mirror of
https://github.com/s3fs-fuse/s3fs-fuse.git
synced 2026-04-25 21:35:58 +03:00
[GH-ISSUE #1246] Question: Running S3FS in a container without privilege mode. #664
Labels
No labels
bug
bug
dataloss
duplicate
enhancement
feature request
help wanted
invalid
need info
performance
pull-request
question
question
testing
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/s3fs-fuse#664
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @downright-ux on GitHub (Feb 21, 2020).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/1246
Hey I was wondering if there is an easy work around to get this working in none privilege mode.
@rhysmeister commented on GitHub (Feb 28, 2020):
There's an implementation here using --cap-add SYS_ADMIN
https://hub.docker.com/r/efrecon/s3fs
That's still pretty open though.
@gaul commented on GitHub (Aug 16, 2020):
Can someone explain this issue more fully? Does s3fs require more permissions because of FUSE or some other issue that we can address?
@syalanurag1991 commented on GitHub (Dec 18, 2020):
@gaul Yes. In order to to mount an s3 bucket inside a docker container, one has to run docker run in privileged mode,
something like this
docker run -it --privileged my_docker_img /bin/bashelse it will throw 'fuse: device not found, try 'modprobe fuse' first' error and won't mount the bucket.
@gaul commented on GitHub (Dec 21, 2020):
I'm not sure if there is anything we can do here. Do other FUSE filesystems like sshfs require the same permission?
@fly3366 commented on GitHub (Dec 22, 2020):
If use k8s, try device plugin for fuse
@EgorSemenov commented on GitHub (Mar 24, 2021):
@downright-ux @gaul @fly3366 @syalanurag1991 @rhysmeister guys any updates? I am trying to mount bucket inside container inside openshift
@syalanurag1991 commented on GitHub (Mar 25, 2021):
Sorry, nope. I was not able to mount s3 without docker being previleged. And Sagemaker does not allow privileged dockers to be deployed. So had to find a workaround - basically download data to memory. Not an ideal system TBH.
@EgorSemenov commented on GitHub (Mar 25, 2021):
@syalanurag1991 thanks for your answer
@gaul commented on GitHub (Mar 25, 2021):
Sorry I lack background in this but this may be a Docker/container limitation. You might want to look at:
https://github.com/docker/for-linux/issues/321#issuecomment-677744121
@acidjazz commented on GitHub (Jan 15, 2023):
This would be huge since AWS Fargate does not allow priviledged mode - this library is not useable in fargate unless we can figure this out!
https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/fargate-security-considerations.html
@leryn1122 commented on GitHub (Mar 2, 2023):
What's the minimum linux capability set when using s3fs as k8s sidecar or csi driver developping? SYS_ADMIN seems to be dangerous and overloaded.
@ggtakec commented on GitHub (Mar 26, 2023):
@leryn1122
Even if you write a CSI driver, I think you need privileges in sidecar.
I plan to work on this issue in the future (hopefully FUSE3 support will fix everything), but I haven't started to it yet.
@ianrtracey commented on GitHub (Apr 4, 2023):
Also running into this problem
@MMahendravarman commented on GitHub (Jun 20, 2023):
Hi,
was anyone able to find solution for this?
Thanks