From owner-freebsd-stable@FreeBSD.ORG Thu Aug 21 18:05:09 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B178A286; Thu, 21 Aug 2014 18:05:09 +0000 (UTC) Received: from erg.verweg.com (erg.verweg.com [IPv6:2a02:898:96::5e8e:f508]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "erg.verweg.com", Issuer "Verweg Dot Com CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 2D403347D; Thu, 21 Aug 2014 18:05:08 +0000 (UTC) Received: from [192.168.0.103] (a80-127-246-33.mobile.xs4all.nl [80.127.246.33]) (authenticated bits=0) by erg.verweg.com (8.14.9/8.14.9) with ESMTP id s7LI53IR022893 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 21 Aug 2014 18:05:05 GMT (envelope-from ruben@verweg.com) X-Authentication-Warning: erg.verweg.com: Host a80-127-246-33.mobile.xs4all.nl [80.127.246.33] claimed to be [192.168.0.103] From: Ruben van Staveren Content-Type: multipart/signed; boundary="Apple-Mail=_F9A5EBF7-8F5F-4A65-BE1C-132C75B54437"; protocol="application/pgp-signature"; micalg=pgp-sha1 Message-Id: <3D042FC9-7CD9-4842-8D18-8354F9E1BB80@verweg.com> Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: mounting fdescfs in a nested/hierarchical jail? Date: Thu, 21 Aug 2014 20:04:57 +0200 References: <3CB0C5BC-3864-418E-A59F-467D39B7E1EA@verweg.com> <53F55F7E.4010309@gritton.org> To: "freebsd-stable@FreeBSD.org Stable" , freebsd-jail@freebsd.org In-Reply-To: <53F55F7E.4010309@gritton.org> X-Mailer: Apple Mail (2.1878.6) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (erg.verweg.com [94.142.245.8]); Thu, 21 Aug 2014 18:05:05 +0000 (UTC) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2014 18:05:09 -0000 --Apple-Mail=_F9A5EBF7-8F5F-4A65-BE1C-132C75B54437 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Hi Jamie, others, On 21 Aug 2014, at 4:54, James Gritton wrote: > On 8/18/2014 6:26 AM, Ruben van Staveren wrote: >> Hi list, >>=20 >> I have a FreeBSD 10 zfs based ezjail setup. In one of the jails I am = using ezjail again to set up a nested jail. My goal is to eventually = have my jails use these nested jails as containers for certain services. >>=20 >> However, I am not able to mount a nested fdescfs. When I leave out = fdesc, the nested jail starts up just fine. >>=20 >> There is no allow.mount.fdescfs. Do we need one? >>=20 >> Cheers, >> Ruben >=20 > That's probably the answer. It seems a little inelegant to have this = proliferation of pesudo-fs type allowances, but it's the direction we've = gone. Ok, I=92ve written a little patch for that. Seems to work on r268794 http://pastebin.com/5t9zEzkV I am not sure about the consequences of having this permission. Best Regards, Ruben --Apple-Mail=_F9A5EBF7-8F5F-4A65-BE1C-132C75B54437 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlP2NMkACgkQZ88+mcQxRw0kegCfYDARKjfr4VslsFo2tAA2Ri6g SogAnRTCPTE9T5QrJTar2PkSp2YYR5iG =UL84 -----END PGP SIGNATURE----- --Apple-Mail=_F9A5EBF7-8F5F-4A65-BE1C-132C75B54437--