> On Jan 20, 2024, at 10:09 AM, Rick Macklem <rick.mack...@gmail.com> wrote:
>
> On Sat, Jan 20, 2024 at 6:48 AM Marek Zarychta
> <zarych...@plan-b.pwste.edu.pl> wrote:
>>
>> Dear List,
>>
>> there were some efforts to allow running nfsd(8) inside the jail, but is
>> mounting an NFS share from the jail allowed? Inside the jail
>> "security.jail.mount_allowed" is set to 1, I also added "add path net
>> unhide" to the ruleset in devfs.rules but when trying to mount the NFS
>> share I get only the error:
>>
>> mount_nfs: nmount: /usr/src: Operation not permitted
>>
>> It's not a big deal, the shares can be mounted from the jail host, but I
>> am surprised that one can run NFSD inside the jail while mounting NFS
>> shares is still denied.
>>
>> Am I missing anything or is mounting NFS from inside the jail still
>> unsupported? The tests were done on the recent stable/14 from the vnet
>> jail. Any clues h will be appreciated.
> You are correct. Mounting from inside a jail is not supported.
> After doing the vnet conversion for nfsd, I tried doing it for the NFS client.
> There were a moderate # of global variables that needed to be vnet'd,
> which I did. The hard/messy part was having the threads (anything that
> calls an NFS VFS/VOP call) set to the proper vnet.
> It would have required a massive # of CURVET_SET()/CURVET_RESTORE()
> macros and I decided that it was just too messy.
(slight hijack)
I'm curious, I currently have a need for either have an nfs server or client in
a jail and have had no luck even with the userspace nfsd
(https://unfs3.github.io/ / https://www.freshports.org/net/unfs3/). Is there
any in-jail solution that works on FreeBSD? It's mainly for very light
log-parsing and I want it all inside a jail for portability between hosts. Not
even married to nfs if there's another in-jail option...
Charles
> If it becomes a necessary feature, it is ugly but doable.
>
> rick
>
>>
>> Cheers
>>
>> --
>> Marek Zarychta
