On 2019-10-10 17:21, Ulli Horlacher wrote:
On Thu 2019-10-10 (20:47), Kai Krakow wrote:
I run into the problem that "rsync -ax" sees btrfs subvolumes as "other
filesystems" and ignores them.
I worked around it by mounting the btrfs-pool at a special directory:
mount -o subvolid=0 /dev/disk/by-label/rootfs /mnt/btrfs-pool
This is only possible by root, but not by regular users.
Yes, there are true multi-user systems still out there :-)
And that is what `sudo` or capabilities are for.
`sudo` will even let you get as specific as command line arguments, so
you can specify an exact mount command that can be run (including
ensuring that it's read-only) and an exact unmount command that can be run.
If you want to go the capabilities route, you'll need CAP_MOUNT. This
is a lot riskier than using `sudo` though.
That said, if you really want _everything_, you're going to need to
either be root anyway, or have the CAP_DAC_READ_SEARCH (or
CAP_DAC_OVERRIDE) capability, because there are some files you just
won't be able to read otherwise (at minimum the contents of `/root` and
any properly secured authentication logs in `/var/log`, as well as
possibly other things under `/var` and possibly some things under `/etc`).
Actually, you could also just bind-mount into /mnt/btrfs, bind-mounts
won't inherit other mounts but will still see pure subvolumes.
Again, only possible by root.
