Squashfs kernel module

[SemaiCZE]

TL;DR

Can we support squashfs kernel module on vpsAdminOS?

Long story

I'm using certbot utility for obtaining certificates from Let's Encrypt authority. Today a mail arrived:

Your system is not supported by certbot-auto anymore.
Certbot will no longer receive updates.
Please visit https://certbot.eff.org/ to check for other alternatives.

So I want to do the upgrade. I'm on CentOS 8, so it means the official supported way is snapd (https://certbot.eff.org/lets-encrypt/centosrhel8-apache). Installing snapd package went well, but running it not quite as expected:

petr@quasar:~% sudo snap install core
error: system does not fully support snapd: cannot mount squashfs image using "squashfs": mount:
       /tmp/sanity-mountpoint-422487146: mount failed: Operation not permitted.
petr@quasar:~% sudo modprobe squashfs
modprobe: FATAL: Module squashfs not found in directory /lib/modules/5.9.12

I know there are other methods to get certificates, but I'd preffer to stay with the most official one.

Thanks

[snajpa]

Supporting squashfs kernel module is not a good idea for security reasons (allowing using arbitrary binary images in combination with a kernel bug could lead to attacker getting root privileges for the whole node).

There is a project called squashfuse, which does exactly, what it says on the tin, it's a FUSE implementation of squashfs. Snapd is able to use it as a fallback, in situations, where kernel module is not available, such as rootless containers. In such a case, snapd just needs fuse to be enabled, and squashfuse to be installed.

[SemaiCZE]

Thank you, I should've found https://kb.vpsfree.cz/navody/vps/vpsadminos/snap sooner. It works.