The branch stable/13 has been updated by rmacklem:
URL:
https://cgit.FreeBSD.org/src/commit/?id=abae7d6e2dea79681ce004937b4cf415463975be
commit abae7d6e2dea79681ce004937b4cf415463975be
Author: Rick Macklem <rmack...@freebsd.org>
AuthorDate: 2023-02-02 00:02:20 +0000
Commit: Rick Macklem <rmack...@freebsd.org>
CommitDate: 2023-05-17 14:39:24 +0000
prison_check_nfsd: Add check for enforce_statfs != 0
Since mountd(8) will not be able to do exports
when running in a vnet prison if enforce_statfs is
set to 0, add a check for this to prison_check_nfsd().
(cherry picked from commit 99187c3a44c2c3e168e462a30d45af075748195f)
---
sys/kern/kern_jail.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 0a9d311eeafd..622b9f6c7cb9 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -3194,6 +3194,8 @@ prison_check(struct ucred *cred1, struct ucred *cred2)
* - The root directory (pr_root) of the prison must be
* a file system mount point, so the mountd can hang
* export information on it.
+ * - The prison's enforce_statfs cannot be 0, so that
+ * mountd(8) can do exports.
*/
bool
prison_check_nfsd(struct ucred *cred)
@@ -3205,6 +3207,8 @@ prison_check_nfsd(struct ucred *cred)
return (false);
if ((cred->cr_prison->pr_root->v_vflag & VV_ROOT) == 0)
return (false);
+ if (cred->cr_prison->pr_enforce_statfs == 0)
+ return (false);
return (true);
}
