Feature request - zfs delegation with lxc

[nazarmx]

Since OpenZFS 2.2 there are zfs zone/unzone commands that can allow a container to manage specific mounted datasets. It also requires dev/zfs to be mounted in container with device added to lxc config.

This can be probably implemented with lxc hooks, but would be best to support natively like Incus does.

 

[devilrunner]

+1 as this feature would make proxmox so much greater !

Use case: have a privileged LXC fileserver (managing ZFS and samba) as the ZFS management features (GUI) within Proxmox are not very extensive.

Ref incus ZFS.delegate=true

 

[devilrunner]

Bumping this topic up as I wanted to know if this is on any roadmap or future plans to include in Proxmox?

I have tried this with unprivileged containers using this article and it's working but comes with some drawbacks (regarding changing namespaces when rebooting).
It seems that theoretically speaking all the building blocks are there to make this possible with privileged containers;

• klarasystems.com (isolating-containers-with-zfs-and-linux-namespaces)
• incus lxd (zfs.delegate)
• OpenZFS (Linux namespace delegation support)

This might also improve greatly docker ZFS support in LXC containers in future as I believe the community may prefer docker lxc over OCI ref.: OCI vs docker LXC thread

personally I prefer lxc containers over docker containers but docker support and community initiatives in docker containers and applications will not disappear and proxmox support for this (in lxc) would make the product even better - also negating an advantage that incus/LXD currently has over proxmox.

 

[LnxBil]

There is already a bug report / feature request about it and it's undecided.

 

[devilrunner]

It seems I am among a limited few that really see the need for this?
- Fileserver, SAMBA running in an LXC...
- ZFS acl support in an LXC....
- LXC to manage ZFS snapshots with a nice GUI as this is currently very limited in Proxmox WebGUI...
- Docker running in an LXC using more stable ZFS storage driver...
- Keeping feature sets comparable to competing products like Incus that have this feature...
- many more use cases....

Just trying to create a larger demand for this....

 

[flames]

Probably yes. Tho it is some QoL stuff in rare usecases, I am with Fabian [1] [2], and beside that, it could tear a security hole and create chaos.