privileged lxc container for torrent

0

0zw00d

Member
Jan 20, 2022
19
1
8
42
Hello together,
I created a lxc before I reinstalled my proxmox installation, which was working before without trouble.
if I try to download a torrent file everything was okay.

At first I explain how it should work:

I have a openmediavault installation with smb shares, say I try to expose the cifs share "transmission".
I mount this share with gifs-utils in my privileged lxc container with:
mount -t cifs -o username=whatever //server/share /mnt/transmission.

at first everything looks good, with the logged in account "root" it's possible to create files and folder (no error message like: Permission Denied).
But if I download a torrent (in my example the newest proxmox iso) I get this error: Permission denied (/mnt/transmission/down/proxmox-ve_8.0-2.iso) in transmission.

How can I get rid of this problem?

My config looks like this:


Code: 
arch: amd64
cores: 2
features: mount=cifs,nesting=1
hostname: ptransmission
memory: 2048
mp1: /mnt/transmission,mp=/mnt/transmission
net0: name=eth0,bridge=vmbr0,gw=10.0.0.1,hwaddr=82:81:C9:F9:88:4D,ip=10.0.0.87/24,ip6=auto,type=veth
ostype: ubuntu
rootfs: smb04:106/vm-106-disk-0.raw,size=10G
swap: 512

the cifs share is mounted in pve directly.

I'm really confused why this doesn't work.
 
From my notebook ;)

To set up NFS in a container:
Before creating the container:
1- on the first "Create CT" screen check "Advanced" next to Back button, then:
2- make sure to UNCHECK "Unprivileged container" option in the first screen also. You can NOT change this later.
3- don't start the container.
After creating the container:
1- click on the container to see its details.
2- click on Options then Features.
3- from the Features list check "NFS" then OK.
Now you can start the container and install the NFS server/client packages.

On container:

apt update
apt install cifs-utils -y

Create mountpoint
mkdir -p /CONTAINER_MOUNT

Now you can do something like this:

nano /etc/fstab

And inside put:
//10.1.0.10/NFS_SHARED_FOLDER_NAME /CONTAINER_MOUNT cifs username=USERNAME,password=PASSWORD,uid=1000,gid=1000,rw,users,dir_mode=0777,file_mode=0777 0 0

Save, Exit.

mount -a

Please remember to verif uid/guid (but it should be ok from my example).

Hope this helps.
 
Be aware that yes @Admiral Awesome solution will work, but if something or someone gain access or root in your container (maybe because of application vulnerability) they may be able to access your PVE host root.

I would suggest either using
-docker, maybe something like portainer
-VM, not container
-Truenas, unRAID...
 
@ardeny you're absolutely right.
Now I choose the VM solution, a Debian minimal installation isn't so big in size ;).

Thanks to all for the Support :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back