Date: Fri, 18 Jun 2021 06:14:24 -0400 From: David Schlachter <david@schlachter.ca> To: freebsd-jail@freebsd.org Subject: Only root can access a fusefs mount in a jail? Message-ID: <CAF104kOX_E3tmBoFgZgqh6AQfnm7UdGwQfHOYWf_r==HfzVQTQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
--000000000000b0dcec05c5079883 Content-Type: text/plain; charset="UTF-8" Hi all, I posted about this in the iocage issues on Github yesterday [1], but I wonder if it's an underlying issue with jails and fusefs. Summary: in a jail, root can mount and use a fusefs filesystem, but non-root users are not able to access it (with appropriate permissions). I'd appreciate any insight on how I could allow regular users to use such a filesystem (mounted by root). Detailed description to reproduce: Create a jail with the options: - allow_mount: 1 - allow_mount_fusefs: 1 - enforce_statfs: 1 On the host, ensure the fusefs kernel module is loaded. In the guest, add an unprivileged user (e.g. UID=1001), then install fusefs-sshfs and use it to mount a remote server: # sshfs -o uid=1001,gid=1001 user@server.tld: /mnt Root is able to ls the mount, add & remove files, etc. root@fuse-jail:~ # ls -la /mnt total 4545 drwxr-x--x 1 user user 84 Jun 17 18:51 . drwxr-xr-x 20 root wheel 25 May 30 22:14 .. -rw------- 1 user user 2867 Apr 9 2019 .bash_history -rw-r--r-- 1 user user 9286 Jun 17 06:00 .bash_profile lrwxr-xr-x 1 user user 52 Jan 23 2020 .bashrc drwx------ 1 user user 12 May 18 12:49 .cache ... However, the unprivileged user cannot, despite being the owner of the directory. user@fuse-jail:~ % ls -la / ... drwxr-x--x 1 user user 84 Jun 17 18:51 mnt ... user@fuse-jail:~ % ls -la /mnt total 0 ls: /mnt: Operation not permitted Expected behaviour is that user can access /mnt. Thanks in advance for any ideas! David [1] https://github.com/iocage/iocage/issues/1261 --000000000000b0dcec05c5079883--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF104kOX_E3tmBoFgZgqh6AQfnm7UdGwQfHOYWf_r==HfzVQTQ>