Closed DUOLabs333 closed 2 months ago
bsbernd
commented
2 years ago This can't work, as unionfs uses the underlying file system to store most meta data. It does not have its own information about file ownership - it just passes it down. The underlying file system returns back that the unionfs process running as user XYZ is not allowed to change ownership to root.
DUOLabs333
commented
2 years ago I ran into this issue when I tried to run an user namespace with an unionfs mountpoint as root. Is is possible to run unionfs under an user namespace (not the same namespace as my chroot, as that might potentially mess up current UIDs) that sees the outer UIDs in /etc/sub{uid,gid} as under it (since it seems that you can't make UIDs accessible to other non-root users)?
bsbernd
commented
2 years ago I'm afraid I can't follow you, can you please describe in detail what you are doing? Alghough I doubt a bit that is is going to work what you are doing - it is not unionfs-fuse that denies permissions - it is the underlying file system. Whatever you are doing, you need to fix permissions below unionfs.
DUOLabs333
commented
2 years ago I am in a user namespace that uses a unionfs mountpoint as root, which is mounted on the host. When I chown a file, it maps it to some subuid on the host. However, on the host, I don't have permission for the subuid, so unionfs can't properly change chown the file. I tried running unionfs in a namespace where it's root, but it couldn't mount.
bsbernd
commented
2 years ago I'm afraid I can't follow you, can you please describe in detail what you are doing? In general, I don't think things like these are easily going to work.
DUOLabs333
commented
2 years ago When you change a file's owner in a user namespace, it maps it to a subuid. However, my user can not access the subuid on the host, so unionfs can't change the owner to the subuid unless it is root.
Steps:
This fails. It only works if you do
sudo unionfs -o allow_other hi=RW merged.-o relaxed_permissionsseems not to have helped.