Closed sauercrowd closed 6 years ago
terrelln
commented
6 years ago XARs rely on squashfuse_ll to mount the XAR's SqaushFS filesystem. We use squashfuse instead of the squashfs kernel module so that we don't have to maintain our own setuid binary to mount the filesystem, instead we rely on the well tested and secure fusermount setuid binary. However, this does mean that the fuse kernel module is necessary to run XARs.
sauercrowd
commented
6 years ago Okay, so it is not possible to run it without the fuse kernel module? Are there any plans to get it working without it? Or is it just not possible with the current architecture
chipturner
commented
6 years ago I'm afraid not; there are currently no plans to make XAR work without FUSE.
However, it should be possible to get FUSE working inside a docker container; I'm not a docker expert but the various forms of Linux virtualization should work fine with FUSE. I would suggest perhaps googling a bit to see what options fit your use case; it looks like there are ways to get it working based on a quick glance.
sauercrowd
commented
6 years ago @chipturner There are ways, you're right, but all of these require either a privileged container or mounting the fuse socket (At least the workarounds I've seen), and that's something I'd like to avoid. I also assume that these workarounds will not be applicable to Docker on Windows (Which would be a nice feature to have).
Probably it's possible to add a short note regarding Docker to the README to avoid similar questions in the future, would that make sense? Anyway, I think this issue can be closed, thanks for your support.
When using xar in a docker container, there is an issue with the FUSE driver:
AFAIK the container environment is responsible for the latter.
Is there any way to use xar without this kernel module, in order avoid privileged containers or mounting the fuse socket? (Probably really important when using docker containers on windows)