Add security.jail.mount_allowed sysctl, which allows to mount and

unmount jail-friendly file systems from within a jail.
Precisely it grants PRIV_VFS_MOUNT, PRIV_VFS_UNMOUNT and
PRIV_VFS_MOUNT_NONUSER privileges for a jailed super-user.
It is turned off by default.

A jail-friendly file system is a file system which driver registers
itself with VFCF_JAIL flag via VFS_SET(9) API.
The lsvfs(1) command can be used to see which file systems are
jail-friendly ones.

There currently no jail-friendly file systems, ZFS will be the first one.
In the future we may consider marking file systems like nullfs as
jail-friendly.

Reviewed by:	rwatson

1 files changed, 7 insertions, 0 deletions

diff --git a/share/man/man9/VFS_SET.9 b/share/man/man9/VFS_SET.9
index 4b55ba7..5bc3145 100644
--- a/share/man/man9/VFS_SET.9
+++ b/share/man/man9/VFS_SET.9
@@ -70,6 +70,11 @@ Pseudo file system, data does not represent on-disk files.
 Loopback file system layer.
 .It Dv VFCF_UNICODE
 File names are stored as Unicode.
+.It Dv VFCF_JAIL
+can be mounted from within a jail if
+.Va security.jail.mount_allowed
+sysctl is set to
+.Dv 1 .
 .El
 .Sh PSEUDOCODE
 .Bd -literal
@@ -96,6 +101,8 @@ static struct vfsops myfs_vfsops = {
 VFS_SET(myfs_vfsops, skelfs, 0);
 .Ed
 .Sh SEE ALSO
+.Xr jail 2 ,
+.Xr jail 8 ,
 .Xr DECLARE_MODULE 9 ,
 .Xr vfsconf 9 ,
 .Xr vfs_modevent 9