NFS mount inside jail fails
Sean Bruno
seanbru at yahoo-inc.com
Tue May 17 19:57:07 UTC 2011
Silly thing I ran into today. User wanted to NFS mount a dir inside a
jail. After I groaned about the security implication of this, I noted
that there is a sysctl that looks like it should allow this. Namely,
security.jail.mount_allowed. I noted that setting this follows a path
that *should* have allowed this silly thing to happen, except that the
credentials in the nfsclient were not setup correctly.
e.g. VFS_SET(nfs_vfsops, oldnfs, VFCF_NETWORK);
------
I changed this to:
VFS_SET(nfs_vfsops, oldnfs, VFCF_NETWORK|VFCF_JAIL);
This seems to allow the user's desired effect after setting
security.jail.mount_allowed=1
I *think* this is the correct behavior, if a bit silly when taking into
account the purpose of a jail.
Thoughts?
Sean
More information about the freebsd-hackers
mailing list