Rclone v1.48.0 mount in docker is not working

Hey There,
I wanted to mount an encrypted google drive in my docker container. I was working on a different system but now I'm getting an error.

rclone version: 1.48.0 (I upgraded because I used 1.47.0 before, also not working)

rclone mount command:

root@d8616d481ce0 ~ # rclone --config /config/rclone/rclone.conf mount plexdrive_crypt: /gdrive/ --default-permissions --uid 998 --gid 997 --allow-other --log-level DEBUG

output:

2019/06/19 12:58:46 DEBUG : rclone: Version "v1.48.0" starting with parameters ["rclone" "--config" "/config/rclone/rclone.conf" "mount" "plexdrive_crypt:" "/gdrive/" "--default-permissions" "--uid" "998" "--gid" "997" "--allow-other" "--log-level" "DEBUG"]
2019/06/19 12:58:46 DEBUG : Using config file from "/config/rclone/rclone.conf"
2019/06/19 12:58:47 DEBUG : Encrypted drive 'plexdrive_crypt:': Mounting on "/gdrive/"
2019/06/19 12:58:47 mount helper error: fusermount: mount failed: Permission denied
2019/06/19 12:58:47 Fatal error: failed to mount FUSE fs: fusermount: exit status 1

rclone config:

[plexdrive_crypt]
type = crypt
remote = gdrive:media
filename_encryption = standard
directory_name_encryption = true
password = xxx
password2 = xxx

[gdrive]
type = drive
client_id = xxx.apps.googleusercontent.com
client_secret = xxx
service_account_file = 
token = {"access_token":"xxx","token_type":"Bearer","refresh_token":"xxx","expiry":"0000-00-00T00:00:00.0000000000+00:00"}

Docker container config (from my ansible script):

- name: Deploy alpine xfce desktop
  docker_container:
    name: "desktop"
    image: "shokinn/docker-alpine-desktop:latest"
    # currently broken see https://github.com/ansible/ansible/pull/56687
    # networks_cli_compatible: yes
    purge_networks: yes
    network_mode: "container:vpn_desktop"
    volumes:
      - /docker/desktop/config:/config
      - /mnt/media:/storage
    capabilities:
      - SYS_ADMIN
    devices:
      - /dev/fuse
    shm_size: "2G"
    memory: "4G"
    env:
      RCLONE_CONFIG_REMOTE: "plexdrive_crypt"
      TZ: "Europe/Berlin"
      USER_ID: "998"
      GROUP_ID: "997"
      DISPLAY_WIDTH: "1900"
      DISPLAY_HEIGHT: "1060"
    restart_policy: unless-stopped
  retries: 4
  delay: 15

As you can see I add the SYS_ADMIN capability and I also add the /dev/fuse device.
Any Ideas why it is not working?

• Btw. on the Host it is working and in use.

Does the user you are mounting as have write permissions to the /gdrive directory? That could cause this error.

You may get this error because of AppArmor if the host is running Ubuntu for example.
You could try adding to your Docker command:

--security-opt apparmor=unconfined

Or on Docker Compose:

security_opt:
    - apparmor:unconfined

However it seems like 'security-opt' isn't supported by Ansible:
https://docs.ansible.com/ansible-container/container_yml/reference.html

rclone runs as root.
So this shouldn't be a problem.

Hey @Poludo,
thanks a lot this was my problem.

Btw. Ansible is supporting the security-opt option. It's called security_opts.
https://docs.ansible.com/ansible/latest/modules/docker_container_module.html#docker-container-module

If anyone is interested how the ansible entry looks like:

- name: Deploy alpine xfce desktop
  docker_container:
    name: "desktop"
    image: "shokinn/docker-alpine-desktop:latest"
    # currently broken see https://github.com/ansible/ansible/pull/56687
    # networks_cli_compatible: yes
    purge_networks: yes
    network_mode: "container:vpn_desktop"
    volumes:
      - /docker/desktop/config:/config
      - /mnt/media:/storage
    capabilities:
      - SYS_ADMIN
    devices:
      - /dev/fuse
    security_opts:
      - "apparmor:unconfined"
    shm_size: "2G"
    memory: "4G"
    env:
      RCLONE_CONFIG_REMOTE: "plexdrive_crypt"
      TZ: "Europe/Berlin"
      USER_ID: "998"
      GROUP_ID: "997"
      DISPLAY_WIDTH: "1900"
      DISPLAY_HEIGHT: "1060"
    restart_policy: unless-stopped
  retries: 4
  delay: 15

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.