PEFS Inside Jail, "Operation not Permitted"

BawdyAnarchist

Member

Reaction score: 11
Messages: 91

Made a post earlier about theoretical hidden directories attack vectors and PEFS. This is a simple question about a problem I'm having.

Inside a jail. With allow.mount; and enforce_statfs="0"; in /etc/jail.conf, I am getting the error message
Code:
root@jail:/home/user # ls -I
test
root@jail:/home/user # pefs mount test test
pefs mount: test: Operation not permitted

Running mount inside the jail shows all mounts on host (obviously since I set allow.mount and enforce_statfs=0). kldstat shows pefs loaded. Not sure what I'm missing here.
 
OP
B

BawdyAnarchist

Member

Reaction score: 11
Messages: 91

PEFS is designed to be used by the user, not by root? vfs.usermount=1 in sysctl.conf(5).

vfs.usermount=1 didn't work for me. I've tried both root and normal user. I added verbose and I get an output like this:
Code:
user@personal:~ # pefs mount -v test test
pefs mount: test: Operation not permitted
zroot/jails/personal on /jails/personal (zfs, local, noatime, nfsv4acls)

Really stumped here. I'm sure it's something simple. I tried other jails too, same results.
 

Mjölnir

Daemon

Reaction score: 1,509
Messages: 2,114

  • Did you set allow.mount.devfs & devfs_ruleset in jail.conf(5)?
  • Maybe pefs(8) is not "jail clean". Can you mount as user from within the host?
  • I'm not familiar with the internals of pefs(8), but I would try allow.mount.fusefs and/or allow.mount.nullfs in jail.conf(5), because pefs(5) might use these mechanisms.
  • Consider to ask the author via e-mail (manpage).
 
Top