I have a docker container running under user privileges because of namespaces. The container needs to be able to mount an image using the mount command. However, this results in
mount failed: Operation not permitted.
That makes sense because users don’t have the permissions to mount. I think what’s happening is that the mount program in the docker container is making system calls that get permission denied. However, I checked SELinux and there were no permission denied audits. I thought maybe I can modify seccomp or SELinux to allow this, but maybe that’s the wrong rationale, because those programs only restrict kernel calls, but even if they are disabled and the kernel call was allowed, it’ll just be denied by the kernel.
How can I allow a user process to mount a volume?