Extract Channel FD and self-mount
#300
Comments
|
I poked around a bit more. First, let me clarify roughly what I'd like to do:
Fundamentally, this seems like it would require splitting However, The fact that a session is also a mountpoint, as far as the API is concerned, seems to stem from I don't suppose you'd consider dropping support for |
|
Huh, there's also a (very wacky) libfuse3 way to do this: libfuse/libfuse#291 |
This is a minor refactor of `Session`, with the aim of allowing callers to create an unmounted session and mount it themselves (using the AsFd implementation to get the FD). One use case for this is when mounting inside containers, when you need to call setns(2) before mounting. Fixes cberner#300
This is a minor refactor of `Session`, with the aim of allowing callers to create an unmounted session and mount it themselves (using the AsFd implementation to get the FD). One use case for this is when mounting inside containers, when you need to call setns(2) before mounting. Fixes cberner#300
This is a minor refactor of `Session`, with the aim of allowing callers to create an unmounted session and mount it themselves (using the AsFd implementation to get the FD). One use case for this is when mounting inside containers, when you need to call setns(2) before mounting. Fixes cberner#300
This is a minor refactor of `Session`, with the aim of allowing callers to create an unmounted session and mount it themselves (using the AsFd implementation to get the FD). One use case for this is when mounting inside containers, when you need to call setns(2) before mounting. Fixes cberner#300
This is a minor refactor of `Session`, with the aim of allowing callers to create an unmounted session and mount it themselves (using the AsFd implementation to get the FD). One use case for this is when mounting inside containers, when you need to call setns(2) before mounting. Fixes cberner#300
|
Can you tell me more about the use case? I'm trying to understand if this is common enough that it should be support in fuser |
FUSE plays a special role in containers, where it can be used to simulate kernel-level stuff like sysfs or character devices. This is specifically permitted for unprivileged container runtimes by the kernel. However, various security safeguards mean that it requires a very specific dance:
|
|
One less-invasive way achieve this would be to offer a way to just iterate the |
|
We also have a similar use-case in https://github.com/awslabs/mountpoint-s3-csi-driver. We want to run FUSE/fuser process inside an unprivileged Kubernetes Pod (so we can't do |
This is a minor refactor of `Session`, to make the API slightly more flexible. Splitting `Mount` into a separate object allows callers to - Create a mount without a Session object - Create a session given an existing /dev/fuse FD One use case for this is when mounting inside containers, when you need to handle the session and mounting in separate processes. Fixes cberner#300
|
I see, thanks for the links! It sounds to me like the best thing to do is to add a method like Does that sound like it will work for both of your use cases? |
This is important for container runtimes, which need to do a special namespace mount dance. Fixes cberner#300.
This is important for container runtimes, which need to do a special namespace mount dance. Fixes cberner#300.
This is important for container runtimes, which need to do a special namespace mount dance. Fixes cberner#300.
|
Ah, great. I left some comments on #304. I'd rather not remove the |
This is important for container runtimes, which need to do a special namespace mount dance. Fixes cberner#300.
This is important for container runtimes, which need to do a special namespace mount dance. Fixes cberner#300.
This is important for container runtimes, which need to do a special namespace mount dance. Fixes #300.
|
Hey @cberner, is there any reason for not dropping support for libfuse? Are there any known limitations of pure-Rust mounting? |
|
Just unknown unknowns. libfuse is enabled in the default features, and I don't know what the limitations of the pure Rust implementations are. I think it might not work with some of the mac kernel extensions, but haven't tested them. If you're interested in researching and testing all the different platforms and configs, that'd be great! |
|
Thanks for the context @cberner! We'll be sharing if we find any limitations. |
Hi, I have a use case (containers) where I need to get the session FD and do the mounting myself. I took a look at changing the API to support this, but unfortunately, it seems like
mnt::MountandSessionare pretty tied together at the moment.Before I propose any significant API changes, do you have an idea how I could achieve this?
Thanks!
The text was updated successfully, but these errors were encountered: