mount: Disallow mounting over a jail root
--- sys/kern/vfs_mount.c.orig
+++ sys/kern/vfs_mount.c
@@ -830,6 +830,11 @@
 	ASSERT_VOP_ELOCKED(vp, __func__);
 	KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here"));
 
+	if (vp == td->td_ucred->cr_prison->pr_root) {
+		vput(vp);
+		return (EPERM);
+	}
+
 	/*
 	 * If the user is not root, ensure that they own the directory
 	 * onto which we are attempting to mount.