[lxc-users] Couldn't use fuse with unprivileged container
Sergey
sergeyn at gmail.com
Wed Oct 22 10:14:19 UTC 2014
Hello everyone,
I'm trying to use bindfs (fuse) inside unprivileged container but it
doesn't work.
There is modified apparmor profile:
> profile lxc-container-default-with-fuse
> flags=(attach_disconnected,mediate_deleted) {
> #include <abstractions/lxc/container-base>
>
> mount fstype=fuse,
> }
>
And container config:
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
> lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
> lxc.arch = x86_64
>
> lxc.id_map = u 0 100000 65536
> lxc.id_map = g 0 100000 65536
> lxc.rootfs = /var/lib/lxc/ftp./rootfs
> lxc.utsname = ftp
> lxc.aa_profile = lxc-container-default-with-fuse
>
> lxc.mount.entry = /dev/fuse dev/fuse none bind,optional,create=file
> lxc.cgroup.devices.allow = c 10:229 rwm
> lxc.cap.keep = sys_admin
>
But every time I tried to mount fuse fs I get the same error:
> "fusermount: mount failed: Operation not permitted"
>
Some information from strace:
> [pid 504] mount("/dev/fuse", "/home/user/site", "fuse",
> MS_NOSUID|MS_NODEV,
> "allow_other,default_permissions,fd=5,rootmode=40000,user_id=0,group_id=0")
> = -1 EPERM (Operation not permitted)
>
I would be so grateful if you could help me with the issue.
Thanks!
--
С уважением,
Sergey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20141022/15bdb3af/attachment.html>
More information about the lxc-users
mailing list