The mount fails, even though CAP_SYS_ADMIN is granted.
Only file systems with FU_USERNS_MOUNT in .fs_flags may be mounted in userns,
and the patch to add that fusectl was rejected [1]. It would be nice if we
could check if the kernel has FU_USERNS_MOUNT for a given fs type, since this
could change over time, but this information doesn't seem to be exported.
So let's just skip this mount in userns to avoid an error during boot.
[1] https://patchwork.kernel.org/patch/
2828269/
DefaultDependencies=no
ConditionPathExists=/sys/fs/fuse/connections
ConditionCapability=CAP_SYS_ADMIN
+ConditionVirtualization=!private-users
After=systemd-modules-load.service
Before=sysinit.target
projects / thirdparty / systemd.git / commitdiff
