mounting NFS share from the jail

Reply: Rick Macklem : "Re: mounting NFS share from the jail"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Marek Zarychta <zarychtam_at_plan-b.pwste.edu.pl>
Date: Sat, 20 Jan 2024 14:47:54 UTC

Dear List,

there were some efforts to allow running nfsd(8) inside the jail, but is
mounting an NFS share from the jail allowed?  Inside the jail
"security.jail.mount_allowed" is set to 1, I also added "add path net
unhide" to the ruleset in devfs.rules but when trying to mount the NFS
share I get only the error:

mount_nfs: nmount: /usr/src: Operation not permitted

It's not a big deal, the shares can be mounted from the jail host, but I
am surprised that one can run NFSD inside the jail while mounting NFS
shares is still denied.

Am I missing anything or is mounting NFS from inside the jail still
unsupported?  The tests were done on the recent stable/14 from the vnet
jail.  Any clues h will be appreciated.

Cheers

-- 
Marek Zarychta