Folks,

I've made all the necessary permission changes on the mount point as 
well as the /dev/{,r}cgd* devices and the /etc/cgd directory (and its
files), but I still cannot seem to have a non-root user, even a member 
of group wheel, mount the filesystem.  The cgdconfig succeeds, and I
am positive the vfs.generic.usermount is set, yet still I get this:

 	quicky:paul {105} sysctl vfs.generic.usermount
 	vfs.generic.usermount = 1
 	quicky:paul {106} mount /dev/cgd0a /pics
 	mount_ffs: /dev/cgd0a on /pics: Operation not permitted
 	quicky:paul {107}

I suspect that this is a result of some flag checks being done in 
secmodel_bsd44_suser.c but I don't know enough to understand what these
checks are doing or how to make them succeed.

                 case KAUTH_REQ_SYSTEM_MOUNT_NEW:
                         if (isroot)
                                 result = KAUTH_RESULT_ALLOW;
                         else if (dovfsusermount) {
                                 struct vnode *vp = arg1;
                                 u_long flags = (u_long)arg2;


 				if (!(flags & MNT_NODEV) ||
                                     !(flags & MNT_NOSUID))
                                         break;

                                 if ((vp->v_mount->mnt_flag & MNT_NOEXEC) &&
                                     !(flags & MNT_NOEXEC))
                                         break;

 				result = KAUTH_RESULT_ALLOW;
                         }

                         break;

----------------------------------------------------------------------
|   Paul Goyette   | PGP DSS Key fingerprint: |  E-mail addresses:   |
| Network Engineer | FA29 0E3B 35AF E8AE 6651 |  paul@whooppee.com   |
|                  | 0786 F758 55DE 53BA 7731 | pgoyette@juniper.net |
----------------------------------------------------------------------