Re: mounting NFS share from the jail
- In reply to: Rick Macklem : "Re: mounting NFS share from the jail"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 20 Jan 2024 15:47:47 UTC
Dnia Sat, Jan 20, 2024 at 07:09:40AM -0800, Rick Macklem napisał(a): > On Sat, Jan 20, 2024 at 6:48 AM Marek Zarychta > <zarychtam@plan-b.pwste.edu.pl> wrote: > > > > Dear List, > > > > there were some efforts to allow running nfsd(8) inside the jail, but is > > mounting an NFS share from the jail allowed? Inside the jail > > "security.jail.mount_allowed" is set to 1, I also added "add path net > > unhide" to the ruleset in devfs.rules but when trying to mount the NFS > > share I get only the error: > > > > mount_nfs: nmount: /usr/src: Operation not permitted > > > > It's not a big deal, the shares can be mounted from the jail host, but I > > am surprised that one can run NFSD inside the jail while mounting NFS > > shares is still denied. > > > > Am I missing anything or is mounting NFS from inside the jail still > > unsupported? The tests were done on the recent stable/14 from the vnet > > jail. Any clues h will be appreciated. > You are correct. Mounting from inside a jail is not supported. > After doing the vnet conversion for nfsd, I tried doing it for the NFS client. > There were a moderate # of global variables that needed to be vnet'd, > which I did. The hard/messy part was having the threads (anything that > calls an NFS VFS/VOP call) set to the proper vnet. > It would have required a massive # of CURVET_SET()/CURVET_RESTORE() > macros and I decided that it was just too messy. > > If it becomes a necessary feature, it is ugly but doable. > Thank you for the clarification and for giving some insight into the problem. Marek Zarychta > rick > > > > > Cheers > > > > -- > > Marek Zarychta > >