Silly thing I ran into today. User wanted to NFS mount a dir inside a jail. After I groaned about the security implication of this, I noted that there is a sysctl that looks like it should allow this. Namely, security.jail.mount_allowed. I noted that setting this follows a path that *should* have allowed this silly thing to happen, except that the credentials in the nfsclient were not setup correctly.
e.g. VFS_SET(nfs_vfsops, oldnfs, VFCF_NETWORK); ------ I changed this to: VFS_SET(nfs_vfsops, oldnfs, VFCF_NETWORK|VFCF_JAIL); This seems to allow the user's desired effect after setting security.jail.mount_allowed=1 I *think* this is the correct behavior, if a bit silly when taking into account the purpose of a jail. Thoughts? Sean _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
