From owner-freebsd-jail@FreeBSD.ORG Wed Jun 25 15:53:05 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E19A91065672 for ; Wed, 25 Jun 2008 15:53:05 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 869AB8FC12 for ; Wed, 25 Jun 2008 15:53:05 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A54EEB.dip.t-dialin.net [84.165.78.235]) by redbull.bpaserver.net (Postfix) with ESMTP id C3B5E2E16C; Wed, 25 Jun 2008 17:52:55 +0200 (CEST) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id 2C8F51325F9; Wed, 25 Jun 2008 17:52:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1214409173; bh=utMRpCsOwVgYBWS0TDntsHgu4BNnMI4DF rVYALaarTI=; h=Message-ID:Date:From:To:Cc:Subject:References: In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=IeahjUSsj0xNZNIl/P9hLoVPvyzEn2jn4Az3RtpVoZDYHZs13IJCHKh2C3a3Oa8n+ CHDt4rB2njIl5gKcxXm9htKyynmXIql+3EdO6YJnIbnv6ZaBPMgjoDI0N3SIkL56Eb3 A7ujm+qP9mOsiuNuuW2cEaV0orxEZTRaNewEAqZ+DF0h/6idNgF9/PqPMkBPg+0wwa6 W0+pUNu//vP6mlwKlfR69dBxHtDDJQnHIqf+zVVNo2K5n75jZ7oe10w7e04BU+ug0Pi R44QO+i99y21gRTISS4WHptSQdMIpm6YWdrd44V8x2P7shHZvYalmsWLrUaRUnARiHA m7E4pTiqw== Received: (from www@localhost) by webmail.leidinger.net (8.14.2/8.13.8/Submit) id m5PFqqrS033995; Wed, 25 Jun 2008 17:52:52 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Wed, 25 Jun 2008 17:52:52 +0200 Message-ID: <20080625175252.18342qpk0oc2zc4k@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Wed, 25 Jun 2008 17:52:52 +0200 From: Alexander Leidinger To: Alexander Leidinger References: <62852722@bb.ipt.ru> <20080625173401.116369ceeiewif40@webmail.leidinger.net> In-Reply-To: <20080625173401.116369ceeiewif40@webmail.leidinger.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.2-RC2) / FreeBSD-8.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, ORDB-RBL, SpamAssassin (not cached, score=-14.9, required 6, BAYES_00 -15.00, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, RDNS_DYNAMIC 0.10) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: freebsd-jail@FreeBSD.org Subject: Re: is nfs mount inside jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jun 2008 15:53:06 -0000 Quoting Alexander Leidinger (from Wed, 25 =20 Jun 2008 17:34:01 +0200): > To do this edit src/sys/nfsclient/nfs_vfsopts.c, search VFS_SET and =20 > change it to > VFS_SET(nfs_vfsops, nfs, VFCF_NETWORK|VFCF_JAIL); Oh: I haven't checked if this actually works. I don't know if all =20 places DTRT then. Normally it should work, but you better test if it =20 really puts the FS in the place where you want it, that you can =20 mount/umount it, that "mount -v" shows the expected output on the host =20 and in the jail, and so on. Similar things can be done for =20 src/sys/fs/{cd9660|msdosfs|ntfs|nullfs|smbfs|udf|unionfs}. Those are =20 the FS's which _should_ be safe, either because they work with =20 untrusted data anyway, or because it's a loopback mount. But again, I =20 haven't tested any of them (I have them patched locally, but even the =20 initial testing is on my TODO list with a low priority). Bye, Alexander. --=20 At the end of the semester you will recall having enrolled in a course at the beginning of the semester -- and never attending. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137