Hi,
While researching this I stumbled up on an older thread discussing bind mounts to Linux Containers and UID/GID mapping here.
The unanswered question @John Driessen asked can't get out of my head:
Normally when we think about unprivileged LXC it's ID on host = ID on guest + 100 000.
But when we have multiple Containers all processes will (ultimately broken down to the PVE host) run with the same UIDs & GIDs.
Therefore for having bind mounts there are two options:
1: The same permissions will apply to all Linux Containers (as they share UIDs/GIDs), e.g. for access to /somesharedfolder (on PVE: chmod -R 100000 /somesharedfolder) 2: For specific configuration/acces for the particular LXCs you will need to dig into advanced LXC features and change the UID/GID mapping of your containers.
PS: For anyone else interested, one great write-up can be found here: https://itsembedded.com/sysadmin/proxmox_bind_unprivileged_lxc
While researching this I stumbled up on an older thread discussing bind mounts to Linux Containers and UID/GID mapping here.
The unanswered question @John Driessen asked can't get out of my head:
Normally when we think about unprivileged LXC it's ID on host = ID on guest + 100 000.
But when we have multiple Containers all processes will (ultimately broken down to the PVE host) run with the same UIDs & GIDs.
Therefore for having bind mounts there are two options:
1: The same permissions will apply to all Linux Containers (as they share UIDs/GIDs), e.g. for access to /somesharedfolder (on PVE: chmod -R 100000 /somesharedfolder) 2: For specific configuration/acces for the particular LXCs you will need to dig into advanced LXC features and change the UID/GID mapping of your containers.
PS: For anyone else interested, one great write-up can be found here: https://itsembedded.com/sysadmin/proxmox_bind_unprivileged_lxc
Last edited:
