Re: RFC: nfsd in a vnet jail
- Reply: Olivier Certner : "Re: RFC: nfsd in a vnet jail"
- In reply to: Olivier Certner : "Re: RFC: nfsd in a vnet jail"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 02 Dec 2022 14:44:30 UTC
On Fri, Dec 2, 2022 at 2:03 AM Olivier Certner <olivier.freebsd@free.fr> wrote: > Hi, > > > (snip) > > > > #2 - Require separate file systems and run mountd inside the jail(s). > > > > I think that allowing both alternatives would be too confusing > > and it seems that most want mountd to run within the jail(s). > > As such, unless others prefer #1, I think #2 is the way to go. > > Just to be sure I've understood correctly: You plan to make a separate > filesystem as jail's root a requirement but only in the case of using > mountd(8) in the jail? Or in general? > Certainly not in general. Current plan is for the case of mountd/nfsd. To enforce it for cases where mountd/nfsd is not being run would definitely be a POLA violation. rick > > While I think doing so in the NFSv4/mountd case is indeed a good idea, I > don't > think enforcing it in general is. It would generally degrade the multiple > jails management experience on UFS (in the absence of a volume manager), > where > all jails have roots in the same filesystem (to avoid > allocating/deallocating > space as jails come and go or must be resized). > > Regards. > > -- > Olivier Certner > > >