-
Notifications
You must be signed in to change notification settings - Fork 12
FUSE and Docker
Because of the nature of FUSE systems, only the user who starts a FUSE program will be able to read the files mounted. This can be changed by editing a config file on the machine to allow_others, but be warned that there are security implications to be considered. Generally we don't recommend this option. It is best to create a user one intends on using to mount fusera and to invoke the tools that will interact with fusera. This avoids this issue.
If a user desires to run tools inside a docker container on files inside fusera's file system, they still both need to be operating as the same user. This is best done by doing everything from inside the docker container.
Fusera has its first docker image on Docker Cloud! You can find it here.
Since fusera needs access to the FUSE device and docker containers provide no access to any such device by default, the incantation to get everything running can be a lot to take in:
sudo docker run --rm -it --privileged --cap-add SYS_ADMIN --cap-add MKNOD --device /dev/fuse fusera/fusera:alpine
A typical call to start a docker container is docker run --rm -it fusera. The --privileged, --cap-add SYS_ADMIN, and --cap-add MKNOD provide permissions the container needs in order to use the FUSE device. The --device /dev/fuse adds the host's FUSE device to the container.