From nobody Mon Feb 12 18:02:01 2024 X-Original-To: fs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TYXNd30T5z5BGW8 for ; Mon, 12 Feb 2024 18:02:25 +0000 (UTC) (envelope-from chuck@tuffli.net) Received: from wfhigh5-smtp.messagingengine.com (wfhigh5-smtp.messagingengine.com [64.147.123.156]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TYXNc4X3Dz4ZJZ for ; Mon, 12 Feb 2024 18:02:24 +0000 (UTC) (envelope-from chuck@tuffli.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tuffli.net header.s=fm3 header.b=DEFUvb+n; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=YGM22hJb; dmarc=none; spf=pass (mx1.freebsd.org: domain of chuck@tuffli.net designates 64.147.123.156 as permitted sender) smtp.mailfrom=chuck@tuffli.net Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfhigh.west.internal (Postfix) with ESMTP id B189B180007B for ; Mon, 12 Feb 2024 13:02:22 -0500 (EST) Received: from imap51 ([10.202.2.101]) by compute7.internal (MEProxy); Mon, 12 Feb 2024 13:02:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tuffli.net; h=cc :content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:subject:subject:to:to; s=fm3; t=1707760942; x=1707847342; bh=25WlmyGh3dyAbqr11QnZXl3wpjHqv1F7 G2GWIPVWaUY=; b=DEFUvb+nGxiLF8HHAajrw8TOhU3S2tzGq+iyprlOptH32HmW /7/KG953XlVD0KHLe0AM6ghnwz7OtbaTzmnq9QQbNFh+9FBChJzkb6H/MHIyF/k2 5xPpCyyPa3dod2SYeR65rCzQ1sasqkVuTZz2oaKGNed2lSVw7m6UBhbMHTaKpzcm 4gIs5U/40OEC5ZB5PXHehaXbZGFCPipBIroFWzvEQ683S/gDfO+AEUT3c/Ngl4Xp vFfhju1+11SluzJoxnAeBsCHgq0Dn5DW//JlR13rzKTQB+3m8eWsxASLzuset5tR cNR1Z5wPPVNcszS/1o0xw7qoJ+9MSoJHBT1xFg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1707760942; x=1707847342; bh=25WlmyGh3dyAbqr11QnZXl3wpjHqv1F7G2G WIPVWaUY=; b=YGM22hJbVAAshkagQTKyig1p3K7zk+ghWvDN2rHT6FiSX0d27Zs oGCd7dWyjv51fUNEJTSuie0zT0pTczOY25cc+GL7Iv7vQq10F93sFb8Gs8hOvuTt nzRJ7aR+wzFCga39Z85C+GxDD2V5VlYOILk9KiO5b5wAy57FzZ836gBHvI5Xf3Ho se1mD/OdE6yWo8pC206TVFmto188b5nB1V6hc0oQFydjuocq3T2QGGHQpXvdN5Au vAXJ6Qqs4objjSxA4vhrTDsfWjg0cm2257m5piiyMb6jUkcIJpIeNfEbNJOARZ+Q Eao1HLqBrPXW7rkSV62vF8j1g+CvmobOaPg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudefgddutdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsegrtderre erredtnecuhfhrohhmpedfvehhuhgtkhcuvfhufhhflhhifdcuoegthhhutghksehtuhhf fhhlihdrnhgvtheqnecuggftrfgrthhtvghrnheptdeigfevfedvheffieehleefjeefhf ffhfdttddtuefffffgkeffveelteehgeelnecuvehluhhsthgvrhfuihiivgeptdenucfr rghrrghmpehmrghilhhfrhhomheptghhuhgtkhesthhufhhflhhirdhnvght X-ME-Proxy: Feedback-ID: ib6f94606:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id DB083B6008D; Mon, 12 Feb 2024 13:02:21 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-144-ge5821d614e-fm-20240125.002-ge5821d61 List-Id: Filesystems List-Archive: https://lists.freebsd.org/archives/freebsd-fs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-fs@freebsd.org MIME-Version: 1.0 Message-Id: Date: Mon, 12 Feb 2024 10:02:01 -0800 From: "Chuck Tuffli" To: fs@FreeBSD.org Subject: when is VFCF_JAIL allowed? Content-Type: multipart/alternative; boundary=9d79a5436a884e57ba155758986a7e4a X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.49 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_SHORT(-1.00)[-0.995]; R_SPF_ALLOW(-0.20)[+ip4:64.147.123.128/27]; R_DKIM_ALLOW(-0.20)[tuffli.net:s=fm3,messagingengine.com:s=fm3]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; XM_UA_NO_VERSION(0.01)[]; ARC_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEFALL_USER(0.00)[chuck]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US]; DWL_DNSWL_NONE(0.00)[messagingengine.com:dkim]; RCVD_IN_DNSWL_NONE(0.00)[64.147.123.156:from]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; DMARC_NA(0.00)[tuffli.net]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; PREVIOUSLY_DELIVERED(0.00)[fs@freebsd.org]; MLMMJ_DEST(0.00)[fs@FreeBSD.org]; DKIM_TRACE(0.00)[tuffli.net:+,messagingengine.com:+] X-Rspamd-Queue-Id: 4TYXNc4X3Dz4ZJZ --9d79a5436a884e57ba155758986a7e4a Content-Type: text/plain I was experimenting with a workflow and needed to allow a jail to mount an ISO image. This fails because the cd9660 file system does not set VFCF_JAIL: can be mounted from within a jail if allow.mount and allow.mount. jail parameters are set Is there a reason jails should not be allowed to mount an ISO or is it because no one has added the support? --chuck --9d79a5436a884e57ba155758986a7e4a Content-Type: text/html
I was experimenting with a workflow and needed to allow a jail to mount an ISO image. This fails because the cd9660 file system does not set VFCF_JAIL:
                      can be mounted from within a jail if allow.mount and
                      allow.mount.<vfc_name> jail parameters are set
Is there a reason jails should not be allowed to mount an ISO or is it because no one has added the support?

--chuck
--9d79a5436a884e57ba155758986a7e4a--