Date: Mon, 12 Feb 2024 10:41:12 -0800 From: "Chuck Tuffli" <chuck@tuffli.net> To: "Brooks Davis" <brooks@freebsd.org> Cc: fs@freebsd.org Subject: Re: when is VFCF_JAIL allowed? Message-ID: <896c3f19-e758-4e73-aab2-3a69a9534d82@app.fastmail.com> In-Reply-To: <Zcpgg9lHA22ejscd@spindle.one-eyed-alien.net> References: <acb057e2-9a77-4bef-9b99-307c4e23a26d@app.fastmail.com> <Zcpgg9lHA22ejscd@spindle.one-eyed-alien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--413d905ccb8242d6910974240aea6fac
Content-Type: text/plain
On Mon, Feb 12, 2024, at 10:16 AM, Brooks Davis wrote:
> On Mon, Feb 12, 2024 at 10:02:01AM -0800, Chuck Tuffli wrote:
> > I was experimenting with a workflow and needed to allow a jail to mount an ISO image. This fails because the cd9660 file system does not set VFCF_JAIL:
> > can be mounted from within a jail if allow.mount and
> > allow.mount.<vfc_name> jail parameters are set
> > Is there a reason jails should not be allowed to mount an ISO or is it because no one has added the support?
>
> File systems where the kernel parses a binary disk image aren't generally
> safe because a bad image can corrupt kernel state. It should be safe
> and allowed to mount an ISO via fusefs (not sure if we have a module
> available in ports, but I'd guess so.)
Thanks for the feedback, Brooks. This makes sense, but I must be missing the safety difference between host and the jail. On the host, I can do:
# mdconfig -a -t vnode -f ./seed.iso -u 1
# mount_cd9660 /dev/iso9660/cidata /media/
Does this not run the same risk of corrupting kernel state, or maybe this is a bug?
I'm also noticing the msdosfs cannot be mounted in a jail either:
$ lsvfs cd9660 msdosfs
Filesystem Num Refs Flags
-------------------------------- ---------- ----- ---------------
cd9660 0x000000bd 0 read-only
msdosfs 0x00000032 1
Is there a similar issue with this file system as well?
--chuck
--413d905ccb8242d6910974240aea6fac
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html><html><head><title></title><style type=3D"text/css">p.Mso=
Normal,p.MsoNoSpacing{margin:0}</style></head><body><div>On Mon, Feb 12,=
2024, at 10:16 AM, Brooks Davis wrote:<br></div><blockquote type=3D"cit=
e" id=3D"qt" style=3D""><div>On Mon, Feb 12, 2024 at 10:02:01AM -0800, C=
huck Tuffli wrote:<br></div><div>> I was experimenting with a workflo=
w and needed to allow a jail to mount an ISO image. This fails because t=
he cd9660 file system does not set VFCF_JAIL:<br></div><div>> &n=
bsp; &n=
bsp; can be mounted from=
within a jail if allow.mount and<br></div><div>> &n=
bsp; &n=
bsp; allow.mount.<vfc_name> ja=
il parameters are set<br></div><div>> Is there a reason jails should =
not be allowed to mount an ISO or is it because no one has added the sup=
port?<br></div><div><br></div><div>File systems where the kernel parses =
a binary disk image aren't generally<br></div><div>safe because a bad im=
age can corrupt kernel state. It should be safe<br></div><div>and =
allowed to mount an ISO via fusefs (not sure if we have a module<br></di=
v><div>available in ports, but I'd guess so.)<br></div></blockquote><div=
>Thanks for the feedback, Brooks. This makes sense, but I must be missin=
g the safety difference between host and the jail. On the host, I can do=
:<br></div><div><br></div><div># mdconfig -a -t vnode -f ./seed.iso -u 1=
<br></div><div># mount_cd9660 /dev/iso9660/cidata /media/<br></div><div>=
<br></div><div>Does this not run the same risk of corrupting kernel stat=
e, or maybe this is a bug?<br></div><div><br></div><div>I'm also noticin=
g the msdosfs cannot be mounted in a jail either:<br></div><div><br></di=
v><div>$ lsvfs cd9660 msdosfs<br></div><div>Filesystem =
=
=
Num Refs Flags<br></div><div>------------------=
-------------- ---------- ----- ---------------<br></div><div>cd96=
60 &nbs=
p; &nbs=
p; 0x000000bd 0 read-only<br><=
/div><div>msdosfs &=
nbsp; &=
nbsp; 0x00000032 1<br></div><d=
iv><br></div><div>Is there a similar issue with this file system as well=
?<br></div><div><br></div><div>--chuck<br></div></body></html>
--413d905ccb8242d6910974240aea6fac--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?896c3f19-e758-4e73-aab2-3a69a9534d82>