<div dir="ltr"><div><div><div><div><div>Hello everyone,<br><br></div>I'm trying to use bindfs (fuse) inside unprivileged container but it doesn't work.<br><br></div>There is modified apparmor profile:<br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">profile lxc-container-default-with-fuse flags=(attach_disconnected,mediate_deleted) {<br>  #include <abstractions/lxc/container-base><br><br>  mount fstype=fuse,<br>}<br></blockquote><br></div>And container config:<br><br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">lxc.include = /usr/share/lxc/config/ubuntu.common.conf<br>lxc.include = /usr/share/lxc/config/ubuntu.userns.conf<br>lxc.arch = x86_64<br><br>lxc.id_map = u 0 100000 65536<br>lxc.id_map = g 0 100000 65536<br>lxc.rootfs = /var/lib/lxc/ftp./rootfs<br>lxc.utsname = ftp<br>lxc.aa_profile = lxc-container-default-with-fuse<br><br>lxc.mount.entry = /dev/fuse dev/fuse none bind,optional,create=file<br>lxc.cgroup.devices.allow = c 10:229 rwm<br>lxc.cap.keep = sys_admin<br></blockquote><br></div>But every time I tried to mount fuse fs I get the same error:<br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">"fusermount: mount failed: Operation not permitted"<br></blockquote><br></div><div>Some information from strace:<br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">[pid   504] mount("/dev/fuse", "/home/user/site", "fuse", MS_NOSUID|MS_NODEV, "allow_other,default_permissions,fd=5,rootmode=40000,user_id=0,group_id=0") = -1 EPERM (Operation not permitted)<br></blockquote><br>I would be so grateful if you could help me with the issue.<br><br></div><div>Thanks!<br></div><div><br></div><div><div><div><div><div><div><div><div><div><br>-- <br>С уважением,<br> Sergey
</div></div></div></div></div></div></div></div></div></div>