Note: To use fuse inside a jail one must have root privileges.
In jail(8) I read:
This I have added to
I have also set these in
I have added this to the host system's
I have rebooted the host system and observed that the fuse module loads:
On the jail I installed fuse-sshfs:
I confirmed that the
I created a mount point for the fuse file system in the jail:
However I cannot get the mount to succeed:
I can verify that the credentials work using sftp from inside the jail:
The
In jail(8) I read:
Code:
allow.mount
privileged users inside the jail will be able to mount
and unmount file system types marked as jail-friendly.
The lsvfs(1) command can be used to find file system
types available for mount from within a jail. This
permission is effective only if enforce_statfs is set to
a value lower than 2.
allow.mount.fusefs
privileged users inside the jail will be able to mount and
unmount fuse-based file systems. This permission is effective
only together with allow.mount and only when enforce_statfs is
set to a value lower than 2.This I have added to
/usr/local/etc/ezjail/hll_theheart:
Code:
## To allow ping in jail
param1="allow.raw_sockets=1 allow.chflags=1"
## To allow Postgresql in jails
param2="sysvmsg=new sysvsem=new sysvshm=new"
## To allow fuse file systems / sysctl enforce_statfs=1
param3="allow.mount allow.mount.nullfs allow.mount.fusefs"
## Combine all jail parameters into one variable that ezjail recognises
export jail_hll_theheart_parameters="$param1 $param2 $param3"I have also set these in
/etc/sysctl.conf:
Code:
# Allow Jails to ping - must also be set in jail configuration
security.jail.allow_raw_sockets=1
# Allowed shared memory for Postgresql in jail
security.jail.sysvipc_allowed=1
# Allow fuse mounts
security.jail.enforce_statfs=1
security.jail.chflags_allowed:=1I have added this to the host system's
/etc/rc.conf:
Code:
### Kernel Modules
kld_list="fuse"I have rebooted the host system and observed that the fuse module loads:
Code:
kldstat | grep fuse
7 1 0xffffffff82c23000 9c08 fuse.koOn the jail I installed fuse-sshfs:
Code:
pkg install fusefs-sshfsI confirmed that the
fusefs file system is available:
Code:
[root@theheart ~]# lsvfs
Filesystem Num Refs Flags
-------------------------------- ---------- ----- ---------------
devfs 0x00000071 4 synthetic, jail
cd9660 0x000000bd 0 read-only
procfs 0x00000002 4 synthetic, jail
nfs 0x0000003a 0 network
zfs 0x000000de 17 jail, delegated-administration
msdosfs 0x00000032 0
ufs 0x00000035 0
fdescfs 0x00000059 4 synthetic, jail
fusefs 0x000000ed 0 synthetic, jail
nullfs 0x00000029 3 loopback, jail
tmpfs 0x00000087 0 jailI created a mount point for the fuse file system in the jail:
Code:
mkdir -p /var/spool/xxx/pick_up/
chmod g+w /var/spool/xxx/pick_up/
ls -ld /var/spool/xxx/pick_up/
drwxrwxr-x 2 root theheart 2 Sep 14 16:03 /var/spool/xxx/pick_up/However I cannot get the mount to succeed:
Code:
[root@theheart ~]# /usr/local/bin/sshfs -C -o uid=16701 -o gid=16701 -o reconnect -o IdentityFile=/var/data/theheart/.ssh/xxx_rsa_id xxx@ftp.xxx.net:OUT /var/spool/xxx/pick_up
mount_fusefs: /dev/fuse on /var/spool/xxx/pick_up: Operation not permitted
fuse: failed to mount file system: No error: 0I can verify that the credentials work using sftp from inside the jail:
Code:
sftp -o IdentityFile=/var/data/theheart/.ssh/xxx_rsa_id xxx@ftp.xxx.net
Connected to xxx@ftp.xxx.net.
sftp> dir
OUT bin dev etc lib usrThe
No error: 0 bit is puzzling to me, but the question I need answered is what else must I do for this sshfs mount to succeed?
Last edited: