On Fri, 12 Jun 2009, Bjoern A. Zeeb wrote: > On Fri, 12 Jun 2009, Jamie Gritton wrote: > >> No, nfsd in a proson doesn't make any sense (at least to me). The NFS >> server itself created its own unjailed cred, so I would expect the >> auxillary stuff needs to be unjailed as well. You still may want to >> use the cred's jail though - it seems there may be a chance of >> permission escalation otherwise. > > An nfsd inside a prison (with a vnet) will make perfect sense; the > code is just not there (yet). I could not see a reason why it would > no longer be possible to server or (in case of nfsclient) consume NFS > with a complete virtual network stack. > So, is getcredhostid(curthread->td_ucred) sound ok as a way to get it working, at least for now? And is adding getcredhostid() a reasonable patch? Thanks for the help, rickReceived on Fri Jun 12 2009 - 17:54:35 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:49 UTC