Mount
See also:
mount
, How to share data with an instance
In Multipass, a mount is a directory mapping from the host to an instance, making its contents, and changes therein, available on both ends. Make sure to review the security considerations below.
In Multipass, there are two types of mounts: classic (default) and native.
- Classic mounts use technology built into Multipass and thus allow for higher compatibility, while slightly reduced performance.
- Native mounts, on the other hand, use hypervisor or platform-specific mounts to offer better performance, but limited compatibility.
Classic mounts
Classic mounts use SSHFS (SSH File System) to achieve file/directory sharing. This option is available across all our backends.
SSHFS is based on SSH, which pays a performance penalty to achieve secure communication.
Native mounts
Native mounts use driver-dependent technologies to achieve the high performance. They are only available in the following cases:
- On Hyper-V, where they are implemented with SMB/CIFS.
- On QEMU, where they are implemented with 9P.
- On LXD, using that backend’s own mounts, which also rely on 9P.
See also: Driver (backend) - Feature disparities
Security considerations
Because mounts are performed as root
– unless installed via snap, see below – they allow write access to the whole host operating system. But since only privileged users (members of sudo
, wheel
, admin
groups) can use Multipass, this isn’t a concern on Linux.
If Multipass is installed via snap package, snap confinement prevents mounts outside of the /home
directory (and to hidden files/folders in the /home
directory) and possibly, removable media (depending on the connected interfaces). Still, a user (A) with access to Multipass could access mounts that a different user (B) established to B’s home directory (that is, outside of A’s home).
Because mounts are performed as root
, they allow write access to the whole host operating system. But since only privileged users (members of sudo
, wheel
, admin
groups) can use Multipass, this isn’t a concern on macOS.
Because mounts are performed as privileged users (SYSTEM
on Windows), they allow write access to the whole host operating system.
For historical reasons, mounts are disabled by default on Windows, even though in the current version of Multipass users need to authenticate with the daemon before it will service their requests. See local.privileged-mounts
for information on how to enable them if needed.
Errors or typos? Topics missing? Hard to read? Let us know or open an issue on GitHub.
Contributors: @tmihoc, @georgeliaojia, @ricab, @sharder996, @davidekete, @gzanchi