S3FS inside LXC containers mounted by the host

Question

I'm currently using several LXC containers to isolate other users' programs from the host system. The rootfs of each container uses a union file system and a few mount-binds from the host and everything is working correctly.

Now I want to be able to use S3FS to mount an S3 bucket on the host and mount-bind it into a directory on the rootfs of each container. It needs to be mounted by the host because I don't want any of the users in the container to see the aws secret key. This appears to work fine (I am able to see the files in the s3fs mount in the correct place), but once I am inside the container, the s3fs files are no longer visible.

It is visible if it is mounted from inside the container, but again I need it mounted from the host.

Is there a particular setting that I need to configure to get this to work properly, or is it just not possible due to FUSE?

Answer 1

You need to bind mount before starting the container. The problem you're currently experiencing is caused by bind mounting after the container has already started. Alternatively, just restart the container.