Hi everyone! I want to be able to access a (fuse-type) cloud drive mounted inside a container as the binary is proprietary and I do not want to mount it on the host for security and privacy purposes. I have tried to quickly spin a podman container and bind the folder that corresponds with the drive with the rshared flag but the folder appears to be empty on the host while inside the container it works just fine.

I am running the following commands:

$ podman unshare mount --make-shared --bind /clouddrive /clouddrive
$ podman run -i -t --cap-add=sys_admin --network host \
	--security-opt label=type:container_runtime_t \
	-v /cloudbinary:/bin/cloudbinary:ro \
	-v /clouddrive:/clouddrive:shared \
	--device /dev/fuse:/dev/fuse \
	-v /bin:/bin:ro \
	-v /lib64:/lib64:ro \
	--privileged --name=name image /bin/bash

Inside the rootless container I run:

# cloudbinary login username
<enter password>
<successful login>
# ls /clouddrive
file1 file2 file3

But on the host /clouddrive is empty:

$ ls /clouddrive
<nothing>

Running findmnt -o TARGET,PROPAGATION /clouddrive inside the container yields:

TARGET      PROPAGATION
/clouddrive shared,slave

Running findmnt -o TARGET,PROPAGATION /clouddrive on the host yields:

TARGET      PROPAGATION
/clouddrive shared,slave

I have almost no prior experience with podman but I read something about how a rootless container might not work because the user and group owning the folder is not the right one. Does anybody have an idea on how to fix this? Thank you.

Update: It seems the cloud binary is unmounting any drive with the same name at startup and mounting it’s own drive. Would that be a problem? Running findmnt still shows shared but the slave label has disappeared after the binary mounts it’s own drive. Is there anyway to “reshare” it at runtime/dynamically?

  • moonpiedumplings@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    7 days ago

    You could consider just using -v, but of the folder one leve above the cloud drive. You shouldn’t need most or the other options, or the two commands,