From nobody Mon Feb 12 18:16:35 2024
X-Original-To: fs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TYXj10zVFz5BHkq
	for <fs@mlmmj.nyi.freebsd.org>; Mon, 12 Feb 2024 18:16:37 +0000 (UTC)
	(envelope-from brooks@spindle.one-eyed-alien.net)
Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TYXj06QJ8z4d4t
	for <fs@freebsd.org>; Mon, 12 Feb 2024 18:16:36 +0000 (UTC)
	(envelope-from brooks@spindle.one-eyed-alien.net)
Authentication-Results: mx1.freebsd.org;
	none
Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001)
	id A299F3C019A; Mon, 12 Feb 2024 18:16:35 +0000 (UTC)
Date: Mon, 12 Feb 2024 18:16:35 +0000
From: Brooks Davis <brooks@freebsd.org>
To: Chuck Tuffli <chuck@tuffli.net>
Cc: fs@freebsd.org
Subject: Re: when is VFCF_JAIL allowed?
Message-ID: <Zcpgg9lHA22ejscd@spindle.one-eyed-alien.net>
References: <acb057e2-9a77-4bef-9b99-307c4e23a26d@app.fastmail.com>
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-fs
List-Help: <mailto:freebsd-fs+help@freebsd.org>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Subscribe: <mailto:freebsd-fs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-fs+unsubscribe@freebsd.org>
Sender: owner-freebsd-fs@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <acb057e2-9a77-4bef-9b99-307c4e23a26d@app.fastmail.com>
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:36236, ipnet:199.48.128.0/22, country:US]
X-Rspamd-Queue-Id: 4TYXj06QJ8z4d4t
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated

On Mon, Feb 12, 2024 at 10:02:01AM -0800, Chuck Tuffli wrote:
> I was experimenting with a workflow and needed to allow a jail to mount an ISO image. This fails because the cd9660 file system does not set VFCF_JAIL:
>                       can be mounted from within a jail if allow.mount and
>                       allow.mount.<vfc_name> jail parameters are set
> Is there a reason jails should not be allowed to mount an ISO or is it because no one has added the support?

File systems where the kernel parses a binary disk image aren't generally
safe because a bad image can corrupt kernel state.  It should be safe
and allowed to mount an ISO via fusefs (not sure if we have a module
available in ports, but I'd guess so.)

-- Brooks