Index: vfs_subr.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/vfs_subr.c,v
retrieving revision 1.698
diff -u -p -r1.698 vfs_subr.c
--- vfs_subr.c	10 Apr 2007 15:29:37 -0000	1.698
+++ vfs_subr.c	10 Apr 2007 15:42:48 -0000
@@ -55,6 +55,7 @@ __FBSDID("$FreeBSD: src/sys/kern/vfs_sub
 #include <sys/extattr.h>
 #include <sys/file.h>
 #include <sys/fcntl.h>
+#include <sys/jail.h>
 #include <sys/kdb.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
@@ -405,6 +406,30 @@ vfs_suser(struct mount *mp, struct threa
 {
 	int error;
 
+	/*
+	 * If the thread is jailed, but this is not a jail-friendly file
+	 * system, deny immediately.
+	 */
+	if (jailed(td->td_ucred) && !(mp->mnt_vfc->vfc_flags & VFCF_JAIL)) {
+		return (EPERM);
+	}
+
+	/*
+	 * If the file system was mounted outside a jail and a jailed thread
+	 * tries to access it, deny immediately.
+	 */
+	if (!jailed(mp->mnt_cred) && jailed(td->td_ucred))
+		return (EPERM);
+
+	/*
+	 * If the file system was mounted inside different jail that the jail of
+	 * the calling thread, deny immediately.
+	 */
+	if (jailed(mp->mnt_cred) && jailed(td->td_ucred) &&
+	    mp->mnt_cred->cr_prison != td->td_ucred->cr_prison) {
+		return (EPERM);
+	}
+
 	if ((mp->mnt_flag & MNT_USER) == 0 ||
 	    mp->mnt_cred->cr_uid != td->td_ucred->cr_uid) {
 		if ((error = priv_check(td, PRIV_VFS_MOUNT_OWNER)) != 0)
Index: kern_jail.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_jail.c,v
retrieving revision 1.68
diff -u -p -r1.68 kern_jail.c
--- kern_jail.c	8 Apr 2007 10:46:23 -0000	1.68
+++ kern_jail.c	10 Apr 2007 15:42:48 -0000
@@ -704,6 +704,7 @@ prison_priv_check(struct ucred *cred, in
 	case PRIV_VFS_MOUNT:
 	case PRIV_VFS_UNMOUNT:
 	case PRIV_VFS_MOUNT_NONUSER:
+	case PRIV_VFS_MOUNT_OWNER:
 		if (jail_mount_allowed)
 			return (0);
 		else
Index: vfs_mount.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/vfs_mount.c,v
retrieving revision 1.254
diff -u -p -r1.254 vfs_mount.c
--- vfs_mount.c	8 Apr 2007 23:54:01 -0000	1.254
+++ vfs_mount.c	10 Apr 2007 15:42:49 -0000
@@ -865,11 +865,6 @@ vfs_domount(
 			return (EINVAL);
 		}
 		mp = vp->v_mount;
-		vfsp = mp->mnt_vfc;
-		if (jailed(td->td_ucred) && !(vfsp->vfc_flags & VFCF_JAIL)) {
-			vput(vp);
-			return (EPERM);
-		}
 		MNT_ILOCK(mp);
 		flag = mp->mnt_flag;
 		/*