simon.schönbeck.dk

Tag: mount

  • Toolbx mount access from host on Fedora Kinoite

    Since Toolbx mounts are running in different namespaces than the host, the mounts cannot be accessed from the latter. I tried many workarounds to see if it really was possible to get around this limit. After some time I decided that using the network stack was probably a better solution to communicate between Toolbx and host.

    In my particular case I never do any layering but instead try to use Flatpak, Toolbx, or even a Boxes virtual machine for any specific software not included in the base layering.

    I needed to run restic to access some documents on a remote restic repo backup. Since restic is not included I had to use Toolbx for this task. Restic uses FUSE to mount the remote end on the local system. In an ideal world I could just have opened this mount in Dolphin to search and open the needed documents. However due to the namespaces difference this mount just shows empty on the host.

    A really quick and dirty solution is to simply use rclone and its webdav option, then Dolphin just opens the webdav address with no issues. Yes, there is a tiny performance hit, but the speed and easy execution greatly makes up for this:

    restic mount ~/remote-restic

    Now that the mount is working from Toolbx itself run rclone to serve it over the network:

    rclone serve webdav ~/remote-restic --addr :8080 -L

    That is all! Now simply open Dolphin and paste the webdav address and there you have your Toolbx mount visible from the host:

    dav://127.0.0.1:8080

    Please note that this is not only for restic but can be used with any mount type like sshfs or even another rclone mount like S3.

    Is it not ironic… using a 1990s protocol (WebDAV) to solve a 2026 container problem!

  • Virtualmin & suEXEC

    If by chance you have installed the Webmin module Virtualmin at some point you may have come across the following error message when setting up the module:

    Failed to save enabled features: The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed.

    This error message is caused by using a version of suEXEC compiled by default to use /var/www as the document root of Apache. The suEXEC feature allows to execute scripts as the user owning the virtual host instead of the global apache user increasing security. The solution has either been to recompile suEXEC with the new desired path (/home in this case) or simply disable (Server Templates > Apache Website > Automatically add appropriate SuExec directive?) suEXEC completely inside the Virtualmin module configuration.

    A much simpler approach I used was to create a link between the two directories. I used mount to bind the two directories together and act as one. Voila, Virtualmin now continued the module setup without a remark!

    To achieve this I ran the following command as root:

    mount --bind /var/www /home

    That is it really. Now the directories act as one for the suEXEC wrapper too.

    Please note this will usually only last till next reboot. To mount permanently include the following line into your /etc/fstab:

    /var/www /home none bind

    The following is the extract from the mount man page:

    Since Linux 2.4.0 it is possible to remount part of the file hierarchy somewhere else. The call is
    mount --bind olddir newdir
    or fstab entry is:
    /olddir  /newdir  none  bind
    After this call the same contents is accessible in two places.  One can also remount a single file (on a single file).

    One note is that if you already had local users set up inside the /home directory you will mount on top of it, making the existing users data unavailable (not deleted). Simply unmount again and the users data will be back again. To get around this change the default path Virtualmin uses to create new virtual hosts home directories to something else e.g. /virtualmin. This can be done in the Users & Groups module.