File/folder ownership not all coming through to LXC

S

smittychifi

Member
Dec 8, 2021
5
0
6
46
I can't figure out why only some of my files and folders are displaying correct ownership in container? in both host and container, there is a media user/group of 1000.

Under host, folder structure looks like this:

Code: 
drwxr-xr-x  8 media media   8 Nov 15 22:38 .
drwxr-xr-x 21 root  root   27 Dec  7 20:28 ..
drwxr-xr-x  8 media media   9 Dec 23 15:18 apps
drwxr-xr-x 10 media media  10 Dec  7 00:25 backups
drwxr-xr-x 23 media media  23 Dec 24 10:00 media
drwxr-xr-x  2 media media   2 Nov 11 15:08 music
drwxr-xr-x 27 media media  27 Nov 12 13:05 photos
drwxr-xr-x  3 media media 358 Jan 10 11:54 servers
root@pve:/tank#

Under container, folder structure looks like this:

Code: 
drwxr-xr-x 8 media  media     8 Nov 16 02:38 ./
drwxr-xr-x 4 root   root      4 Jan 23 02:24 ../
drwxr-xr-x 2 nobody nogroup   2 Nov 11 19:08 apps/
drwxr-xr-x 2 nobody nogroup   2 Nov 11 19:08 backups/
drwxr-xr-x 2 nobody nogroup   2 Nov 11 19:08 media/
drwxr-xr-x 2 media  media     2 Nov 11 19:08 music/
drwxr-xr-x 2 nobody nogroup   2 Nov 11 19:08 photos/
drwxr-xr-x 3 media  media   358 Jan 10 15:54 servers/
root@docker:/mnt/media#

LXC .conf:

Code: 
arch: amd64
cores: 4
features: nesting=1
hostname: docker
memory: 8192
mp0: /speedy/downloads,mp=/mnt/downloads
mp1: /tank/,mp=/mnt/media
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=CE:C9:6C:7F:D5:71,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local-zfs:subvol-105-disk-0,size=100G
swap: 8192
unprivileged: 1
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64530
lxc.idmap: g 1001 101001 64530

/etc/subuid
/etc/subgid

both set as:

Code: 
root:1000:1
root:100000:65536
 
hi,

what do you see with ls -aln (same directories you showed in/out of the CT) (-n shows the uid/gid of the file)
 
Hi @oguz,

They are all listed as 1000:1000

Code: 
root@pve:/tank# ls -aln
total 384
drwxrwx---  8 1000 1000   8 Jan 23 01:42 .
drwxr-xr-x 21    0    0  27 Dec  7 20:28 ..
drwxrwx---  8 1000 1000   9 Dec 23 15:18 apps
drwxrwx--- 10 1000 1000  10 Dec  7 00:25 backups
drwxrwx--- 23 1000 1000  23 Dec 24 10:00 media
drwxrwx--- 27 1000 1000  27 Nov 12 13:05 photos
drwxrwx---  3 1000 1000 358 Jan 10 11:54 servers
root@pve:/tank#

I was able to get something working over the weekend. My mount points are actually root folders of zfs datasets.
In my first post, I was mounting mp1 as mp1: /tank/,mp=/mnt/media, and for some reason the nested datasets were the folders not showing proper ownership.

If I mount the nested media dataset instead, file ownership is correct: mp1: /tank/media,mp=/mnt/media.

Code: 
tank                          91.4T  39.2T      288G  /tank
tank/media                    45.4T  39.2T     45.4T  /tank/media
root@pve:/tank#

This isn't what I really wanted to do, but at least it's working for now.

Is this a bug or the expected result when passing through zfs datasets?
 
smittychifi said:
In my first point, I was mounting mp1 as mp1: /tank/,mp=/mnt/media, and for some reason the nested datasets were the folders not showing proper ownership.
Click to expand...
bind mounts are not nested, so that won't work. you'll need to pass them separately.

there's a feature request for recursive bind mounts [0] but it's not applied at the moment because of some security concerns

[0]: https://bugzilla.proxmox.com/show_bug.cgi?id=2762
 
Last edited:
  • Like
Reactions: smittychifi
You must log in or register to reply here.
Top Bottom