Mount

See also: mount, How to share data with an instance

In Multipass, a mount is a directory mapping from the host to an instance, making its contents, and changes therein, available on both ends. Make sure to review the security considerations below.

In Multipass, there are two types of mounts: classic (default) and native.

  • Classic mounts use technology built into Multipass and thus allow for higher compatibility, while slightly reduced performance.
  • Native mounts, on the other hand, use hypervisor or platform-specific mounts to offer better performance, but limited compatibility.

Classic mounts

Classic mounts use SSHFS (SSH File System) to achieve file/directory sharing. This option is available across all our backends.

SSHFS is based on SSH, which pays a performance penalty to achieve secure communication.

Native mounts

Native mounts use driver-dependent technologies to achieve the high performance. They are only available in the following cases:

  • On Hyper-V, where they are implemented with SMB/CIFS.
  • On QEMU, where they are implemented with 9P.
  • On LXD, using that backend’s own mounts, which also rely on 9P.

See also: Driver (backend) - Feature disparities

Security considerations

Because mounts are performed as root – unless installed via snap, see below – they allow write access to the whole host operating system. But since only privileged users (members of sudo, wheel, admin groups) can use Multipass, this isn’t a concern on Linux.

If Multipass is installed via snap package, snap confinement prevents mounts outside of the /home directory (and to hidden files/folders in the /home directory) and possibly, removable media (depending on the connected interfaces). Still, a user (A) with access to Multipass could access mounts that a different user (B) established to B’s home directory (that is, outside of A’s home).

Because mounts are performed as root, they allow write access to the whole host operating system. But since only privileged users (members of sudo, wheel, admin groups) can use Multipass, this isn’t a concern on macOS.

Because mounts are performed as privileged users (SYSTEM on Windows), they allow write access to the whole host operating system.

For historical reasons, mounts are disabled by default on Windows, even though in the current version of Multipass users need to authenticate with the daemon before it will service their requests. See local.privileged-mounts for information on how to enable them if needed.


Errors or typos? Topics missing? Hard to read? Let us know or open an issue on GitHub.


Contributors: @tmihoc, @georgeliaojia, @ricab, @sharder996, @davidekete, @gzanchi

Last updated 2 months ago. Help improve this document in the forum.