D38808.1776502365.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D38808.1776502365.diff
View Options

	diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
	--- a/sys/kern/kern_jail.c
	+++ b/sys/kern/kern_jail.c
	@@ -219,7 +219,7 @@
	{"allow.unprivileged_proc_debug", "allow.nounprivileged_proc_debug",
	PR_ALLOW_UNPRIV_DEBUG},
	{"allow.suser", "allow.nosuser", PR_ALLOW_SUSER},
	-#if defined(VNET_NFSD) && defined(VIMAGE) && defined(NFSD)
	+#ifdef VIMAGE
	{"allow.nfsd", "allow.nonfsd", PR_ALLOW_NFSD},
	#endif
	};
	@@ -2136,12 +2136,10 @@
	}
	#endif

	-#ifdef VNET_NFSD
	if (born && pr != &prison0 && (pr->pr_allow & PR_ALLOW_NFSD) != 0 &&
	(pr->pr_root->v_vflag & VV_ROOT) == 0)
	printf("Warning jail jid=%d: mountd/nfsd requires a separate"
	" file system\n", pr->pr_id);
	-#endif

	drflags &= ~PD_KILL;
	td->td_retval[0] = pr->pr_id;
	@@ -3790,12 +3788,7 @@
	case PRIV_NFS_DAEMON:
	case PRIV_VFS_GETFH:
	case PRIV_VFS_MOUNT_EXPORTED:
	-#ifdef VNET_NFSD
	if (!prison_check_nfsd(cred))
	-#else
	- printf("running nfsd in a prison requires a kernel "
	- "built with ''options VNET_NFSD''\n");
	-#endif
	return (EPERM);
	#ifdef notyet
	case PRIV_NFS_LOCKD:
	@@ -4551,7 +4544,7 @@
	"B", "Unprivileged processes may use process debugging facilities");
	SYSCTL_JAIL_PARAM(_allow, suser, CTLTYPE_INT \| CTLFLAG_RW,
	"B", "Processes in jail with uid 0 have privilege");
	-#if defined(VNET_NFSD) && defined(VIMAGE) && defined(NFSD)
	+#ifdef VIMAGE
	SYSCTL_JAIL_PARAM(_allow, nfsd, CTLTYPE_INT \| CTLFLAG_RW,
	"B", "Mountd/nfsd may run in the jail");
	#endif