Date: Mon, 12 Feb 2024 10:41:12 -0800 From: "Chuck Tuffli" <chuck@tuffli.net> To: "Brooks Davis" <brooks@freebsd.org> Cc: fs@freebsd.org Subject: Re: when is VFCF_JAIL allowed? Message-ID: <896c3f19-e758-4e73-aab2-3a69a9534d82@app.fastmail.com> In-Reply-To: <Zcpgg9lHA22ejscd@spindle.one-eyed-alien.net> References: <acb057e2-9a77-4bef-9b99-307c4e23a26d@app.fastmail.com> <Zcpgg9lHA22ejscd@spindle.one-eyed-alien.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On Mon, Feb 12, 2024, at 10:16 AM, Brooks Davis wrote:
> On Mon, Feb 12, 2024 at 10:02:01AM -0800, Chuck Tuffli wrote:
> > I was experimenting with a workflow and needed to allow a jail to mount an ISO image. This fails because the cd9660 file system does not set VFCF_JAIL:
> > can be mounted from within a jail if allow.mount and
> > allow.mount.<vfc_name> jail parameters are set
> > Is there a reason jails should not be allowed to mount an ISO or is it because no one has added the support?
>
> File systems where the kernel parses a binary disk image aren't generally
> safe because a bad image can corrupt kernel state. It should be safe
> and allowed to mount an ISO via fusefs (not sure if we have a module
> available in ports, but I'd guess so.)
Thanks for the feedback, Brooks. This makes sense, but I must be missing the safety difference between host and the jail. On the host, I can do:
# mdconfig -a -t vnode -f ./seed.iso -u 1
# mount_cd9660 /dev/iso9660/cidata /media/
Does this not run the same risk of corrupting kernel state, or maybe this is a bug?
I'm also noticing the msdosfs cannot be mounted in a jail either:
$ lsvfs cd9660 msdosfs
Filesystem Num Refs Flags
-------------------------------- ---------- ----- ---------------
cd9660 0x000000bd 0 read-only
msdosfs 0x00000032 1
Is there a similar issue with this file system as well?
--chuck
[-- Attachment #2 --]
<!DOCTYPE html><html><head><title></title><style type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style></head><body><div>On Mon, Feb 12, 2024, at 10:16 AM, Brooks Davis wrote:<br></div><blockquote type="cite" id="qt" style=""><div>On Mon, Feb 12, 2024 at 10:02:01AM -0800, Chuck Tuffli wrote:<br></div><div>> I was experimenting with a workflow and needed to allow a jail to mount an ISO image. This fails because the cd9660 file system does not set VFCF_JAIL:<br></div><div>> can be mounted from within a jail if allow.mount and<br></div><div>> allow.mount.<vfc_name> jail parameters are set<br></div><div>> Is there a reason jails should not be allowed to mount an ISO or is it because no one has added the support?<br></div><div><br></div><div>File systems where the kernel parses a binary disk image aren't generally<br></div><div>safe because a bad image can corrupt kernel state. It should be safe<br></div><div>and allowed to mount an ISO via fusefs (not sure if we have a module<br></div><div>available in ports, but I'd guess so.)<br></div></blockquote><div>Thanks for the feedback, Brooks. This makes sense, but I must be missing the safety difference between host and the jail. On the host, I can do:<br></div><div><br></div><div># mdconfig -a -t vnode -f ./seed.iso -u 1<br></div><div># mount_cd9660 /dev/iso9660/cidata /media/<br></div><div><br></div><div>Does this not run the same risk of corrupting kernel state, or maybe this is a bug?<br></div><div><br></div><div>I'm also noticing the msdosfs cannot be mounted in a jail either:<br></div><div><br></div><div>$ lsvfs cd9660 msdosfs<br></div><div>Filesystem Num Refs Flags<br></div><div>-------------------------------- ---------- ----- ---------------<br></div><div>cd9660 0x000000bd 0 read-only<br></div><div>msdosfs 0x00000032 1<br></div><div><br></div><div>Is there a similar issue with this file system as well?<br></div><div><br></div><div>--chuck<br></div></body></html>
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?896c3f19-e758-4e73-aab2-3a69a9534d82>