Rootless Mounting Using Squashfuse

[bodhirubinstein]

This PR includes a patch to squashfs-mount that allows for rootless (non setuid) mounting of squashfs files using squashfuse based on a cli option (--squashfuse). This feature is intended to be paired with my Uenv PR that includes an option in our global config file to use squashfuse mounting for environments where we allow user namespaces and don't want to use a setuid binary.

P.S. Same as my Uenv PR: I am by no means a strong C/C++ programmer, so this code is probably missing some things such as edge case functionality and certain error handling. It should still give a good idea of where we're headed though, at least enough for your feedback. Thanks!

[bcumming]

Thanks for starting work on this - it is something that we have played with implementing in the past.

I will let @simonpintarelli comment on the implementation itself.

From a more high-level point of view, I think that this should be a compile time option, not runtime.
This would remove the need to use a runtime flag, which wouldn't make much sense to provide if running on a system that provides only one of the two methods (e.g. some systems don't enable user namespaces, and others won't install setuid tools).

We have been discussing improvements to squashfs-mount recently, and made the decision to move it into the uenv2 repository, so that we can use the same command line parsing code, and other tools and utilities.
I will keep your changes here in mind when doing the port, so that they can be reimplemented there more easily.

[simonpintarelli]

Hi @bodhirubinstein, have you seen branch feat/multiple-image-fuse? It supports multiple sqfs images and uses the low-level fuse api following https://github.com/vasi/squashfuse/blob/master/ll_main.c#L230. The low-level version (equivalent to squashfuse_ll should be more efficient, iirc squashfuse only provided a header for the low-level version. It doesn't support forwarding env variables, so it won't work with uenv2 as it is at the moment.

[simonpintarelli]

@bodhirubinstein fyi, here is the draft for a rootless (squashfuse) version in c++: eth-cscs/uenv#98
Since we want to use it as sandbox for stackinator in the future and add functionality for bind-mount, tmpfs, etc., my current idea is to make it a non-setuid binary via squashfuse.

[bodhirubinstein]

Awesome, thanks! This look very similar to the idea of what I did, although certainly much more polished :). Given that you're moving squashfs-mount into uenv, it would certainly be great to have this as a compile time option inside of uenv like Ben mentioned. Thanks for the help!