[lxc-users] Couldn't use fuse with unprivileged container

Sergey sergeyn at gmail.com
Wed Oct 22 10:14:19 UTC 2014


Hello everyone,

I'm trying to use bindfs (fuse) inside unprivileged container but it
doesn't work.

There is modified apparmor profile:

> profile lxc-container-default-with-fuse
> flags=(attach_disconnected,mediate_deleted) {
>   #include <abstractions/lxc/container-base>
>
>   mount fstype=fuse,
> }
>

And container config:

lxc.include = /usr/share/lxc/config/ubuntu.common.conf
> lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
> lxc.arch = x86_64
>
> lxc.id_map = u 0 100000 65536
> lxc.id_map = g 0 100000 65536
> lxc.rootfs = /var/lib/lxc/ftp./rootfs
> lxc.utsname = ftp
> lxc.aa_profile = lxc-container-default-with-fuse
>
> lxc.mount.entry = /dev/fuse dev/fuse none bind,optional,create=file
> lxc.cgroup.devices.allow = c 10:229 rwm
> lxc.cap.keep = sys_admin
>

But every time I tried to mount fuse fs I get the same error:

> "fusermount: mount failed: Operation not permitted"
>

Some information from strace:

> [pid   504] mount("/dev/fuse", "/home/user/site", "fuse",
> MS_NOSUID|MS_NODEV,
> "allow_other,default_permissions,fd=5,rootmode=40000,user_id=0,group_id=0")
> = -1 EPERM (Operation not permitted)
>

I would be so grateful if you could help me with the issue.

Thanks!


-- 
С уважением,
 Sergey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20141022/15bdb3af/attachment.html>


More information about the lxc-users mailing list