NFS mount inside jail fails
Alexander Leidinger
Alexander at Leidinger.net
Thu May 19 12:44:27 UTC 2011
Quoting Arnaud Lacombe <lacombar at gmail.com> (from Wed, 18 May 2011
22:37:24 -0400):
> Hi,
>
> On Wed, May 18, 2011 at 10:03 AM, Pawel Jakub Dawidek
> <pjd at freebsd.org> wrote:
>> There are some file systems types that can't be securely mounted within
>> a jail no matter what, like UFS, MSDOFS, EXTFS, XFS, REISERFS, NTFS,
>> etc. because the user mounting it has access to raw storage and can
>> corrupt it in a way that it will panic entire system.
>>
> This should at least be configurable somehow for people who are using
> jails for separation and do not care about security. I'd expect that
> security decision whether or not to allow something is user relevant,
> not developer relevant.
The hardcoded version of this which I use exacly for the purpose you
told here is at
http://www.leidinger.net/FreeBSD/current-patches/sys:fs.diff
Bye,
Alexander.
--
I think my career is ruined!
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
More information about the freebsd-hackers
mailing list