system on
da2s2a and mounting it. It will panic entire system, not only your jail.

--=20
Pawel Jakub Dawidek                       http://www.wheelsystems.com
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--0QFb0wBpEddLcDHQ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iEYEARECAAYFAkv8IHYACgkQForvXbEpPzSHpACeKp6iYeGd6h/zkpoZJTIx5j9I
8S8AniB9XxU4Sr3aT8NZHdii/CFLB+0N
=cdSt
-----END PGP SIGNATURE-----

--0QFb0wBpEddLcDHQ--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100525190942.GD1659>