Allow setting mountopt for vfs driver

[legobeat]

Feature request description

Rootless podman-in-podman, or sudo in rootless, are not working in rootless mode on vfs due to the root filesystem mount being mounted with nosuid set:

$ podman info
ERRO[0000] running `/usr/bin/newuidmap 123 0 1000 1 1 1 999 1000 100000 65536 66536 524288 65536`: newuidmap: write to uid_map failed: Operation not permitted
Error: cannot set up namespace using "/usr/bin/newuidmap": exit status 1

$ sudo ls
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

# ls -la /usr/bin/newuidmap
-rwxr-xr-x 1 root root 43320 May 23 00:00 /usr/bin/newuidmap

# ls -lan /usr/bin/sudo
---s--x--x 1 0 0 211136 Feb  8 00:00 /usr/bin/sudo

# mount | grep ' / '
/dev/xvdb on / type ext4 (rw,nosuid,nodev,relatime,discard)

# mount / -oremount,suid
mount: /: permission denied.
       dmesg(1) may have more information after failed mount system call.

Trying to set storage.options.vfs.mountopt = "suid" is not recognized, as expected from reading docs:

WARN[0000] Failed to decode the keys ["storage.options.vfs.mountopt"] from "/home/user/.config/containers/storage.conf"

Suggest potential solution

Exposing mountopt for vfs driver just like for overlay would allow unlocking by setting appropriate mountopt.

Have you considered any alternatives?

Using overlay instead of vfs unfortunately does not work as it results in incorrect ownership in rootless: https://github.com/containers/podman/issues/22810#issuecomment-2162129301

Additional context

Related

• containers/podman#3263