On Sat, Jan 20, 2024 at 10:55 AM Charles Sprickman <[email protected]> wrote: > > > > > On Jan 20, 2024, at 10:09 AM, Rick Macklem <[email protected]> wrote: > > > > On Sat, Jan 20, 2024 at 6:48 AM Marek Zarychta > > <[email protected]> wrote: > >> > >> Dear List, > >> > >> there were some efforts to allow running nfsd(8) inside the jail, but is > >> mounting an NFS share from the jail allowed? Inside the jail > >> "security.jail.mount_allowed" is set to 1, I also added "add path net > >> unhide" to the ruleset in devfs.rules but when trying to mount the NFS > >> share I get only the error: > >> > >> mount_nfs: nmount: /usr/src: Operation not permitted > >> > >> It's not a big deal, the shares can be mounted from the jail host, but I > >> am surprised that one can run NFSD inside the jail while mounting NFS > >> shares is still denied. > >> > >> Am I missing anything or is mounting NFS from inside the jail still > >> unsupported? The tests were done on the recent stable/14 from the vnet > >> jail. Any clues h will be appreciated. > > You are correct. Mounting from inside a jail is not supported. > > After doing the vnet conversion for nfsd, I tried doing it for the NFS > > client. > > There were a moderate # of global variables that needed to be vnet'd, > > which I did. The hard/messy part was having the threads (anything that > > calls an NFS VFS/VOP call) set to the proper vnet. > > It would have required a massive # of CURVET_SET()/CURVET_RESTORE() > > macros and I decided that it was just too messy. > > (slight hijack) > > I'm curious, I currently have a need for either have an nfs server or client > in a jail and have had no luck even with the userspace nfsd > (https://unfs3.github.io/ / https://www.freshports.org/net/unfs3/). Is there > any in-jail solution that works on FreeBSD? It's mainly for very light > log-parsing and I want it all inside a jail for portability between hosts. > Not even married to nfs if there's another in-jail option...
As above, NFS client mount no, nfsd yes. See: https://people.freebsd.org/~rmacklem/nfsd-vnet-prison-setup.txt rick > > Charles > > > > If it becomes a necessary feature, it is ugly but doable. > > > > rick > > > >> > >> Cheers > >> > >> -- > >> Marek Zarychta > >
