问题
I encounter the following error when I try to mount a davfs2 volume on a docker container :
geoserver@8e8091d97157:~$ mount owncloud/
/sbin/mount.davfs: loading kernel module fuse
/sbin/mount.davfs: loading kernel module fuse failed
/sbin/mount.davfs: waiting for /dev/fuse to be created
/sbin/mount.davfs: can't open fuse device
/sbin/mount.davfs: trying coda kernel file system
/sbin/mount.davfs: no free coda device to mount
The Dockerfile has the following content :
FROM debian:jessie
ENV DEBIAN_FRONTEND noninteractive
ENV TERM linux
# environment variables
ENV GEOSERVER_PASS geoserver
RUN apt-get update
RUN apt-get install -y davfs2 fuse
RUN groupadd --gid 999 geoserver
RUN useradd -ms /bin/bash --home /home/geoserver \
-p $(echo "print crypt("${GEOSERVER_PASS:-geoserver}", "salt")" | perl) \
--uid 999 --gid 999 geoserver
USER geoserver
RUN mkdir /home/geoserver/owncloud
RUN mkdir /home/geoserver/.davfs2
USER root
ADD secrets /home/geoserver/.davfs2/secrets
RUN chown geoserver:geoserver /home/geoserver/.davfs2/secrets
RUN chmod 0600 /home/geoserver/.davfs2/secrets
RUN chmod u+s /sbin/mount.davfs
RUN perl -p -i -e "s/#\s*use_locks\s*1/use_locks 0/" /etc/davfs2/davfs2.conf
RUN adduser geoserver davfs2
RUN echo "https://my-owncloud-server.org/owncloud/remote.php/webdav /home/geoserver/owncloud davfs rw,user,noauto 0 0" >> /etc/fstab
The device /dev/fuse exists
root@8e8091d97157:/# ls -l /dev/fuse
crw-rw-rw- 1 root root 10, 229 Oct 18 12:06 /dev/fuse
But the mount fails... i do not see interesting things in the logs :
/var/log/daemon.log
root@8e8091d97157:/# tail /var/log/daemon.log
Oct 18 12:36:03 8e8091d97157 mount.davfs: davfs2 1.5.2
Oct 18 12:36:04 8e8091d97157 mount.davfs: the server certificate is not trusted
Oct 18 12:36:04 8e8091d97157 mount.davfs: issuer: TERENA, Amsterdam, Noord-Holland, NL
Oct 18 12:36:04 8e8091d97157 mount.davfs: subject: Domain Control Validated
Oct 18 12:36:04 8e8091d97157 mount.davfs: identity: owncloud-mshe.univ-fcomte.fr
Oct 18 12:36:04 8e8091d97157 mount.davfs: accepted by user
/var/log/debug
root@8e8091d97157:/# tail /var/log/debug
Oct 18 12:36:03 8e8091d97157 mount.davfs: davfs2 1.5.2
/var/log/auth.log
root@8e8091d97157:/# tail /var/log/auth.log
Oct 18 12:35:59 8e8091d97157 su[890]: Successful su for geoserver by root
Oct 18 12:35:59 8e8091d97157 su[890]: + ??? root:geoserver
Oct 18 12:35:59 8e8091d97157 su[890]: pam_env(su:session): Unable to open env file: /etc/default/locale: No such file or directory
Oct 18 12:35:59 8e8091d97157 su[890]: pam_unix(su:session): session opened for user geoserver by (uid=0)
Oct 18 12:36:09 8e8091d97157 su[890]: pam_unix(su:session): session closed for user geoserver
So everything seems to be normal. I would be happy to get some help. Thanks.
Ernest.
回答1:
Thank's, successfully mounted by adding
--privileged --cap-add=SYS_ADMIN --device /dev/fuse
in to docker run command.
回答2:
I found a solution. Indeed, as explained in the DockerCVMFS documentation, "it is possible to run FUSE filesystems inside a container, but FUSE must be enabled on the host system. Docker will not enable you to load kernel modules that you couldn't load on the host".
Consequently, i tried to load the module fuse in the host, as explained in modprobe in a docker container
I used the following command to launch the container, and the mount is ok now :
docker run --name geosync_ssh_data_1 --privileged --cap-add=ALL -v /dev:/dev -v /lib/modules:/lib/modules geosync_ssh_data
The solution includes tree steps :
Run the container in privileged mode (--privileged)
Add all capabilities (--cap-add=ALL)
Passthrough /lib/modules into the container (-v /lib/modules:/lib/modules)
hope it helps.
one question remains : is the only way to do that ?
Ernest.
回答3:
Those security options are too open. FUSE support is now documented at Docker runtime privileges. All you need are -cap-add SYS_ADMIN --device /dev/fuse
来源:https://stackoverflow.com/questions/40106108/cant-open-fuse-device-in-a-docker-container-when-mounting-a-davfs2-volume