How can I access data of one LXC container from an other container?

[gno]

Hello,

I have a privileged LXC-103 that acts as fileserver.
The files are stored on a ZFS subvol and provided to the users (family) by NFS.

root@pve2:~# cat /etc/pve/lxc/103.conf
...
features: mount=nfs;cifs,nesting=1
hostname: srv
mp0: r1samsung2tb:subvol-103-disk-0,mp=/mnt/srv_data0,backup=1,size=600G
rootfs: r1samsung480gb:subvol-103-disk-0,size=8G

In the unprivileged LXC-125 runs Paperless (without Docker) whose data is currently stored in /opt/paperless/media and /opt/paperless/data

root@pve2:~# cat /etc/pve/lxc/125.conf
...
features: nesting=1
hostname: paperless
rootfs: r1samsung480gb:subvol-125-disk-0,size=4G
unprivileged: 1

Now I want to move the two paperless directories to the fileserver to have everything in one place.
The directories then should be accessible per NFS by the users and of course by paperless in LXC-125.

What is the best way to achieve that?

 

[maxim.webster]

Move the files from the paperless host to the NFS shares using rsync or scp, then mount the NFS shares to the paperless host via /etc/fstab onto the paperless directories.

You probably will have to fiddle with file permissions and owner mappings during migration.

 

[gno]

That doesn't work for me

From the unprivileged container LXC-125

sudo mount -t nfs srv.domain.net:/srv/paperless /mnt

From my Laptop I can access the share with the same command

 

[leesteken]

I think NFS (or SMB) mounts from inside a unprivileged container don't work (but I might be wrong!). Usually you mount shares on the Proxmox host and pass them to containers using mountpoints.
Alternatively, you might create a filesystem or chose a directory on the host as a shared space, and pass it to multiple containers (on the same Proxmox host) using mountpoints.
EDIT: Sorry, I just read your post and saw that you want to use NFS, so a local shared space does not apply.

 

[Johannes S]

As explained by leesteken you will need to use bind mounts for this, it's explained in the wiki: https://pve.proxmox.com/wiki/Linux_Container#_bind_mount_points

 

[gno]

I think bind mounts are used to access data from external devices that are mounted on the pve host.

I want to acces data that is stored on an other container's ZFS subvolume. See my first post

 

[leesteken]

Bind mounts can do both things, as long as the containers are on the same Proxmox. And even in a cluster there are some ways to do it, I think.

EDIT: Just treat the other container's ZFS subvolume as the "external device" and bind mount to it via a mountpoint. Or move the ZFS subvolume out of the container (by renaming it and editing the container configuration) and bind mount it in both containers using a mountpoint.

 

[gno]

On lxc-103 I added the directory for paperless

root@srv:/# ls -la /srv
...
lrwxrwxrwx  1 paperless paperless 29 Dez  9 09:17 paperless -> /mnt/srv_data0/srv/paperless/

On /etc/pve/lxc/125.conf I added the bind mount

mp1: /tank02/subvol-103-disk-0/srv/paperless,mp=/mnt/paperless_data0

and a link

ln -s /mnt/paperless_data0/ /var/lib/paperless/data

Now I have the wrong permissions

root@paperless:~# ls -la /var/lib/paperless
total 37
drwxr-xr-x  5 paperless paperless   10 Dec 15 18:17 .
drwxr-xr-x 34 root      root        35 Dec  9 08:50 ..
-rw-------  1 paperless paperless  513 Dec 13 20:00 .bash_history
-rw-r--r--  1 paperless paperless  220 Jun  6  2025 .bash_logout
-rw-r--r--  1 paperless paperless 3526 Jun  6  2025 .bashrc
drwx------  3 paperless paperless    3 Dec 12 16:24 .cache
drwxr-xr-x  3 paperless paperless    3 Dec 13 10:57 .local
-rw-r--r--  1 paperless paperless  807 Jun  6  2025 .profile
lrwxrwxrwx  1 nobody    nogroup     21 Dec 15 18:17 data -> /mnt/paperless_data0/
drwxrwsr-x  5 paperless paperless    5 Dec  3 09:08 tmp

When I add this to /etc/pve/lxc/125.conf

lxc.idmap: u 0 100000 1213
lxc.idmap: u 1213 1213 1
lxc.idmap: u 1214 101214 64322
lxc.idmap: g 0 100000 1213
lxc.idmap: g 1213 1213 1
lxc.idmap: g 1214 101214 64322

I get it the other way around

root@paperless:~# ls -la /var/lib/paperless
total 37
drwxr-xr-x  5 nobody    nogroup     10 Dec 15 18:17 .
drwxr-xr-x 34 root      root        35 Dec  9 08:50 ..
-rw-------  1 nobody    nogroup    513 Dec 13 20:00 .bash_history
-rw-r--r--  1 nobody    nogroup    220 Jun  6  2025 .bash_logout
-rw-r--r--  1 nobody    nogroup   3526 Jun  6  2025 .bashrc
drwx------  3 nobody    nogroup      3 Dec 12 16:24 .cache
drwxr-xr-x  3 nobody    nogroup      3 Dec 13 10:57 .local
-rw-r--r--  1 nobody    nogroup    807 Jun  6  2025 .profile
lrwxrwxrwx  1 paperless paperless   21 Dec 15 18:17 data -> /mnt/paperless_data0/
drwxrwsr-x  5 nobody    nogroup      5 Dec  3 09:08 tmp

I have no idea how to fix this

 

[leesteken]

Maybe change the owner of /tank02/subvol-103-disk-0/srv/paperless on the Proxmox host to 100000 + the userid of paperless inside the container?
I find this easier to do when the shared space is not part of any container but simple a directory (or mount) on the host and a mountpoint in each container.