Setcap over SSHFS

I am running a VM on my machine and have mounted a host folder inside VM using sshfs (auto-mounted via fstab).

abc@xyz:/home/machine/test on /home/vm/test type fuse.sshfs (rw,relatime,user_id=0,group_id=0,allow_other)

abc@xyz:/home/machine/test on /home/vm/test type fuse.sshfs (rw,relatime,user_id=0,group_id=0,allow_other)

​

That folder has an executable which I want to run inside the VM. But I also need some capabilities before running that executable. So my script looks like:

#!/bin/bash
# Some preprocessing.
sudo setcap CAP_DAC_OVERRIDE+ep /home/vm/test/my_exec
/home/vm/test/my_exec

#!/bin/bash

# Some preprocessing.

sudo setcap CAP_DAC_OVERRIDE+ep /home/vm/test/my_exec

/home/vm/test/my_exec

​

But I am getting below error :

Failed to set capabilities on file `/home/vm/test/my_exec' (Operation not supported)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file

Failed to set capabilities on file `/home/vm/test/my_exec' (Operation not supported)

The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file

​

But if I copy executable inside the VM (say in /tmp/), then it works perfectly fine. Is this a known limitation of sshfs or am I missing something here ?

Answer

File capabilities are implemented on Linux with extended attributes (specifically the security.capability attribute), and not all filesystems implement extended attributes.

sshfs in particular does not.