1:35 p.m.
Hi Everybody,
I tried to mount filesystem inside unprivileged container using fuse3 and it's
working. The only thing I had to do was to mount /dev/fuse using "--device" and
add "SYS_ADMIN" capability.
Example:
podman run \
-d \
--device=/dev/fuse \
--cap-add SYS_ADMIN \
localhost/myimage
After that I can mount fuse inside.
Now I'd like to access the mounted filesystem from another container in a pod or from
the container host. In order to do that I used "bind-propagation=rshared" like
this:
podman run \
--mount=type=bind,source=/from,destination=/to,bind-propagation=rshared \
-d \
--device=/dev/fuse \
--cap-add SYS_ADMIN \
localhost/myimage
When I mount fuse inside the container into "/to" or "/to/subfolder" I
can again see / access the filesystem from inside of the container but I don't see it
from the host / from another containers in a pod that mount "/from".
Could you please tell me Am I missing something?
I was thinking that maybe AppArmor but looking into logs - nothing.
Running Podman 3.4.4 on Debian Bookworm (kernel 5.16).
Thank you.
Kind regards,
Rudolf Vesely