debcrafters-packages team mailing list archive

Thread
Date
[Bug 2111105] [NEW] Docker FUSE Mount Permission Denied on Ubuntu 25.04 with AppArmor

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Jam Shady <2111105@xxxxxxxxxxxxxxxxxx>
Date: Fri, 16 May 2025 14:00:32 -0000
Reply-to: Bug 2111105 <2111105@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Rclone container fails to mount a FUSE filesystem inside Docker on
Ubuntu 25.04 with a "fusermount3: mount failed: Permission denied"
error, even when the container is run in privileged mode. Disabling
AppArmor on the host resolves the issue.

After upgrading Ubuntu to 25.04, a Docker container using Rclone to
mount a remote as a FUSE filesystem is consistently failing with a
permission denied error related to fusermount3. Extensive
troubleshooting, including ensuring correct host mount point
permissions, verifying /dev/fuse access, and running the container with
privileged: true, did not resolve the issue. The problem is resolved
when AppArmor is completely disabled on the host system via kernel boot
parameters, indicating a conflict between AppArmor, Docker, and FUSE on
this Ubuntu release.


The full bug info, including reproduction steps and other config, etc, is available here: https://gemini.google.com/share/f21b2572d06c


Note: I asked Gemini to compose the bug report after having gone through all the testing options extensively; though it is mostly accurate, the few mistakes are because of its own hallucinations (e.g. calling Ubuntu 25.04 "Oracular Oriole" instead of "Plucky Puffin", etc

ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: fuse 3.14.0-10
ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
Uname: Linux 6.14.0-15-generic x86_64
ApportVersion: 2.32.0-0ubuntu5
Architecture: amd64
CasperMD5CheckResult: pass
Date: Fri May 16 13:47:38 2025
InstallationDate: Installed on 2024-10-09 (219 days ago)
InstallationMedia: Ubuntu-Server 24.04.1 LTS "Noble Numbat" - Release amd64 (20240827)
PackageArchitecture: all
ProcEnviron:
 LANG=C.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/bash
 TERM=xterm
 XDG_RUNTIME_DIR=<set>
SourcePackage: fuse3
UpgradeStatus: Upgraded to plucky on 2025-05-16 (0 days ago)

** Affects: fuse3 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug plucky

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to fuse3 in Ubuntu.
https://bugs.launchpad.net/bugs/2111105

Title:
  Docker FUSE Mount Permission Denied on Ubuntu 25.04 with AppArmor

Status in fuse3 package in Ubuntu:
  New

Bug description:
  Rclone container fails to mount a FUSE filesystem inside Docker on
  Ubuntu 25.04 with a "fusermount3: mount failed: Permission denied"
  error, even when the container is run in privileged mode. Disabling
  AppArmor on the host resolves the issue.

  After upgrading Ubuntu to 25.04, a Docker container using Rclone to
  mount a remote as a FUSE filesystem is consistently failing with a
  permission denied error related to fusermount3. Extensive
  troubleshooting, including ensuring correct host mount point
  permissions, verifying /dev/fuse access, and running the container
  with privileged: true, did not resolve the issue. The problem is
  resolved when AppArmor is completely disabled on the host system via
  kernel boot parameters, indicating a conflict between AppArmor,
  Docker, and FUSE on this Ubuntu release.

  
  The full bug info, including reproduction steps and other config, etc, is available here: https://gemini.google.com/share/f21b2572d06c

  
  Note: I asked Gemini to compose the bug report after having gone through all the testing options extensively; though it is mostly accurate, the few mistakes are because of its own hallucinations (e.g. calling Ubuntu 25.04 "Oracular Oriole" instead of "Plucky Puffin", etc

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: fuse 3.14.0-10
  ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
  Uname: Linux 6.14.0-15-generic x86_64
  ApportVersion: 2.32.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Fri May 16 13:47:38 2025
  InstallationDate: Installed on 2024-10-09 (219 days ago)
  InstallationMedia: Ubuntu-Server 24.04.1 LTS "Noble Numbat" - Release amd64 (20240827)
  PackageArchitecture: all
  ProcEnviron:
   LANG=C.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm
   XDG_RUNTIME_DIR=<set>
  SourcePackage: fuse3
  UpgradeStatus: Upgraded to plucky on 2025-05-16 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fuse3/+bug/2111105/+subscriptions