Bind mounting read only in LXC container

T

triks

Member
Oct 17, 2022
46
4
13
Australia
Newbie to Proxmox but stuck on this for days...

Goal is to automatically mount NFS shares from Node to LXC container (Debian 11) at /mnt/nas

Currently the directory is mounted but issuing mkdir test or ls -la fails to list or write to source NFS shares

Edited: /etc/pve/lxc/101.conf mp0 with /mnt/pve,mp=/mnt/nas
Strangely manually issuing mount -o vers=4 10.0.1.50:/volume1/multimedia /mnt/test allows r/w access

Reading all the instructions on Bind Mount Points (Proxmox PVE) and googling for days I am unable to achieve this.

thank you in advance.


Mounts are served on Synology NAS DSM 7.1 with 10.0.1.0/24 allowed
Container is Debian 11 (IP 10.0.1.16) (privileged) NFS is enabled in GUI.
Intention is to use container for Docker.
Proxmox VE 7.2-11
 
Hi,

could you post the output of pct config 101?
 
Hi Leo, result of pct config 101 on the host

[root@local ~]$ pct config 101
arch: amd64
cmode: shell
cores: 1
cpuunits: 768
features: mount=nfs,nesting=1
hostname: vm-docker1
memory: 1536
mp0: /mnt/pve,mp=/mnt/nas
net0: name=eth0,bridge=vmbr0,firewall=1,gw=10.0.1.1,hwaddr=86:7d:03:b8:b1:03,ip=10.0.1.16/24,ip6=auto,type=veth
ostype: debian
parent: FreshInstall
rootfs: data:vm-101-disk-0,size=50G
swap: 1536


thanks
 
Where exactly did you mount the NFS share on the host?
Currently the directory is mounted but issuing mkdir test or ls -la fails to list or write to source NFS shares
Click to expand...
What do you mean by this? Do you get any error messages?…
 
There are 11 shares mounted using node GUI (Datacenter>Storage>Add>NFS).
mnt/pve/system
mnt/pve/downloads
etc.
For testing I did

root@vm-docker1:/# cd /mnt/nas
root@vm-docker1:/mnt/nas# ls -al
total 56
drwxr-xr-x 14 root root 4096 Oct 28 20:01 .
drwxr-xr-x 3 root root 4096 Oct 29 00:28 ..
drwxr-xr-x 3 root root 4096 Oct 28 20:10 downloads
drwxr-xr-x 2 root root 4096 Oct 28 20:01 proxmox
drwxr-xr-x 2 root root 4096 Oct 28 20:01 repository
drwxr-xr-x 2 root root 4096 Oct 28 20:01 system
etc

Navigating into each share running ls -al shows:

root@vm-docker1:/mnt/nas# cd system
root@vm-docker1:/mnt/nas/system# ls -al
total 8
drwxr-xr-x 2 root root 4096 Oct 28 20:01 .
drwxr-xr-x 14 root root 4096 Oct 28 20:01 ..

Strangely in the "downloads" folder I can get to subfolders

root@vm-docker1:/mnt/nas/downloads/main/completed# ls -al
total 8
drwxr-xr-x 2 root root 4096 Oct 28 20:10 .
drwxr-xr-x 3 root root 4096 Oct 28 20:10 ..
root@vm-docker1:/mnt/nas/downloads/main/completed#

My confusion stems from 2 things:

1. The node has perfect access to the shares.

2. The container has full access to all shares if mounted manually using
mount -o vers=4 10.0.1.50:/volume1/downloads /mnt/test
mount -o vers=4 10.0.1.50:/volume1/system /mnt/test2
 
the trick is each share has to be mounted individually in /etc/pve/lxc/###.conf

mp1: /mnt/pve/documents,mp=/mnt/nas/document mp2: /mnt/pve/downloads,mp=/mnt/nas/downloads mp3: /mnt/pve/multimedia,mp=/mnt/nas/multimedia
 
  • Like
Reactions: nunner
You must log in or register to reply here.
Top Bottom