Date: Tue, 17 May 2011 12:56:40 -0700 From: Sean Bruno <seanbru@yahoo-inc.com> To: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: NFS mount inside jail fails Message-ID: <1305662200.2633.11.camel@hitfishpass-lx.corp.yahoo.com>
next in thread | raw e-mail | index | archive | help
Silly thing I ran into today. User wanted to NFS mount a dir inside a jail. After I groaned about the security implication of this, I noted that there is a sysctl that looks like it should allow this. Namely, security.jail.mount_allowed. I noted that setting this follows a path that *should* have allowed this silly thing to happen, except that the credentials in the nfsclient were not setup correctly. e.g. VFS_SET(nfs_vfsops, oldnfs, VFCF_NETWORK); ------ I changed this to: VFS_SET(nfs_vfsops, oldnfs, VFCF_NETWORK|VFCF_JAIL); This seems to allow the user's desired effect after setting security.jail.mount_allowed=1 I *think* this is the correct behavior, if a bit silly when taking into account the purpose of a jail. Thoughts? Sean
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1305662200.2633.11.camel>