On Thu, Feb 23, 2012 at 06:51:24PM +0000, Martin Matuska wrote: > Author: mm > Date: Thu Feb 23 18:51:24 2012 > New Revision: 232059 > URL: http://svn.freebsd.org/changeset/base/232059 > > Log: > To improve control over the use of mount(8) inside a jail(8), introduce > a new jail parameter node with the following parameters: > > allow.mount.devfs: > allow mounting the devfs filesystem inside a jail > > allow.mount.nullfs: > allow mounting the nullfs filesystem inside a jail > > Both parameters are disabled by default (equals the behavior before > devfs and nullfs in jails). Administrators have to explicitly allow > mounting devfs and nullfs for each jail. The value "-1" of the > devfs_ruleset parameter is removed in favor of the new allow setting. > > Reviewed by: jamie > Suggested by: pjd > MFC after: 2 weeks
Thanks. Could you also add such an option for ZFS? It would also be nice to document the fact that when file system is using VFCF_JAIL flag, it should be added to allow.mount. Not sure where would be the best place to document that, though. VFS_INIT(9) would be best, but eventhough it is referenced by VFS(9), it doesn't exist... -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl
pgpXl06vaJ0Vg.pgp
Description: PGP signature
