Fusermount permission denied in docker rclone

Help and Support
1

Hi,

I'm trying to mount within docker, but fusermount permission is denied. Obviously it's an access right issue, but I dont know how to fix it...

here is my docker-compose for rclone
rclone:
image: rclone/rclone:latest
container_name: rclone
devices:
- /dev/fuse:/dev/fuse:rwm
cap_add:
- SYS_ADMIN
volumes:
- /home/cyril/rclone2/config:/config/rclone
- /home/cyril/rclone2/data:/data
- /home/cyril/rclone2/gmount:/gmount
- /home/cyril/rclone2/logs:/logs
ports:
- 53682:53682
entrypoint: "rclone mount gcrypt: /gmount --allow-other --buffer-size 256M --dir-cache-time 1000h --log-level INFO --log-file /logs/mount.log --poll-interval 15s --timeout 1h --umask 002

Here is the content of mount.log file:
2020/01/19 05:10:41 INFO : gcache: Cache DB path: /root/.cache/rclone/cache-backend/gcache.db
2020/01/19 05:10:41 INFO : gcache: Cache chunk path: /root/.cache/rclone/cache-backend/gcache
2020/01/19 05:10:41 INFO : gcache: Chunk Memory: true
2020/01/19 05:10:41 INFO : gcache: Chunk Size: 10M
2020/01/19 05:10:41 INFO : gcache: Chunk Total Size: 10G
2020/01/19 05:10:41 INFO : gcache: Chunk Clean Interval: 1m0s
2020/01/19 05:10:41 INFO : gcache: Workers: 4
2020/01/19 05:10:41 INFO : gcache: File Age: 1d
2020/01/19 05:10:42 INFO : gcache: Cache DB path: /root/.cache/rclone/cache-backend/gcache.db
2020/01/19 05:10:42 INFO : gcache: Cache chunk path: /root/.cache/rclone/cache-backend/gcache
2020/01/19 05:10:42 INFO : gcache: Chunk Memory: true
2020/01/19 05:10:42 INFO : gcache: Chunk Size: 10M
2020/01/19 05:10:42 INFO : gcache: Chunk Total Size: 10G
2020/01/19 05:10:42 INFO : gcache: Chunk Clean Interval: 1m0s
2020/01/19 05:10:42 INFO : gcache: Workers: 4
2020/01/19 05:10:42 INFO : gcache: File Age: 1d
2020/01/19 05:10:42 mount helper error: fusermount: mount failed: Permission denied
2020/01/19 05:10:42 Fatal error: failed to mount FUSE fs: fusermount: exit status 1

Thank you

2

I've added --privileged=True in my docker compose file and the error disappeared.
But I don't see my gdrive content in my local path, so how can i check if the mount is actually working ? There is nothing in the logs

3

Hello,

To help with fuse permission, you need to un-commented #user_allow_other in /etc/fuse.conf:ro and bind it, also bind /etc/passwd:ro /etc/group:ro.
Privileged is not necessary if you do that.

4

I added the below in my docker compose file and remove privilege, but then I still got permission denied.
- /etc/passwd:/etc/passwd:ro
- /etc/group:/etc/group:ro
- /etc/user:/etc/user:ro
- /etc/fuse.conf:/etc/fuse.conf:ro
But with Privilege I don't have it anymore, but the mount folder is simply empty and I have no error in rclone logs:

2020/01/19 12:08:48 DEBUG : rclone: Version "v1.50.2" starting with parameters ["rclone" "mount" "gcrypt:" "/gmount" "--drive-impersonate" "XXX@XXX.com" "--allow-other" "--buffer-size" "256M" "--dir-cache-time" "1000h" "--log-level" "DEBUG" "--log-file" "/logs/mount.log" "--poll-interval" "15s" "--timeout" "1h" "--umask" "002"]
2020/01/19 12:08:48 DEBUG : Using config file from "/config/rclone/rclone.conf"
2020/01/19 12:08:49 DEBUG : gcache: wrapped gdrive:backup/crypt at root crypt
2020/01/19 12:08:49 INFO : gcache: Cache DB path: /root/.cache/rclone/cache-backend/gcache.db
2020/01/19 12:08:49 INFO : gcache: Cache chunk path: /root/.cache/rclone/cache-backend/gcache
2020/01/19 12:08:49 INFO : gcache: Chunk Memory: true
2020/01/19 12:08:49 INFO : gcache: Chunk Size: 10M
2020/01/19 12:08:49 INFO : gcache: Chunk Total Size: 10G
2020/01/19 12:08:49 INFO : gcache: Chunk Clean Interval: 1m0s
2020/01/19 12:08:49 INFO : gcache: Workers: 4
2020/01/19 12:08:49 INFO : gcache: File Age: 1d
2020/01/19 12:08:49 DEBUG : Adding path "cache/expire" to remote control registry
2020/01/19 12:08:49 DEBUG : Adding path "cache/stats" to remote control registry
2020/01/19 12:08:49 DEBUG : Adding path "cache/fetch" to remote control registry
2020/01/19 12:08:50 DEBUG : gcache: wrapped gdrive:backup/crypt at root crypt
2020/01/19 12:08:50 INFO : gcache: Cache DB path: /root/.cache/rclone/cache-backend/gcache.db
2020/01/19 12:08:50 INFO : gcache: Cache chunk path: /root/.cache/rclone/cache-backend/gcache
2020/01/19 12:08:50 INFO : gcache: Chunk Memory: true
2020/01/19 12:08:50 INFO : gcache: Chunk Size: 10M
2020/01/19 12:08:50 INFO : gcache: Chunk Total Size: 10G
2020/01/19 12:08:50 INFO : gcache: Chunk Clean Interval: 1m0s
2020/01/19 12:08:50 INFO : gcache: Workers: 4
2020/01/19 12:08:50 INFO : gcache: File Age: 1d
2020/01/19 12:08:50 DEBUG : Adding path "cache/expire" to remote control registry
2020/01/19 12:08:50 DEBUG : Adding path "cache/stats" to remote control registry
2020/01/19 12:08:50 DEBUG : Adding path "cache/fetch" to remote control registry
2020/01/19 12:08:50 DEBUG : Encrypted drive 'gcrypt:': Mounting on "/gmount"
2020/01/19 12:08:50 DEBUG : Cache remote gcache:crypt: subscribing to ChangeNotify
2020/01/19 12:08:50 DEBUG : Adding path "vfs/forget" to remote control registry
2020/01/19 12:08:50 DEBUG : Adding path "vfs/refresh" to remote control registry
2020/01/19 12:08:50 DEBUG : Adding path "vfs/poll-interval" to remote control registry
2020/01/19 12:08:50 DEBUG : : Root:
2020/01/19 12:08:50 DEBUG : : >Root: node=/, err=
2020/01/19 12:09:49 DEBUG : Cache remote gcache:crypt: starting cleanup
2020/01/19 12:09:50 DEBUG : Google drive root 'backup/crypt': Checking for changes on remote

Then, when I attach to my docker and I run rclone lsd gcrypt: command, i got following:

2020/01/19 12:41:21 ERROR : /root/.cache/rclone/cache-backend/gcache.db: Error opening storage cache. Is there another rclone running on the same remote? failed to open a cache connection to "/root/.cache/rclone/cache-backend/gcache.db": timeout
2020/01/19 12:41:22 ERROR : /root/.cache/rclone/cache-backend/gcache.db: Error opening storage cache. Is there another rclone running on the same remote? failed to open a cache connection to "/root/.cache/rclone/cache-backend/gcache.db": timeout
2020/01/19 12:41:22 Failed to create file system for "gcrypt:": failed to make remote gcache:"/crypt" to wrap: failed to start cache db: failed to open a cache connection to "/root/.cache/rclone/cache-backend/gcache.db": timeout

5

Hmm, I made some progress here:

when I attach to my docker and check the content of my local mount path, I can see the content of my g drive:
ls /gmount will give me my gdrive data. So the mount is actually working.

Now, as I'm inside a docker, I've also map the path /gmount (inside my container) to a path on my host: /home/cyril/rclone2/gmount

But when I do ls /home/cyril/rclone2/gmount (on the host), the folder is empty.

6

finally its now working !
I had to change the mount folder in my container so it is located in /data/ (in the container).

Then, in my docker compose, I use following commands:
devices:
- /dev/fuse:/dev/fuse:rwm
cap_add:
- SYS_ADMIN
privileged: true
security_opt:
- apparmor:unconfined
volumes:
- /home/cyril/rclone2/data:/data:shared

privilege should not be necessry is i properly map etc/passwd and /etc/group (but I havent tested yet

and here is the beginning of rclone mount command:

rclone mount gcrypt: /data/gmount

7

oh yes, i forgot --security-opt apparmor:unconfined, to not use privileged.

  --volume /etc/fuse.conf:/etc/fuse.conf:ro \
  --volume /etc/passwd:/etc/passwd:ro \
  --volume /etc/group:/etc/group:ro \
  --device /dev/fuse --cap-add SYS_ADMIN --security-opt apparmor:unconfined \
8

All things discussed here, you would have found on the docs page;
https://rclone.org/install/#install-with-docker

9

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.