is nfs mount inside jail possible?
Alexander Leidinger
Alexander at Leidinger.net
Wed Jun 25 15:53:06 UTC 2008
Quoting Alexander Leidinger <Alexander at Leidinger.net> (from Wed, 25
Jun 2008 17:34:01 +0200):
> To do this edit src/sys/nfsclient/nfs_vfsopts.c, search VFS_SET and
> change it to
> VFS_SET(nfs_vfsops, nfs, VFCF_NETWORK|VFCF_JAIL);
Oh: I haven't checked if this actually works. I don't know if all
places DTRT then. Normally it should work, but you better test if it
really puts the FS in the place where you want it, that you can
mount/umount it, that "mount -v" shows the expected output on the host
and in the jail, and so on.
Similar things can be done for
src/sys/fs/{cd9660|msdosfs|ntfs|nullfs|smbfs|udf|unionfs}. Those are
the FS's which _should_ be safe, either because they work with
untrusted data anyway, or because it's a loopback mount. But again, I
haven't tested any of them (I have them patched locally, but even the
initial testing is on my TODO list with a low priority).
Bye,
Alexander.
--
At the end of the semester you will recall having
enrolled in a course at the beginning of the semester
-- and never attending.
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
More information about the freebsd-jail
mailing list