Re: kgssapi won't build, I need prison help

From: Rick Macklem <rmacklem_at_uoguelph.ca>
Date: Fri, 12 Jun 2009 15:56:10 -0400 (EDT)
On Fri, 12 Jun 2009, Bjoern A. Zeeb wrote:

> On Fri, 12 Jun 2009, Jamie Gritton wrote:
>
>> No, nfsd in a proson doesn't make any sense (at least to me).  The NFS
>> server itself created its own unjailed cred, so I would expect the
>> auxillary stuff needs to be unjailed as well.  You still may want to
>> use the cred's jail though - it seems there may be a chance of
>> permission escalation otherwise.
>
> An nfsd inside a prison (with a vnet) will make perfect sense; the
> code is just not there (yet).  I could not see a reason why it would
> no longer be possible to server or (in case of nfsclient) consume NFS
> with a complete virtual network stack.
>
So, is getcredhostid(curthread->td_ucred) sound ok as a way to get it
working, at least for now?

And is adding getcredhostid() a reasonable patch?

Thanks for the help, rick
Received on Fri Jun 12 2009 - 17:54:35 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:49 UTC