Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mount a FUSE filesystem without use of root or fusermount (suid) #71

Open
probonopd opened this issue Aug 19, 2024 · 5 comments
Open

Mount a FUSE filesystem without use of root or fusermount (suid) #71

probonopd opened this issue Aug 19, 2024 · 5 comments

Comments

@probonopd
Copy link
Member

probonopd commented Aug 19, 2024
edited
Loading

As @mgord9518 pointed out:

#32 (comment)

It’s possible to mount a FUSE filesystem without use of root permissions or SUID binaries by doing the mount inside of a user namespace.

VERY interesting @mgord9518. 💯 I think you are up to something. That suid helper binary always bothered be to begin with.

Does anyone know how to actually implement this, in code? Any help appreciated 👍
@probonopd probonopd mentioned this issue Aug 19, 2024
Draft
@mgord9518
Copy link

For a trivial example, you can just use unshare --mount --user -r, which will create a fake root environment which FUSE can be mounted from. An issue I see is that it's almost like a sandbox, so the behavior won't just be 1:1 with using fusermount.

Maybe someone should experiment with launching AppImages from this shell environment to see how differently the applications behave before implementing anything in C

@TheAssassin
Copy link
Member

user namespace

For security reasons, user namespaces have been restricted resp. locked down more again on many OSes. I could imagine that this would cause issues with rootless FUSE. Plus, they've never been enabled on a lot of popular distros.

@probonopd
Copy link
Member Author

Isn't Bubblewrap using this, too? Which would mean that at least all distributions that support Flatpak should have this enabled by default?

@mgord9518
Copy link

Isn't Bubblewrap using this, too? Which would mean that at least all distributions that support Flatpak should have this enabled by default?

As far as I know. I believe it also has an SUID version but normal bubblewrap uses unprivileged namespaces. Even with the distros that disable them (like Ubuntu), many distros still support them out of the box. Nix, Arch and LM right off the top of my head, so assuming we can actually get it to feel like there's no difference it's probably worth it

I've started on making a new AppImage runtime in Zig and I'll try to implement mounting with namespaces

@Samueru-sama
Copy link

For a trivial example, you can just use unshare --mount --user -r, which will create a fake root environment which FUSE can be mounted from. An issue I see is that it's almost like a sandbox, so the behavior won't just be 1:1 with using fusermount.

Maybe someone should experiment with launching AppImages from this shell environment to see how differently the applications behave before implementing anything in C

I tested this with the nvtop appimage, it has an odd issue that I can no longer see the active processes, it also breaks the cpu-x daemon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@probonopd @TheAssassin @Samueru-sama @mgord9518