Re: Removing FUSE support from CF

Daniel Mikusa

On Mon, Jul 13, 2015 at 2:48 AM, Lerenc, Vedran <vedran.lerenc(a)>

Hi Onsi,

Ø Thoughts? Concerns?

Well, that’s bad news.

We, and I assume many others as well (like the folks from Stackato who do
it in the public), have used SSHFS + FUSE to implement a persistent file
system for old-fashioned apps/apps that are not Cloud-native. I don’t want
to fight an ideological battle here, it’s just that these apps do still
exist (in majority) and a file system service is an important
service/feature for them.

So if you remove FUSE (which we thought is not going away/was added to
stay), it’s pretty bad for us/many apps.

Best regards, Vedran
+1 - It would be sad to see FUSE support go away. It's been very helpful
for running apps that depend on a persistent FS, like Wordpress. Perhaps
this use case of mounting a remote SSHFS could be supported in some other


*From: *Onsi Fakhouri
*Reply-To: *"Discussions about Cloud Foundry projects and the system
*Date: *Saturday 11 July 2015 01:10
*To: *cf-dev
*Subject: *[cf-dev] Removing FUSE support from CF

Hey CF-Dev,

The Garden team has been hard at work substantially improving
Garden-Linux's security features. Garden-Linux now employs user namespaces
and drops capabilities when creating unprivileged containers - we're
excited to bring both of these features to the platform!

Diego currently runs applications in *privileged* containers. These lack
the security features outlined above and we are planning on switching to
launch all CF applications in *unprivileged* containers.

Unfortunately, it has proved difficult to support
mounting FUSE filesystems from within unprivileged containers. We believe
the security benefits outweigh the features that FUSE give us and* are
planning on removing support for FUSE in favor of better securing our
containers.* If/when FUSE support in unprivileged containers becomes
possible we may add it back to the platform.

Thoughts? Concerns?



cf-dev mailing list

Join { to automatically receive all group messages.