Question about FUSE inside the flatpak sandbox
Michael Terry
mike at mterry.name
Sat Apr 24 20:19:12 UTC 2021
I am curious about the possibility of creating a FUSE mount inside my flatpak app (specifically, running "rclone mount").
I don't *think* it's possible to do this, but just wanted to confirm my understanding before moving on to other strategies.
Things needed for this to work (at least):
- Access to /dev/fuse: possible with --device=all
- Kernel permission to call mount(): normally done with a suid fusermount program, which is not allowed inside a flatpak
My brief understanding is that nowadays there is kernel support for using FUSE with user namespaces, with an eye to letting FUSE work inside unprivileged containers. So _maybe_ it's possible to not need a suid fusermount, but I'm not super familiar with these subsystems. I tried throwing a non-suid fusermount into my flatpak, and I do unsurprisingly get "operation not permitted" errors when it calls mount().
Is there a way to make this work? Thanks in advance for any answers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20210424/a85e682b/attachment.htm>
More information about the Flatpak
mailing list