HomeFreeBSD
Diffusion FreeBSD src repository dc52667a928a

vfs_mount.c: Allow mountd(8) to do exports in a vnet prison
dc52667a928a
Actions

Description

vfs_mount.c: Allow mountd(8) to do exports in a vnet prison

To run mountd in a vnet prison, three checks in vfs_domount()
and vfs_domount_update() related to doing exports needed
to be changed, so that a file system visible within the
prison but mounted outside the prison can be exported.

I did all three in a minimal way, only changing the checks for
the specific case of a process (typically mountd) doing exports
within a vnet prison and not updating the mount point in other
ways. The changes are:

  • Ignore the error return from vfs_suser(), since the file system being mounted outside the prison will cause it to fail.
  • Use the priv_check(PRIV_NFS_DAEMON) for this specific case within a prison.
  • Skip the call to VFS_MOUNT(), since it will return an error, due to the "from" argument not being set correctly. VFS_MOUNT() does not appear to do anything for the case of doing exports only.

(cherry picked from commit 4bbbd5875d32f3cbe76235d90243f713eff9b9d0)

Details

Provenance
rmacklemAuthored on Mar 2 2023, 9:09 PM
Parents
rG5832d5f03e0f: vfs_export: Add mnt_exjail to control exports done in prisons
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
kern/

rGdc52667a928a

View Options

sys/kern/vfs_mount.c

Loading...