svn commit: r336565 - in head: etc/defaults sys/fs/fuse usr.sbin/jail

Alan Somers asomers at FreeBSD.org
Fri Jul 20 21:35:32 UTC 2018 

Author: asomers
Date: Fri Jul 20 21:35:31 2018
New Revision: 336565
URL: https://svnweb.freebsd.org/changeset/base/336565

Log:
  Allow mounting FUSE filesystems in jails
  
  Reviewed by:	jamie
  MFC after:	2 weeks
  Relnotes:	yes
  Differential Revision:	https://reviews.freebsd.org/D16371

Modified:
  head/etc/defaults/devfs.rules
  head/sys/fs/fuse/fuse_main.c
  head/usr.sbin/jail/jail.8

Modified: head/etc/defaults/devfs.rules
==============================================================================
--- head/etc/defaults/devfs.rules	Fri Jul 20 18:59:48 2018	(r336564)
+++ head/etc/defaults/devfs.rules	Fri Jul 20 21:35:31 2018	(r336565)
@@ -84,4 +84,5 @@ add path stderr unhide
 add include $devfsrules_hide_all
 add include $devfsrules_unhide_basic
 add include $devfsrules_unhide_login
+add path fuse unhide
 add path zfs unhide

Modified: head/sys/fs/fuse/fuse_main.c
==============================================================================
--- head/sys/fs/fuse/fuse_main.c	Fri Jul 20 18:59:48 2018	(r336564)
+++ head/sys/fs/fuse/fuse_main.c	Fri Jul 20 21:35:31 2018	(r336565)
@@ -91,7 +91,7 @@ static struct vfsconf fuse_vfsconf = {
 	.vfc_name = "fusefs",
 	.vfc_vfsops = &fuse_vfsops,
 	.vfc_typenum = -1,
-	.vfc_flags = VFCF_SYNTHETIC
+	.vfc_flags = VFCF_JAIL | VFCF_SYNTHETIC
 };
 
 SYSCTL_INT(_vfs_fuse, OID_AUTO, kernelabi_major, CTLFLAG_RD,

Modified: head/usr.sbin/jail/jail.8
==============================================================================
--- head/usr.sbin/jail/jail.8	Fri Jul 20 18:59:48 2018	(r336564)
+++ head/usr.sbin/jail/jail.8	Fri Jul 20 21:35:31 2018	(r336565)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd May 4, 2018
+.Dd July 20, 2018
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -575,6 +575,14 @@ Module-specific parameters include:
 .It Va allow.mount.fdescfs
 privileged users inside the jail will be able to mount and unmount the
 fdescfs file system.
+This permission is effective only together with
+.Va allow.mount
+and only when
+.Va enforce_statfs
+is set to a value lower than 2.
+.It Va allow.mount.fusefs
+privileged users inside the jail will be able to mount and unmount 
+fuse-based file systems.
 This permission is effective only together with
 .Va allow.mount
 and only when

More information about the svn-src-head mailing list