From 5717aa2d2a0d88977b04509e4885e4748cf66569 Mon Sep 17 00:00:00 2001 From: Alan Somers Date: Fri, 20 Jul 2018 21:35:31 +0000 Subject: [PATCH] Allow mounting FUSE filesystems in jails Reviewed by: jamie MFC after: 2 weeks Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16371 --- etc/defaults/devfs.rules | 1 + sys/fs/fuse/fuse_main.c | 2 +- usr.sbin/jail/jail.8 | 10 +++++++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/etc/defaults/devfs.rules b/etc/defaults/devfs.rules index 060e6317766..4f5373d1c4c 100644 --- a/etc/defaults/devfs.rules +++ b/etc/defaults/devfs.rules @@ -84,4 +84,5 @@ add path stderr unhide add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login +add path fuse unhide add path zfs unhide diff --git a/sys/fs/fuse/fuse_main.c b/sys/fs/fuse/fuse_main.c index fe38085d560..ca712709a72 100644 --- a/sys/fs/fuse/fuse_main.c +++ b/sys/fs/fuse/fuse_main.c @@ -91,7 +91,7 @@ static struct vfsconf fuse_vfsconf = { .vfc_name = "fusefs", .vfc_vfsops = &fuse_vfsops, .vfc_typenum = -1, - .vfc_flags = VFCF_SYNTHETIC + .vfc_flags = VFCF_JAIL | VFCF_SYNTHETIC }; SYSCTL_INT(_vfs_fuse, OID_AUTO, kernelabi_major, CTLFLAG_RD, diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index c0ebe3b0537..54f6577edab 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 4, 2018 +.Dd July 20, 2018 .Dt JAIL 8 .Os .Sh NAME @@ -580,6 +580,14 @@ This permission is effective only together with and only when .Va enforce_statfs is set to a value lower than 2. +.It Va allow.mount.fusefs +privileged users inside the jail will be able to mount and unmount +fuse-based file systems. +This permission is effective only together with +.Va allow.mount +and only when +.Va enforce_statfs +is set to a value lower than 2. .It Va allow.mount.nullfs privileged users inside the jail will be able to mount and unmount the nullfs file system.