kldload operation not permitted

[Ikenna Okpala]

I am trying to install fusefs-s3fs on a pluginjail in freenas
when i try to start fusefs i get the following error about not being able to load kldload

can some help with this please..

$: /usr/local/etc/rc.d/fusefs start
Starting fusefs.

kldload: can't load /usr/local/modules/fuse.ko: Operation not permitted

 

[cyberjock]

Yep.. you can't load kernel modules inside the jail. Kernel modules must be included in FreeNAS and loaded on bootup. Also, if they aren't compiled against FreeNAS(not FreeBSD) there is a very real chance they won't work, crash the system, or do things like make it crash on bootup.

In short, you are starting on a path that will have an extremely steep learning curve. I tried to do it 3 weeks ago.. took just 6 days of 14 hour days to figure it out. Good luck!

 

[Ronny Adams]

Hi, would you mind pointing me in the right direction?

There is little information about fusefs in a jail.

i tried it with

Code:

kldload fuse
sysctl vfs.usermount=1

on the host and restarted the jail with no success.

Code:

root@encfs:/media # kldstat
Id Refs Address            Size    Name
23    1 0xffffffff81a64000 aa63    fuse.ko

Code:

root@encfs:/media # mount_fusefs /tmp/e/ /tmp/d/
mount_fusefs: /tmp/e on /tmp/d: Operation not permitted

Code:

root@encfs:/media # encfs -f /tmp/e/ /tmp/d/
EncFS Password:
mount_fusefs: /dev/fuse0 on /tmp/d: Operation not permitted
fuse: failed to mount file system: Operation not permitted
 
root@encfs:/media # encfs  /tmp/e/ /tmp/d/
EncFS Password:
mount_fusefs: /dev/fuse0 on /tmp/d: Operation not permitted
fuse: failed to mount file system: Operation not permitted
fuse failed.  Common problems:
- fuse kernel module not installed (modprobe fuse)
- invalid options -- see usage message

i'm out of ideas right now. please help.

thank you

 

[cyberjock]

Sorry, I have no experience with fusefs and encfs :(

 

[joel72]

did anyone get this to work? I'm trying to get this to work for ages. having a synced, encrypted encfs folder in my btsync plugin jail
fuse.ko module is loaded and parameters are set; still the Message "
mount_fusefs: /dev/fuse0 on /media/DEC: Operation not permitted
fuse: failed to mount file system: Operation not permitted
"

won't stop ruining my days.. :(

if there is anyone who can provide support for encfs and freenas and got this to work with jails please help us!

 

[Ronny Adams]

Hi,

i for myself switched to OpenMediaVault with ZFSonLinux. This is working for me.

To Topic. You will have to wait for Freenas based on FreeBSD 10.

http://www.freebsdnews.net/2013/09/20/freebsd-10s-new-technologies-and-features/

FUSE – FreeBSD 10.0 brings in FUSE file-system support in user-space. FUSE file systems can now be accessed under FreeBSD without installing the “fusefs-kmod” kernel module from ports. This will make accessing these file systems (Linux) more stable.

 

[joel72]

Thanks a lot for the quick and precise answer! :)

 

[Osiris]

This is terrible. Is there an ETA on embedding 10 in the FreeNAS stream ?
Mounting cifs or smbfs shares directly to the jail seems obvious technology to me.

There's a crappy workaround:
Mount the shares on the freenas host and map the location as storage to the jail.

The problem:
If there's a reset of the external server, a network hickup or any other kind of interruption on the side of the sharer, you'll need to re-mount the share(s) on the host & restart the jail(s) using the externally mapped storage.
So shelling to the Freenas host & throwing a "mount -a" and then restarting the jail(s) is enough, but it sucks.

Workaround of the workaround: cron the remounting process on the host.
Downside: however small, there's extra load on the host.

 

[cyberjock]

mounting CIFS shares to the jail is a nonstarter and really shouldn't be part of FreeNAS. You should NOT be using a network sharing protocol for what is not a network problem. The data is available locally and should be used locally. You do not want crap like network stacks and other complexities to get in the way between a jail and its host. It's silly and unnecessary to do that.

Also, if you know your way around FreeBSD it is easy as pie to mount CIFS shares inside the jail (both on the FreeNAS box and anywhere else on your LAN/WAN). No kernel module is required.. you just have to have the right packages installed and use the mount_smbfs command.

There is no ETA on 10 as 9.3 is still very very actively developed. Maybe in 12+ months?

 

[Osiris]

Cyberjock,
I might react somewhat annoyed and am already apologising for that.
Keep in mind that I still am in awe of what FreeNAS does and how you guys have build this amazing gui.

But ... Thanks for implicitly opinionating that I don't know jack about FreeBSD and mounting shares :D

if you know your way around FreeBSD it is easy as pie.

No. I have the right packages installed. pkg, port, whatever. Mounting these shares is a drag.
In fact, the interwebs state that it isn't possible to do jail-only mounts.
I'm bumping into error after error, exception after exception.
Googling shows that not only morons like myself encounter these but other IT pro's as well.

Code:

mount_smbfs -N -L nas3 //myuser@nas3/nas3z6x3tb /mnt/nas3z6x3tb

This gives me a

Code:

mount_smbfs: kldload(smbfs): Operation not permitted

and that's why I was reading this topic.

Since you apparently aren't aware of some of the stuff I'm trying to do, I'll enlighten.

The data is available locally and should be used locally.

No. The data isn't all available locally. I've got 4 nas devices in my signature. Thought that was obvious.

e.g.
I'm using DoubleCommander from within a jail on one of my nas devices to redistribute data constantly.
(This is a total commander clone by some russian guy where you can actually queue your 'move' commands. Sooo worth checking out)
What I did as a workaround was mounting the external shares on the nas host where the jail resides.
From there I added them as storage to the jail (along with the local storage)
Everything is working perfectly, until I, for example, reboot another nas device which offers one of the shares.

From hereon I can only quote myself

The problem:
If there's a reset of the external server, a network hickup or any other kind of interruption on the side of the sharer, you'll need to re-mount the share(s) on the host & restart the jail(s) using the externally mapped storage.
So shelling to the Freenas host & throwing a "mount -a" and then restarting the jail(s) is enough, but it sucks.

Workaround of the workaround: cron the remounting process on the host.
Downside: however small, there's extra load on the host.

Better seemed to me to mount the shares directly into the jail so I wouldn't have to remount the share on the host.
Could you shed your light on this and give us your approach ?

Another view would be to use my workaround + when accessing the mounted share in the jail, check the availability on the host and trigger a re-mount if necessary.


Perhaps I should move this to a new topic.

 

[cyberjock]

So use mount_smbfs. *every* time I've used it I went to my own instructions https://forums.freenas.org/index.ph...indows-server-2008-r2.10031/page-2#post-45042 and never had a problem. I've seen people with virtually no CLI experience do it without problems. What I *have* seen lots of is people that don't have CIFS properly setup, so when they connect they get an error that's because of the CIFS server being misconfigured. Most often they've been unable to even identify the password they are using (so they use the wrong one) and often couldn't even prove the account was locked until I started asking questions.

Can't help any more than that because you didn't provide any examples of what you did and what errors you got.

A few other examples that use AD, etc are available in the forum and I'm sure if you search for that command you'll get those results too.

 

[Osiris]

I've read up on your instructions. This topic relates in no way to this problem.
I'll summarize.

I am perfectly able to mount the shares on the freenas host, using the designated user.
I can then offer those shares to the jail as storage -> works perfectly.
My cifs shares (which are on another FreeNas 9.3 !) can be perfectly accessed from any system in my network using these credentials, which are different linux & freebsd versions, different windows versions & a popcorn hour.
I'm just not able to mount them directly in the jail (which google tells me to be normal on FreeBSD jails).

When using the workaround (mounting samba on the freenas host + using storeage) there is an issue: having to remount the share on the host when the external share was rebooted.

It's not you. The same issue in FreeBSD: http://daemonforums.org/showthread.php?t=7572

 

[joel72]

mounting CIFS shares to the jail is a nonstarter and really shouldn't be part of FreeNAS.
...

There is no ETA on 10 as 9.3 is still very very actively developed. Maybe in 12+ months?

mounting a fusefs share may be a nonstarter as well but it is absolutely required for me as i want to use encfs in a jail. I do not have enough ram to encrypt with zfs - aditionally i want to sync the data with double protection - encfs and AES-128, so that if the data is accessed by an unauthorised attacker, he or she would still be unable to access it.

A possible Workaround would be to install encfs in the freeNAS host and assign the folder that contains the decrypted files to the jail's space. But that goes against the freeNAS principles concerning installation of packages and being a read-only-system, requires manual attention and the providing of the decryption password inside the FreeNAS host which i would rather avoid to do.

If there is anyone with another suggestion, idea or possible workaround i would very much appreciate it. I already am thinking about sharing the encrypted files via NFS, then decrypting it with a network attached raspberry pi and sharing it again to the FreeNAS jail which would be some crazy circumstance which i guess i'd like to avoid. Additionally, i have no idea, how much the raspberry pi would slow down the whole procedure - i guess it would do so pretty much.

Using a FreeNAS 10 Nightly version seems to be too risky for me so far - or is there anyone with different experiences? Is there any kind of solution i haven't thought through yet!? i don't want to wait for another year

Anyways thanks for the help, suggestions and information!! :)

 

[wmn79]

mounting a fusefs share may be a nonstarter as well but it is absolutely required for me as i want to use encfs in a jail. I do not have enough ram to encrypt with zfs - aditionally i want to sync the data with double protection - encfs and AES-128, so that if the data is accessed by an unauthorised attacker, he or she would still be unable to access it.

A possible Workaround would be to install encfs in the freeNAS host and assign the folder that contains the decrypted files to the jail's space. But that goes against the freeNAS principles concerning installation of packages and being a read-only-system, requires manual attention and the providing of the decryption password inside the FreeNAS host which i would rather avoid to do.

If there is anyone with another suggestion, idea or possible workaround i would very much appreciate it. I already am thinking about sharing the encrypted files via NFS, then decrypting it with a network attached raspberry pi and sharing it again to the FreeNAS jail which would be some crazy circumstance which i guess i'd like to avoid. Additionally, i have no idea, how much the raspberry pi would slow down the whole procedure - i guess it would do so pretty much.

Using a FreeNAS 10 Nightly version seems to be too risky for me so far - or is there anyone with different experiences? Is there any kind of solution i haven't thought through yet!? i don't want to wait for another year

Anyways thanks for the help, suggestions and information!! :)

Probably too late but I ran into this lately and I was able to get fuse available in a jail by creating a tunable with the values as below.

Variable: fuse_load
Value: YES
Type: loader
Comment: something for your own reference
Enabled: true (tick the box)

 

[JibbaJabba]

rabble rabble rabble...need this functionality, is there any way of mounting shares inside jails, im currently on freenas 11 rc3? rabble rabble rabble

 

[JibbaJabba]

Probably too late but I ran into this lately and I was able to get fuse available in a jail by creating a tunable with the values as below.

Variable: fuse_load
Value: YES
Type: loader
Comment: something for your own reference
Enabled: true (tick the box)

tried this...worked in Freenas 11 rc2...not rc3 :(

 

[leonardorame]

tried this...worked in Freenas 11 rc2...not rc3 :(

Hi, I'm on 11.2-STABLE, created the tunable, restarted the jail, then from within the jail I did:

Code:

root@cron-scripts:~ # kldload fuse
kldload: can't load fuse: Operation not permitted

Any hint?

 

[sretalla]

Don't do it that way... (officially, don't do it at all).

If you must have it, you need to load it on the host (which is what your tunable would be doing), then mount the required storage into the jail in the usual way.

 

[leonardorame]

Yes, that's why I added the tunable, but I don't know how to add the fusefs-smbnetfs pkg, I tried pkg install fusefs-smbnetfs, but it isn't in the repo:

Code:

sudo pkg install fusefs-smbnetfs
Updating local repository catalogue...
pkg: Repository local load error: access repo file(/var/db/pkg/repo-local.sqlite) failed: No such file or directory
pkg: file:///usr/ports/packages/meta.txz: No such file or directory
repository local has no meta file, using default settings
pkg: file:///usr/ports/packages/packagesite.txz: No such file or directory
Unable to update repository local
Error updating repositories!

 

[sretalla]

You should not need to do that... NTFS is already supported in the fuse package that's onboard (used for the import disk operations).