装入davfs2卷时无法打开停靠容器中的熔丝设备

Question

当我尝试在docker容器上挂载davfs2卷时，遇到以下错误：

geoserver@8e8091d97157:~$ mount owncloud/
/sbin/mount.davfs: loading kernel module fuse
/sbin/mount.davfs: loading kernel module fuse failed
/sbin/mount.davfs: waiting for /dev/fuse to be created
/sbin/mount.davfs: can't open fuse device
/sbin/mount.davfs: trying coda kernel file system
/sbin/mount.davfs: no free coda device to mount

Dockerfile包含以下内容：

FROM debian:jessie

ENV DEBIAN_FRONTEND noninteractive
ENV TERM linux

# environment variables
ENV GEOSERVER_PASS  geoserver

RUN apt-get update
RUN apt-get install -y davfs2 fuse

RUN groupadd --gid 999 geoserver
RUN useradd -ms /bin/bash --home /home/geoserver \
        -p $(echo "print crypt("${GEOSERVER_PASS:-geoserver}", "salt")" | perl) \
        --uid 999 --gid 999 geoserver

USER geoserver
RUN mkdir /home/geoserver/owncloud
RUN mkdir /home/geoserver/.davfs2

USER root
ADD secrets /home/geoserver/.davfs2/secrets
RUN chown geoserver:geoserver /home/geoserver/.davfs2/secrets
RUN chmod 0600 /home/geoserver/.davfs2/secrets

RUN chmod u+s /sbin/mount.davfs
RUN perl -p -i -e "s/#\s*use_locks\s*1/use_locks 0/" /etc/davfs2/davfs2.conf
RUN adduser geoserver davfs2
RUN echo "https://my-owncloud-server.org/owncloud/remote.php/webdav /home/geoserver/owncloud davfs rw,user,noauto 0 0" >> /etc/fstab

设备/dev/fuse存在

root@8e8091d97157:/# ls -l /dev/fuse
crw-rw-rw- 1 root root 10, 229 Oct 18 12:06 /dev/fuse

但是坐骑失败了。我在日志中看不到有趣的东西：

/var/log/daemon.log

root@8e8091d97157:/# tail /var/log/daemon.log 
Oct 18 12:36:03 8e8091d97157 mount.davfs: davfs2 1.5.2
Oct 18 12:36:04 8e8091d97157 mount.davfs: the server certificate is not trusted
Oct 18 12:36:04 8e8091d97157 mount.davfs:   issuer: TERENA, Amsterdam, Noord-Holland, NL
Oct 18 12:36:04 8e8091d97157 mount.davfs:   subject: Domain Control Validated
Oct 18 12:36:04 8e8091d97157 mount.davfs:   identity: owncloud-mshe.univ-fcomte.fr
Oct 18 12:36:04 8e8091d97157 mount.davfs:   accepted by user

/var/log/debug

root@8e8091d97157:/# tail /var/log/debug 
Oct 18 12:36:03 8e8091d97157 mount.davfs: davfs2 1.5.2

/var/log/auth.log

root@8e8091d97157:/# tail /var/log/auth.log 
Oct 18 12:35:59 8e8091d97157 su[890]: Successful su for geoserver by root
Oct 18 12:35:59 8e8091d97157 su[890]: + ??? root:geoserver
Oct 18 12:35:59 8e8091d97157 su[890]: pam_env(su:session): Unable to open env file: /etc/default/locale: No such file or directory
Oct 18 12:35:59 8e8091d97157 su[890]: pam_unix(su:session): session opened for user geoserver by (uid=0)
Oct 18 12:36:09 8e8091d97157 su[890]: pam_unix(su:session): session closed for user geoserver

所以一切似乎都很正常。我很乐意得到一些帮助。谢谢。

欧内斯特。

Answer 1

感谢，通过添加成功挂载

--privileged --cap-add=SYS_ADMIN --device /dev/fuse

在docker run命令中。

Answer 2

我找到了一个解决方案。实际上，正如in the DockerCVMFS documentation所解释的，“可以在容器中运行FUSE文件系统，但必须在主机系统上启用FUSE。Docker不会让您加载无法在主机上加载的内核模块”。

因此，我尝试在主机中加载模块fuse，如modprobe in a docker container中所述

我使用以下命令启动容器，现在可以挂载了：

docker run --name geosync_ssh_data_1 --privileged --cap-add=ALL -v /dev:/dev -v /lib/modules:/lib/modules geosync_ssh_data

该解决方案包括三个步骤：

Run the container in privileged mode (--privileged)
Add all capabilities (--cap-add=ALL)
Passthrough /lib/modules into the container (-v /lib/modules:/lib/modules)

希望能有所帮助。

还有一个问题:这是唯一的方法吗？

欧内斯特。

Answer 3

这些安全选项太开放了。现在在Docker runtime privileges上记录了对FUSE的支持。您只需要-cap-add SYS_ADMIN --device /dev/fuse