Index: compat/linprocfs/linprocfs.c
===================================================================
--- compat/linprocfs/linprocfs.c	(revision 246706)
+++ compat/linprocfs/linprocfs.c	(working copy)
@@ -1451,7 +1451,7 @@
 	return (0);
 }
 
-PSEUDOFS(linprocfs, 1, 0);
+PSEUDOFS(linprocfs, 1, PR_ALLOW_MOUNT_PROCFS);
 MODULE_DEPEND(linprocfs, linux, 1, 1, 1);
 MODULE_DEPEND(linprocfs, procfs, 1, 1, 1);
 MODULE_DEPEND(linprocfs, sysvmsg, 1, 1, 1);
Index: compat/linsysfs/linsysfs.c
===================================================================
--- compat/linsysfs/linsysfs.c	(revision 246706)
+++ compat/linsysfs/linsysfs.c	(working copy)
@@ -33,6 +33,7 @@
 #include <sys/conf.h>
 #include <sys/exec.h>
 #include <sys/filedesc.h>
+#include <sys/jail.h>
 #include <sys/kernel.h>
 #include <sys/linker.h>
 #include <sys/malloc.h>
@@ -280,5 +281,5 @@
 	return (0);
 }
 
-PSEUDOFS(linsysfs, 1, 0);
+PSEUDOFS(linsysfs, 1, PR_ALLOW_MOUNT_PROCFS);
 MODULE_DEPEND(linsysfs, linux, 1, 1, 1);
Index: fs/tmpfs/tmpfs_vfsops.c
===================================================================
--- fs/tmpfs/tmpfs_vfsops.c	(revision 246706)
+++ fs/tmpfs/tmpfs_vfsops.c	(working copy)
@@ -150,6 +150,8 @@
 
 	struct vattr va;
 
+	if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_TMPFS))
+		return (EPERM);
 	if (vfs_filteropt(mp->mnt_optnew, tmpfs_opts))
 		return (EINVAL);
 
@@ -420,4 +422,4 @@
 	.vfs_statfs =			tmpfs_statfs,
 	.vfs_fhtovp =			tmpfs_fhtovp,
 };
-VFS_SET(tmpfs_vfsops, tmpfs, 0);
+VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL);
Index: kern/kern_jail.c
===================================================================
--- kern/kern_jail.c	(revision 246706)
+++ kern/kern_jail.c	(working copy)
@@ -206,6 +206,7 @@
 	"allow.mount.nullfs",
 	"allow.mount.zfs",
 	"allow.mount.procfs",
+	"allow.mount.tmpfs",
 };
 const size_t pr_allow_names_size = sizeof(pr_allow_names);
 
@@ -221,6 +222,7 @@
 	"allow.mount.nonullfs",
 	"allow.mount.nozfs",
 	"allow.mount.noprocfs",
+	"allow.mount.notmpfs",
 };
 const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames);
 
@@ -4208,6 +4210,10 @@
     CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
     NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I",
     "Processes in jail can mount the procfs file system");
+SYSCTL_PROC(_security_jail, OID_AUTO, mount_tmpfs_allowed, "I",
+     CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
+     NULL, PR_ALLOW_MOUNT_TMPFS, sysctl_jail_default_allow, "I",
+     "Processes in jail can mount the tmpfs file system");
 SYSCTL_PROC(_security_jail, OID_AUTO, mount_zfs_allowed,
     CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
     NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I",
@@ -4360,6 +4366,8 @@
     "B", "Jail may mount the nullfs file system");
 SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW,
     "B", "Jail may mount the procfs file system");
+SYSCTL_JAIL_PARAM(_allow_mount, tmpfs, CTLTYPE_INT | CTLFLAG_RW,
+    "B", "Jail may mount the tmpfs file system");
 SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW,
     "B", "Jail may mount the zfs file system");
 
Index: sys/jail.h
===================================================================
--- sys/jail.h	(revision 246706)
+++ sys/jail.h	(working copy)
@@ -227,7 +227,8 @@
 #define	PR_ALLOW_MOUNT_NULLFS		0x0100
 #define	PR_ALLOW_MOUNT_ZFS		0x0200
 #define	PR_ALLOW_MOUNT_PROCFS		0x0400
-#define	PR_ALLOW_ALL			0x07ff
+#define	PR_ALLOW_MOUNT_TMPFS		0x0800
+#define	PR_ALLOW_ALL			0x0fff
 
 /*
  * OSD methods