Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission Denied: mount of cifs inside sysbox container not working #856

Open
sibidharan opened this issue Oct 29, 2024 · 1 comment
Open

Permission Denied: mount of cifs inside sysbox container not working #856

sibidharan opened this issue Oct 29, 2024 · 1 comment
Labels
question Further information is requested

Comments

@sibidharan
Copy link

sibidharan commented Oct 29, 2024
edited
Loading

I have permission issues with mounting SMB share using mount -t cifs and without sysbox its working well with right capabilities, but with sysbox it throws permission error, probably sysbox while intercepting the mount calls denying the mount of cifs?

With Sysbox:
with-sysbox

  • without uid gid also same error, Without Sysbox its working well.

I did some research and read other threads and found @ctalledo recommending this

In the meantime, a work-around in order to mount a cifs-backed volume into a Sysbox container would be to configure Docker in userns-remap mode. This way Sysbox won't need to use shiftfs anymore.

If you want to do this, add the "userns-remap" line to the /etc/docker/daemon.json file

but I cant use this since my infra relies on network_mode: host, and with userns-remap, host network is not possible since it affects even the runc containers.

Is there a workaround for this today?

My requirement comes from having a file system that needs mandatory file locking, and I ended up using SAMBA.
@ctalledo ctalledo added the question Further information is requested label Nov 4, 2024
@ctalledo
Copy link
Member

ctalledo commented Nov 4, 2024

Hi @sibidharan,

The permission denied problem is likely coming from CIFS itself (maybe due to the username, password, or uid/gid options) or possible permissions on the Samba share itself. I was not able to reproduce on my local Linux environment.

I created a simple CIFS share on my Linux host:

sudo apt-get install samba -y
sudo mkdir -p /srv/samba/share
sudo chmod 777 /srv/samba/share

Then configured the /etc/samba/smb.conf with:

[test_share]
path = /srv/samba/share
browseable = yes
read only = no
guest ok = yes

Then restarted Samba:

sudo systemctl restart smbd

Then started a Sysbox container:

docker run --runtime=sysbox-runc -it --rm ubuntu

And inside the Sysbox container I mounted CIFS:

mkdir /mnt/test_share
mount -t cifs -o guest //<LOCALHOST_IP>/test_share /mnt/test_share

This worked fine, and I can see the contents of /mnt/test_share in the container are the proper ones:

# ls -l /mnt/test_share/
total 0
-rwxr-xr-x 1 root root 0 Nov  4 21:36 hello.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sibidharan @ctalledo