Ubuntu 12.04 LXC Container CurlFTPFS, fuse: mount failed: Permission denied

Had a problem today, where i came to use curlftpfs inside of an LXC container running Ubuntu 12.04 that i had upgraded from some previous version of Ubuntu a while ago, and had not actually needed to use curlftpfs until now.

When ever i tried to mount a remote ftp site via curlftpfs i kept getting the message "fuse: mount failed: Permission denied".    After a little bit of investigation and Googling, i found i needed to do the following :-

Inside the container :-

sudo mknod -m 666 /dev/fuse c 10 229

This got SSHFS to work, however, CurlFTPFS was still failing, so after looking at dmesg log, i found the following :-

[8341766.240035] type=1400 audit(1392035467.856:92): apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=2540 profile="lxc-container-default" name="/xxx/xxxxx/xxxx.xxx/xxx_xxxxxx/" pid=2541 comm="curlftpfs" fstype="fuse" srcname="curlftpfs#ftp://xxx.xxxxx.xxxx.xxx/" flags="rw, nosuid, nodev"

So with a bit more research i found that i needed to go back onto the host, and edit /etc/apparmor.d/lxc/lxc-default and add a mount rule inside of the lxc-container-default profile :-

mount fstype=fuse options=(rw, nosuid, nodev),

Which essentially allows mouting with options rw,nosuid,nodev for fstype of fuse - ie; what the dmesg output was telling me was being blocked by AppArmor

Handy Links :-

http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Mount_rules_.28AppArmor_2.8_and_later.29

https://gist.github.com/gionn/7585324

Monday 10 February 2014 at 04:27 am | | Linux

No comments

(optional field)
(optional field)

Comment moderation is enabled on this site. This means that your comment will not be visible until it has been approved by an editor.

Remember personal info?
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.