[PATCH] jail mount/unmount patch
Martin Matuska
mm at FreeBSD.org
Thu Jul 28 14:59:33 UTC 2011
Please review my attached patch.
The patch fixes f_mntonname with mount/unmount inside a jail with allow.mount enabled.
Filesystems mountable in a jail require the VFCF_JAIL flag (currently only ZFS).
With this patch, mount and unmount works both with enforce_statfs = 0 and enforce_statfs = 1.
I suggest disabling mount/unmount for jails with enforce_statfs = 2, as this is contradictory and does not play well with or without this patch.
I have successfully tested this patch with ZFS, nullfs and tmpfs.
To enable nullfs for a jail, you have to modify tmpfs/tmpfs_vfsops.c and recompile the tmpfs module:
-VFS_SET(tmpfs_vfsops, tmpfs, 0);
+VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL);
To enable tmpfs for a jail, you have to modify nullfs/null_vfsops.c and recompile the nullfs module:
-VFS_SET(null_vfsops, nullfs, VFCF_LOOPBACK);
+VFS_SET(null_vfsops, nullfs, VFCF_LOOPBACK | VFCF_JAIL);
The filesystems can be successfully mounted/unmounted inside a jail and also unmounted from the parent host without problems.
The mount inside jail, a jail needs allow.mount=1 and enforce.statfs=0 or enforce.statfs=1, for more information see jail(8)
I assume other filesystem not dealing with devices may work correctly with this patch, too (e.g. nfs).
With jailed nullfs we can run tinderbox in a jail ;)
Please review, comment and/or test my attached patch.
Cheers,
mm
--
Martin Matuska
FreeBSD committer
http://blog.vx.sk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jail_mount_unmount.patch
Type: text/x-patch
Size: 2795 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20110728/9718e25f/jail_mount_unmount.bin
More information about the freebsd-current
mailing list