[Podman] Re: bind-propagation=rshared has no effect

On Wednesday, February 23rd, 2022 at 08:17, Giuseppe Scrivano <gscrivan(a)redhat.com&gt; wrote: > Rudolf Vesely via Podman podman(a)lists.podman.io writes: > > > Hi Everybody, > > > > I tried to mount filesystem inside unprivileged container using > > fuse3 and it's working. The only thing I had to do was to mount > > /dev/fuse using "--device" and add "SYS_ADMIN" capability. > > > > Example: > > > > podman run \ > > > > -d \ > > > > --device=/dev/fuse \ > > > > --cap-add SYS_ADMIN \ > > > > localhost/myimage > > > > After that I can mount fuse inside. > > > > Now I'd like to access the mounted filesystem from another container in a pod or from the container host. In order to do that I used "bind-propagation=rshared" like this: > > > > podman run \ > > > > --mount=type=bind,source=/from,destination=/to,bind-propagation=rshared \ > > > > -d \ > > > > --device=/dev/fuse \ > > > > --cap-add SYS_ADMIN \ > > > > localhost/myimage > > > > When I mount fuse inside the container into "/to" or "/to/subfolder" I > > > > can again see / access the filesystem from inside of the container but > > > > I don't see it from the host / from another containers in a pod that > > > > mount "/from". > > > > Could you please tell me Am I missing something? > > mount points created from a rootless environment won't be propagated to > > the host, even if you specify rshared. > > They will be propagated in the rootless mount namespace, that you can > > access with "podman unshare". > > You first need to setup a mount point in the "podman unshare" > > environment, e.g.: > > $ podman unshare mount --make-shared --bind /from /from > > $ podman run -v /from:/to:rshared .... > > Is the mount accessible from other containers now? Hi Giuseppe, That was my initial trial since I don't need to access it from the host. I wanted to run two containers - the first mounting FUSE and the second running app that accesses the mounted data. I tried to run the two containers in a pod and outside of the pod. I tried to run the second with podman run --mount=type=bind,source=/from,destination=/to,bind-propagation=rshared and without podman run --mount=type=bind,source=/from,destination=/to and even with podman run --mount=type=bind,source=/from,destination=/to,bind-propagation=rshared --device=/dev/fuse --cap-add SYS_ADMIN But the second container does not see the mounted data. And if I mount the fuse on the first to "/from/mount" and I also "touch /from/abc" then the second container will see the directory "/to/mount" and the file "/to/abc" but the "/to/mount" directory will be empty.