Skip to content

Setcap over SSHFS

I am running a VM on my machine and have mounted a host folder inside VM using sshfs (auto-mounted via fstab).

abc@xyz:/home/machine/test on /home/vm/test type fuse.sshfs (rw,relatime,user_id=0,group_id=0,allow_other)

That folder has an executable which I want to run inside the VM. But I also need some capabilities before running that executable. So my script looks like:

# Some preprocessing.
sudo setcap CAP_DAC_OVERRIDE+ep /home/vm/test/my_exec

But I am getting below error :

Failed to set capabilities on file `/home/vm/test/my_exec' (Operation not supported)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file

But if I copy executable inside the VM (say in /tmp/), then it works perfectly fine. Is this a known limitation of sshfs or am I missing something here ?



File capabilities are implemented on Linux with extended attributes (specifically the security.capability attribute), and not all filesystems implement extended attributes.

sshfs in particular does not.

User contributions licensed under: CC BY-SA
2 People found this is helpful