Date: Mon, 12 Feb 2024 18:16:35 +0000 From: Brooks Davis <brooks@freebsd.org> To: Chuck Tuffli <chuck@tuffli.net> Cc: fs@freebsd.org Subject: Re: when is VFCF_JAIL allowed? Message-ID: <Zcpgg9lHA22ejscd@spindle.one-eyed-alien.net> In-Reply-To: <acb057e2-9a77-4bef-9b99-307c4e23a26d@app.fastmail.com>
index | next in thread | previous in thread | raw e-mail
On Mon, Feb 12, 2024 at 10:02:01AM -0800, Chuck Tuffli wrote: > I was experimenting with a workflow and needed to allow a jail to mount an ISO image. This fails because the cd9660 file system does not set VFCF_JAIL: > can be mounted from within a jail if allow.mount and > allow.mount.<vfc_name> jail parameters are set > Is there a reason jails should not be allowed to mount an ISO or is it because no one has added the support? File systems where the kernel parses a binary disk image aren't generally safe because a bad image can corrupt kernel state. It should be safe and allowed to mount an ISO via fusefs (not sure if we have a module available in ports, but I'd guess so.) -- Brookshome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Zcpgg9lHA22ejscd>