From owner-freebsd-questions@freebsd.org Sat Mar 11 13:35:11 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EBA9DD07E32 for ; Sat, 11 Mar 2017 13:35:11 +0000 (UTC) (envelope-from alnis.moritz@gmail.com) Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 70292A75 for ; Sat, 11 Mar 2017 13:35:11 +0000 (UTC) (envelope-from alnis.moritz@gmail.com) Received: by mail-lf0-x22e.google.com with SMTP id z15so27910193lfd.1 for ; Sat, 11 Mar 2017 05:35:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=6fkzmj/+ONSWS1ae86NHHe+XGBkXmnGHVZpOGEllSJE=; b=t2dzLG5fiPv6oM2mx4yvECOQPo1DyQGq6M6pn3x/Sc7XTkVxxfhrHKl6kt0C+/dchJ N7L0IafPtEL+aMRDj2/lMh+EMmOzxzjiGgDt1sBMRJAfBmE6rlZKDygnneM9PwANzgDW nZziImm4CSRSqXkXjwGVm46Iye5irNm0TensrvNR+WtiKW5U2rcQbAXvA80eGe9Oj1+s TARI6yuG1nyKdMkZtKJhxCb7L7xovWXxPTOxB8jEPAwyPAoZmgfEY/4L4q7We8qFWWGz dV7xYIsbDIDmqwp5e/vwLdx+XSTEGxzWP2cernuy7OAGhhhEEBKbMY2I0KZbTS3m8m0Z snew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=6fkzmj/+ONSWS1ae86NHHe+XGBkXmnGHVZpOGEllSJE=; b=VUJv7LAzQ+ubdTx5JZGSFjd8D08WVrcAQ42NGIj41hJBq3ceIQ+oCg79pin2HVtRo4 sQbwohJybPD7URpYgFRviCrS66j26heoSuCkpKLjFqLuNK8zr4qa/gwmjF+awu4sSrzB gvaKpAyq8hC8UAwDCPB6vlgLoRWK8gy6Ufi5D9HdPikij1HmM9yjGtJBCL5FQmmwnwka c5iFJop8sXQ0FhhsqSkwS7ybO/i4q1BwMd4+TbWVNu5/1ImzHnctkvIiuZRwhRHvuv8K lCrsyna8Kca6L52Cpl/ECRK+NsRi1uw0GsS0U54CAhsTvMmy30CHliGKx4JulReu5aLw NAaQ== X-Gm-Message-State: AMke39l1E3qPrJpNNFe0VWzww+fQIWFSjIlrVaX4O9Lz/xP0tsYIbXnBAyWGBxCkbds+tw== X-Received: by 10.46.84.84 with SMTP id y20mr6946440ljd.126.1489239308250; Sat, 11 Mar 2017 05:35:08 -0800 (PST) Received: from blazon-pfbsd.rw.lan ([78.84.248.245]) by smtp.gmail.com with ESMTPSA id 16sm1189793ljv.67.2017.03.11.05.35.07 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 11 Mar 2017 05:35:07 -0800 (PST) Subject: Re: Jail limited user cannot access host mountpoint although jail root can To: freebsd-questions@freebsd.org References: From: Alnis Morics Message-ID: Date: Sat, 11 Mar 2017 15:35:06 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Mar 2017 13:35:12 -0000 On 03/11/2017 04:59, DaLynX via freebsd-questions wrote: > Hello, > > I am trying to make my setup work with jails and got stuck in the > following situation: > > - Host is mounting a fuse filesystem (because I couldn't make it work directly inside the jail - although the /dev/fuse device was accessible) in the jail's chroot. > - From root@host, everything looks fine. > - root@jail, too, can access the mounted filesystem, read files, no problem. > - limited@jail can see the mountpoints but cannot access them in any way (no cd, no ls...) although the file permissions look okay (it's all 755, and for some reason limited is the owner of all mountpoints). > > What could have gone wrong? I tried playing around with > vfs.usermount on the host or enforce_statfs on the jail but it > makes no difference. > > Any pointers would be greatly appreciated. > > Kind regards, > DaLynX Why not use mount_nullfs(8)? Like: mount_nullfs /usr/jails// -Alnis