OS-2333 would like a way to disable NFS client in zones

3 files changed, 8 insertions, 0 deletions

diff --git a/usr/src/uts/common/fs/nfs/nfs3_vfsops.c b/usr/src/uts/common/fs/nfs/nfs3_vfsops.c
index 207a708771..bdb3d097d2 100644
--- a/usr/src/uts/common/fs/nfs/nfs3_vfsops.c
+++ b/usr/src/uts/common/fs/nfs/nfs3_vfsops.c
@@ -500,6 +500,9 @@ nfs3_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
 	if ((error = secpolicy_fs_mount(cr, mvp, vfsp)) != 0)
 		return (EPERM);
 
+	if (secpolicy_nfs(cr) != 0)
+		return (EPERM);
+
 	if (mvp->v_type != VDIR)
 		return (ENOTDIR);
 
diff --git a/usr/src/uts/common/fs/nfs/nfs4_vfsops.c b/usr/src/uts/common/fs/nfs/nfs4_vfsops.c
index 1752a28542..002a5e4bdc 100644
--- a/usr/src/uts/common/fs/nfs/nfs4_vfsops.c
+++ b/usr/src/uts/common/fs/nfs/nfs4_vfsops.c
@@ -713,6 +713,8 @@ nfs4_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
 
 	if (secpolicy_fs_mount(cr, mvp, vfsp) != 0)
 		return (EPERM);
+	if (secpolicy_nfs(cr) != 0)
+		return (EPERM);
 	if (mvp->v_type != VDIR)
 		return (ENOTDIR);
 
diff --git a/usr/src/uts/common/fs/nfs/nfs_vfsops.c b/usr/src/uts/common/fs/nfs/nfs_vfsops.c
index 57b21778b4..205bd3d70c 100644
--- a/usr/src/uts/common/fs/nfs/nfs_vfsops.c
+++ b/usr/src/uts/common/fs/nfs/nfs_vfsops.c
@@ -518,6 +518,9 @@ nfs_mount(vfs_t *vfsp, vnode_t *mvp, struct mounta *uap, cred_t *cr)
 	if ((error = secpolicy_fs_mount(cr, mvp, vfsp)) != 0)
 		return (error);
 
+	if (secpolicy_nfs(cr) != 0)
+		return (EPERM);
+
 	if (mvp->v_type != VDIR)
 		return (ENOTDIR);