Date: Wed, 25 Jun 2008 17:52:52 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: freebsd-jail@FreeBSD.org Subject: Re: is nfs mount inside jail possible? Message-ID: <20080625175252.18342qpk0oc2zc4k@webmail.leidinger.net> In-Reply-To: <20080625173401.116369ceeiewif40@webmail.leidinger.net> References: <62852722@bb.ipt.ru> <20080625173401.116369ceeiewif40@webmail.leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Alexander Leidinger <Alexander@Leidinger.net> (from Wed, 25 =20
Jun 2008 17:34:01 +0200):
> To do this edit src/sys/nfsclient/nfs_vfsopts.c, search VFS_SET and =20
> change it to
> VFS_SET(nfs_vfsops, nfs, VFCF_NETWORK|VFCF_JAIL);
Oh: I haven't checked if this actually works. I don't know if all =20
places DTRT then. Normally it should work, but you better test if it =20
really puts the FS in the place where you want it, that you can =20
mount/umount it, that "mount -v" shows the expected output on the host =20
and in the jail, and so on.
Similar things can be done for =20
src/sys/fs/{cd9660|msdosfs|ntfs|nullfs|smbfs|udf|unionfs}. Those are =20
the FS's which _should_ be safe, either because they work with =20
untrusted data anyway, or because it's a loopback mount. But again, I =20
haven't tested any of them (I have them patched locally, but even the =20
initial testing is on my TODO list with a low priority).
Bye,
Alexander.
--=20
At the end of the semester you will recall having
enrolled in a course at the beginning of the semester
-- and never attending.
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080625175252.18342qpk0oc2zc4k>