From owner-freebsd-jail@FreeBSD.ORG Thu Jun 26 12:32:00 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD6571065674 for ; Thu, 26 Jun 2008 12:32:00 +0000 (UTC) (envelope-from bsam@ipt.ru) Received: from services.ipt.ru (services.ipt.ru [194.62.233.110]) by mx1.freebsd.org (Postfix) with ESMTP id 6C4788FC22 for ; Thu, 26 Jun 2008 12:32:00 +0000 (UTC) (envelope-from bsam@ipt.ru) Received: from bb.ipt.ru ([194.62.233.89]) by services.ipt.ru with esmtp (Exim 4.54 (FreeBSD)) id 1KBqdq-000Hij-8t; Thu, 26 Jun 2008 16:31:58 +0400 To: Alexander Leidinger References: <62852722@bb.ipt.ru> <20080625173401.116369ceeiewif40@webmail.leidinger.net> <20080625175252.18342qpk0oc2zc4k@webmail.leidinger.net> From: Boris Samorodov Date: Thu, 26 Jun 2008 16:31:49 +0400 In-Reply-To: <20080625175252.18342qpk0oc2zc4k@webmail.leidinger.net> (Alexander Leidinger's message of "Wed\, 25 Jun 2008 17\:52\:52 +0200") Message-ID: <82521962@bb.ipt.ru> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-jail@FreeBSD.org Subject: Re: is nfs mount inside jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2008 12:32:00 -0000 On Wed, 25 Jun 2008 17:52:52 +0200 Alexander Leidinger wrote: > Quoting Alexander Leidinger (from Wed, 25 > Jun 2008 17:34:01 +0200): > > To do this edit src/sys/nfsclient/nfs_vfsopts.c, search VFS_SET and > > change it to > > VFS_SET(nfs_vfsops, nfs, VFCF_NETWORK|VFCF_JAIL); > Oh: I haven't checked if this actually works. I don't know if all > places DTRT then. Normally it should work, but you better test if it > really puts the FS in the place where you want it, that you can > mount/umount it, that "mount -v" shows the expected output on the host > and in the jail, and so on. > Similar things can be done for > src/sys/fs/{cd9660|msdosfs|ntfs|nullfs|smbfs|udf|unionfs}. Those are > the FS's which _should_ be safe, either because they work with > untrusted data anyway, or because it's a loopback mount. But again, I > haven't tested any of them (I have them patched locally, but even the > initial testing is on my TODO list with a low priority). I see. If my task won't change I'll check what I ca do. Thanks! WBR -- Boris Samorodov (bsam) Research Engineer, http://www.ipt.ru Telephone & Internet SP FreeBSD committer, http://www.FreeBSD.org The Power To Serve