kgssapi won't build, I need prison help
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Fri Jun 12 19:35:07 UTC 2009
On Fri, 12 Jun 2009, Jamie Gritton wrote:
> No, nfsd in a proson doesn't make any sense (at least to me). The NFS
> server itself created its own unjailed cred, so I would expect the
> auxillary stuff needs to be unjailed as well. You still may want to
> use the cred's jail though - it seems there may be a chance of
> permission escalation otherwise.
An nfsd inside a prison (with a vnet) will make perfect sense; the
code is just not there (yet). I could not see a reason why it would
no longer be possible to server or (in case of nfsclient) consume NFS
with a complete virtual network stack.
/bz
--
Bjoern A. Zeeb The greatest risk is not taking one.
More information about the freebsd-current
mailing list