File/folder ownership not all coming through to LXC

[smittychifi]

I can't figure out why only some of my files and folders are displaying correct ownership in container? in both host and container, there is a media user/group of 1000.

Under host, folder structure looks like this:

drwxr-xr-x  8 media media   8 Nov 15 22:38 .
drwxr-xr-x 21 root  root   27 Dec  7 20:28 ..
drwxr-xr-x  8 media media   9 Dec 23 15:18 apps
drwxr-xr-x 10 media media  10 Dec  7 00:25 backups
drwxr-xr-x 23 media media  23 Dec 24 10:00 media
drwxr-xr-x  2 media media   2 Nov 11 15:08 music
drwxr-xr-x 27 media media  27 Nov 12 13:05 photos
drwxr-xr-x  3 media media 358 Jan 10 11:54 servers
root@pve:/tank#

Under container, folder structure looks like this:

drwxr-xr-x 8 media  media     8 Nov 16 02:38 ./
drwxr-xr-x 4 root   root      4 Jan 23 02:24 ../
drwxr-xr-x 2 nobody nogroup   2 Nov 11 19:08 apps/
drwxr-xr-x 2 nobody nogroup   2 Nov 11 19:08 backups/
drwxr-xr-x 2 nobody nogroup   2 Nov 11 19:08 media/
drwxr-xr-x 2 media  media     2 Nov 11 19:08 music/
drwxr-xr-x 2 nobody nogroup   2 Nov 11 19:08 photos/
drwxr-xr-x 3 media  media   358 Jan 10 15:54 servers/
root@docker:/mnt/media#

LXC .conf:

arch: amd64
cores: 4
features: nesting=1
hostname: docker
memory: 8192
mp0: /speedy/downloads,mp=/mnt/downloads
mp1: /tank/,mp=/mnt/media
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=CE:C9:6C:7F:D5:71,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local-zfs:subvol-105-disk-0,size=100G
swap: 8192
unprivileged: 1
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64530
lxc.idmap: g 1001 101001 64530

/etc/subuid
/etc/subgid

both set as:

root:1000:1
root:100000:65536

 

[oguz]

hi,

what do you see with ls -aln (same directories you showed in/out of the CT) (-n shows the uid/gid of the file)

 

[smittychifi]

Hi @oguz,

They are all listed as 1000:1000

root@pve:/tank# ls -aln
total 384
drwxrwx---  8 1000 1000   8 Jan 23 01:42 .
drwxr-xr-x 21    0    0  27 Dec  7 20:28 ..
drwxrwx---  8 1000 1000   9 Dec 23 15:18 apps
drwxrwx--- 10 1000 1000  10 Dec  7 00:25 backups
drwxrwx--- 23 1000 1000  23 Dec 24 10:00 media
drwxrwx--- 27 1000 1000  27 Nov 12 13:05 photos
drwxrwx---  3 1000 1000 358 Jan 10 11:54 servers
root@pve:/tank#

I was able to get something working over the weekend. My mount points are actually root folders of zfs datasets.
In my first post, I was mounting mp1 as mp1: /tank/,mp=/mnt/media, and for some reason the nested datasets were the folders not showing proper ownership.

If I mount the nested media dataset instead, file ownership is correct: mp1: /tank/media,mp=/mnt/media.

tank                          91.4T  39.2T      288G  /tank
tank/media                    45.4T  39.2T     45.4T  /tank/media
root@pve:/tank#

This isn't what I really wanted to do, but at least it's working for now.

Is this a bug or the expected result when passing through zfs datasets?

 

[oguz]

In my first point, I was mounting mp1 as mp1: /tank/,mp=/mnt/media, and for some reason the nested datasets were the folders not showing proper ownership.

bind mounts are not nested, so that won't work. you'll need to pass them separately.

there's a feature request for recursive bind mounts [0] but it's not applied at the moment because of some security concerns

[0]: https://bugzilla.proxmox.com/show_bug.cgi?id=2762