Eugene Mitrofanov
2010-May-25 08:58 UTC
FreeBSD 8.1 prerelease "security.jail.mount_allowed" is broken?
Hello I try to do mount from a jail but it failed. Could you advise me where is my mistake? root@ftp:eugene# uname -mrs FreeBSD 8.1-PRERELEASE amd64 root@ftp:eugene# sysctl -a | grep -E '(jailed|mount)' vfs.usermount: 1 vfs.ffs.compute_summary_at_mount: 0 security.jail.mount_allowed: 1 security.jail.jailed: 1 root@ftp:eugene# mount /dev/da2s2a /var/t mount: /dev/da2s2a : Operation not permitted root@ftp:eugene# mount /dev/md1 /var/t mount: /dev/md1 : Operation not permitted root@ftp:eugene# mount /dev/zvol/tank/ftp.journal /var/t mount: /dev/zvol/tank/ftp.journal : Operation not permitted Best regards -- EMIT-RIPN, EVM7-RIPE
Pawel Jakub Dawidek
2010-May-25 19:11 UTC
FreeBSD 8.1 prerelease "security.jail.mount_allowed" is broken?
On Tue, May 25, 2010 at 12:35:19PM +0400, Eugene Mitrofanov wrote:> Hello > > I try to do mount from a jail but it failed. Could you advise me where is my > mistake? > > root@ftp:eugene# uname -mrs > FreeBSD 8.1-PRERELEASE amd64 > root@ftp:eugene# sysctl -a | grep -E '(jailed|mount)' > vfs.usermount: 1 > vfs.ffs.compute_summary_at_mount: 0 > security.jail.mount_allowed: 1 > security.jail.jailed: 1 > root@ftp:eugene# mount /dev/da2s2a /var/t > mount: /dev/da2s2a : Operation not permitted > root@ftp:eugene# mount /dev/md1 /var/t > mount: /dev/md1 : Operation not permitted > root@ftp:eugene# mount /dev/zvol/tank/ftp.journal /var/t > mount: /dev/zvol/tank/ftp.journal : Operation not permittedYou can only mount jail-friendly file systems - those with 'jail' keyword in lsvfs(1) output. What you tried can't be safe. Imagine creating corrupted file system on da2s2a and mounting it. It will panic entire system, not only your jail. -- Pawel Jakub Dawidek http://www.wheelsystems.com pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20100525/a7622e84/attachment.pgp