1

When I try to manually mount with this command:

mount -t nfs <server-ip>:/srv/nfs4/share1 /mnt/data

as non-root user, I am getting the error

mount.nfs: failed to apply fstab options

When I try the same command with sudo:

sudo mount -t nfs <server-ip>:/srv/nfs4/share1 /mnt/data

..., I get the error mount.nfs: Operation not permitted

I have tried modifying access options, such as using no_hide. I have also tried

sudo chown nobody:nobody /srv/nfs4/share1

but the error won't go away, so the clients still have no access.

  • I have verified that the NFS server is up and running from systemd
  • I have checked the exports with showmount -e <server-ip-addr>

I am running the NFS Server on Arch Linux (bare-metal), and the clients are running Fedora (unpriviledged linux containers) What am I missing here that resolves this problem?

I discovered that running commands such as mount is not allowed on unpriviledge containers while researching this problem. There could be a walkaround that uses mount --bind while on nfs4 that could make this work but I am yet to fully decode how it should be properly done after trying:

mount --bind /mnt/nfs4share /srv/nfs4/exports # Then re-exporting and restarting the nfs-server
Improve this question
2
  • What's the output of exportfs on the server? What does logs show? Commented May 19, 2024 at 13:39
  • exportfs -v shows the following /srv/nfs4/share <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash) Commented May 19, 2024 at 16:47

1 Answer 1

Reset to default
0

If you’re facing issues mounting an NFS share in unprivileged Linux containers, here are some workarounds and solutions that might help:

Solution 1: Use mount --bind with NFS Mount

Since unprivileged containers can’t directly mount NFS shares, you can mount the NFS share on the host system and then use a --bind mount to make the NFS mount accessible to the container.

  1. Mount NFS on the Host: Run the following command on your Arch Linux host to mount the NFS share locally:

    sudo mount -t nfs <server-ip>:/srv/nfs4/share1 /mnt/nfs4share

  2. Bind Mount into the Container: Once the NFS share is mounted on the host, you can use --bind to make it available to the container.

    If you have access to the container's configuration, bind mount it from /mnt/nfs4share to the desired path inside the container (e.g., /srv/nfs4/exports):

    sudo mount --bind /mnt/nfs4share /path/to/container/root/srv/nfs4/exports

  3. Restart Services: After configuring these bind mounts, you may need to restart the NFS service on the host to ensure everything is accessible.

Solution 2: Use unprivileged NFS Exports

If you control the NFS server’s export options, you may try adding specific permissions to allow unprivileged clients to access the NFS shares. In the NFS server’s /etc/exports file, modify the options for the shared directory:

/srv/nfs4/share1 <client-ip>(rw,sync,no_subtree_check,all_squash,anonuid=1000,anongid=1000)
  • Explanation of Options:
    • all_squash: Maps all users (including root) to the anonymous user.
    • anonuid=1000,anongid=1000: Sets the UID and GID for the anonymous user to match an unprivileged user on your system. Adjust 1000 to match the user ID on your client container.

After updating /etc/exports, run:

sudo exportfs -ra

Solution 3: Rootless Containers with fuse-overlayfs

For containers requiring filesystem operations like mounting, consider using a rootless container runtime with fuse-overlayfs, which might support filesystem mounts without requiring CAP_SYS_ADMIN.

Solution 4: Use a Different Protocol (e.g., SSHFS)

If NFS proves too restrictive for your use case with unprivileged containers, consider using SSHFS as an alternative. SSHFS works well for unprivileged users and doesn’t require mounting privileges. Here’s an example command:

sshfs <user>@<server-ip>:/srv/nfs4/share1 /path/to/container/root/srv/nfs4/exports -o allow_other

This would allow access to the share within the container without requiring root privileges on the container side.

Hopefully, these steps help address your NFS mount issues with unprivileged containers.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.