Add procfs to jail-mountable filesystems.

Reviewed by:	jamie
MFC after:	1 week

2 files changed, 7 insertions, 3 deletions

diff --git a/sys/fs/procfs/procfs.c b/sys/fs/procfs/procfs.c
index 3e87895..a41e7d1 100644
--- a/sys/fs/procfs/procfs.c
+++ b/sys/fs/procfs/procfs.c
@@ -209,4 +209,4 @@ procfs_uninit(PFS_INIT_ARGS)
 	return (0);
 }
 
-PSEUDOFS(procfs, 1);
+PSEUDOFS(procfs, 1, PR_ALLOW_MOUNT_PROCFS);
diff --git a/sys/fs/pseudofs/pseudofs.h b/sys/fs/pseudofs/pseudofs.h
index f2c29d4..e2aeed6 100644
--- a/sys/fs/pseudofs/pseudofs.h
+++ b/sys/fs/pseudofs/pseudofs.h
@@ -31,6 +31,8 @@
 #ifndef _PSEUDOFS_H_INCLUDED
 #define _PSEUDOFS_H_INCLUDED
 
+#include <sys/jail.h>
+
 /*
  * Opaque structures
  */
@@ -271,7 +273,7 @@ int		 pfs_destroy	(struct pfs_node *pn);
 /*
  * Now for some initialization magic...
  */
-#define PSEUDOFS(name, version)						\
+#define PSEUDOFS(name, version, jflag)					\
 									\
 static struct pfs_info name##_info = {					\
 	#name,								\
@@ -281,6 +283,8 @@ static struct pfs_info name##_info = {					\
 									\
 static int								\
 _##name##_mount(struct mount *mp) {					\
+        if (jflag && !prison_allow(curthread->td_ucred, jflag))		\
+                return (EPERM);						\
 	return pfs_mount(&name##_info, mp);				\
 }									\
 									\
@@ -303,7 +307,7 @@ static struct vfsops name##_vfsops = {					\
 	.vfs_uninit =		_##name##_uninit,			\
 	.vfs_unmount =		pfs_unmount,				\
 };									\
-VFS_SET(name##_vfsops, name, VFCF_SYNTHETIC);				\
+VFS_SET(name##_vfsops, name, VFCF_SYNTHETIC | (jflag ? VFCF_JAIL : 0));	\
 MODULE_VERSION(name, version);						\
 MODULE_DEPEND(name, pseudofs, 1, 1, 1);