[Lxc-users] FUSE and capabilities
Milan Zamazal
pdm at zamazal.org
Mon Feb 14 15:41:37 UTC 2011
I tried to use FUSE/EncFS in a container on a Debian 6.0 machine and
I've found I have to enable CAP_SYS_ADMIN in order to make it work.
Without it, permission error is reported on encfs invocation (and yes,
I've got /dev/fuse enabled in lxc.cgroup.devices.allow, it wouldn't work
without it even with CAP_SYS_ADMIN set).
Do I have to enable CAP_SYS_ADMIN to allow any mount in a container or
is there a way to allow user mounts (such as FUSE or USB flash mounts)
without giving such a wide permission to the container?
More information about the lxc-users
mailing list