[SOLVED] Bind mount in a nonprivileged container of a FUSE mount in the host

T

tig3r

Member
Jan 29, 2023
13
1
8
I kinda have a similar issue as this post, https://forum.proxmox.com/threads/b...container-of-a-fuse-mount-in-the-host.131879/ but I don't remote mount it on my host. It's a local mounted mergerfs and in the fstab i have "allow_other".
Code: 
/media/12TB5E/TDUMP     /media/TDUMP    mergerfs cache.files=partial,allow_other,dropcacheonclose=true,category.create=mfs,minfreespace=10G,fsname=mergerfs 0 0
yes there should be more drives later, i just keep it to one atm to find out my issue here..

my 109.conf
Code: 
arch: amd64
cores: 2
features: fuse=1,keyctl=1,nesting=1
hostname: media
memory: 2048
mp0: /media/TDUMP/,mp=/TDUMP
mp1: /media/12TB5E/TDUMP/,mp=/tdump
net0: name=eth0,bridge=vmbr0,hwaddr=BC:24:A1:58:63:12,ip=dhcp,tag=50,type=veth
onboot: 1
ostype: debian
rootfs: local:109/vm-109-disk-0.raw,size=8G
swap: 512
tags:
unprivileged: 1
lxc.idmap = u 0 100000 1005
lxc.idmap = g 0 100000 1005
lxc.idmap = u 1005 1005 1
lxc.idmap = g 1005 1005 1
lxc.idmap = u 1006 101006 64530
lxc.idmap = g 1006 101006 64530

Both mp point to the same drive i can access files on /tdump in the LXC but not /TDUMP. It works fine on host. Where both are mounted.
But on LXC ls -l /
gives
drwxrwx---+ 66 1005 1005 69632 Mar 30 13:25 tdump
d?????????? ? ? ? ? ? TDUMP

What am I missing?
Edit: If I make a privileged copy of my LXC, (and remove the lxc.idmap's) it works fine. So the issue seems to be related to mergerfs/fuse (permissions?), but I fail to see why since it is mounted on the host the whole time.
 
Last edited:
carrionlee said:
I encountered the same problem, is there any solution?
Click to expand...
I think I solved my issue. After testing I did detect the user on host sometimes hade issues as well, so I did try turn off the file cache in the mount line in fstab. After that it seems to work on both host and in the lxc.
 
If it works out for you report back, and we perhaps should mark the thread solved.

If not working we can compare more since it seems to work for me.
 
I used systemctl to mount mergerfs. I changed cache.files to off, but the same error message still popped up. My systemctl startup file is as follows:
Code: 
[Unit]
Description=MergerFS mount for /mnt/pvenas (cache disk(s)/path(s))

[Service]
Type=simple
KillMode=mixed
ExecStart=/usr/bin/mergerfs \
  -f \
  -o cache.files=off \
  -o dropcacheonclose=true \
  -o category.create=ff \
  -o allow_other \
  -o minfreespace=10G \
  -o fsname=mergerfs_cached \
  /mnt/cache-disks/cache01:/mnt/data-disks/data01:/mnt/data-disks/data02:/mnt/data-disks/data03 \
  /mnt/pvenas
ExecStop=/bin/fusermount -uz /mnt/pvenas
Restart=on-failure

[Install]
WantedBy=default.target

I'm going to try it using fstab way.
 
I found out that setting cache.files=off can (will?) affect programs that use sqlite3 that require mmap.
https://trapexit.github.io/mergerfs/quickstart/#configuration
But since turning it off is the only way I can manage to get mergerfs shares to work inside my LXC I have found a workaround for the only program that was an issue so far, torrent. There was an option to change Disk IO type to POSIX-compliant.
 
You must log in or register to reply here.
Top Bottom