On Wed, Jan 16, 2019 at 03:35:47PM -0500, Michael W. Lucas wrote:
> I'm writing about filesystems and jails right now, and the docs have
> me wondering:
> Filesystems marked with "jail" in lsvfs(8) are safe to use inside
> jails. Cool.
> Is this an "absolutely do not use others within jails" statement, or
> is it "don't manage these from jails" rule? Can I leave
> enforce_statfs=2 but, say, have the host mount md0 as /tmp for the jail?
The mark 'safe to use inside jail' means that the mark author considered
the marked filesystem robust enough to trust the mounting to untrusted
For instance, the UFS metadata parsing is *not* robust enough to sustain
trying to mount arbitrary bytes from a volume, or esp. a specially
crafted malicious volumes. On the other hand, tmpfs is considered safe
because it is synthetic and kernel manages all the (meta)data on its own,
so the only thing that malicious jail root can do is a consumption of the
That said, md0 is only a memory-disk device, which filesystem you put on
it, is up to you. And, personally I recommend to use tmpfs for /tmp, not
async UFS over swap-backed md(4). The advantage of the former is avoidance
of double-copy and somewhat less locking overhead.
> I *think* it's an absolute prohibition, but want to be sure before I
> declare it to be so. It's the sort of thing I'll get complaints about
> if I'm wrong.
> Michael W. Lucas https://mwl.io/ > author of: Absolute OpenBSD, SSH Mastery, git commit murder,
> Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "[hidden email]"