diff options
| author | Rick Macklem <rmacklem@FreeBSD.org> | 2023-03-14 22:28:02 +0000 |
|---|---|---|
| committer | Rick Macklem <rmacklem@FreeBSD.org> | 2023-03-14 22:28:02 +0000 |
| commit | c0f94fee0bdddcc07f216f9723544f78ace5155a (patch) | |
| tree | aa3ef34b2b205362c8bdd60bc8cf3d8550183a67 /usr.sbin | |
| parent | d7fb679dc96b07c38eedfa8c91817b44b214c799 (diff) | |
| download | src-c0f94fee0bdddcc07f216f9723544f78ace5155a.tar.gz src-c0f94fee0bdddcc07f216f9723544f78ace5155a.zip | |
jail.8: Update the allow.nfsd section
This patch updates the information for "allow.nfsd"
and adds configuration information.
This is a content change.
Reviewed by: karels, markj, pauamma (manpages)
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D39033
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/jail/jail.8 | 54 |
1 files changed, 44 insertions, 10 deletions
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index e40e455f61a6..a69702900d8e 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 11, 2022 +.Dd March 12, 2023 .Dt JAIL 8 .Os .Sh NAME @@ -586,17 +586,49 @@ memory subject to and resource limits. .It Va allow.nfsd The -.Xr mountd 8 +.Xr mountd 8 , +.Xr nfsd 8 , +.Xr nfsuserd 8 , +.Xr gssd 8 and -.Xr nfsd 8 -daemons are permitted to run inside a vnet-enabled jail. -The kernel must have been compiled with the -.Sy VNET_NFSD option +.Xr rpc.tlsservd 8 +daemons are permitted to run inside a properly configured vnet-enabled jail. +The jail's root must be a file system mount point and +.Va enforce_statfs +must not be set to 0, so that +.Xr mountd 8 +can export file systems visible within the jail. +.Va enforce_statfs +must be set to 1 if file systems mounted under the +jail's file system need to be exported by +.Xr mount 8 . +For exporting only the jail's file system, a setting of 2 +is sufficient. +If the kernel configuration does not include the +.Sy NFSD +option, +.Pa nfsd.ko +must be loaded outside of the jails. +This is normally done by adding +.Dq nfsd +to +.Va kld_list +in the +.Xr rc.conf 5 +file outside of the jails. +Similarily, if the +.Xr gssd 8 +is to be run in a jail, either the kernel +.Sy KGSSAPI +option needs to be specified or +.Dq kgssapi and -.Sy NFSD option -as well as the -.Sy VIMAGE option -for this to be available. +.Dq kgssapi_krb5 +need to be in +.Va kld_list +in the +.Xr rc.conf 5 +file outside of the jails. .It Va allow.reserved_ports The jail root may bind to ports lower than 1024. .It Va allow.unprivileged_proc_debug @@ -1372,6 +1404,8 @@ environment of the first jail. .Xr jexec 8 , .Xr jls 8 , .Xr mount 8 , +.Xr mountd 8 , +.Xr nfsd 8 , .Xr reboot 8 , .Xr rpcbind 8 , .Xr sendmail 8 , |