LXC bind mount permissions

[malder]

Attempting to give my unprivileged Sonarr LXC permissions to NFS storage. Just bind mounting the share works fine but the permissions are wrong:

drwxrwxr-x 5 nobody nogroup 5 Oct 29 13:36 data

Tried to map the UID/GID as well as the appropriate entries in /etc/subuid and /etc/subgid (root:3000:1 root:100000:65536).

lxc.idmap: u 0 3000 1
lxc.idmap: g 0 3000 1
lxc.idmap: u 100000 100000 65536
lxc.idmap: g 100000 100000 65536

After making those changes, rebooting the host and then starting the container I get the following error:

root@homelab:~# pct start 105
lxc_setup_devpts_child: 1543 Invalid argument - Failed to finalize filesystem context 18
lxc_setup: 3965 Failed to prepare new devpts instance
do_start: 1273 Failed to setup container "105"
sync_wait: 34 An error occurred in another process (expected sequence number 4)
__lxc_start: 2114 Failed to spawn container "105"
startup for container '105' failed

Removing the idmap lines from the config and it boots as expected.

/dev/pts looks like it should as far as I can tell:

drwxr-xr-x 2 root root 0 Oct 30 10:00 /dev/pts

I'm out of ideas. I'm tempted to just switch to privileged at this point and just take my chances.

 

[ishanaditya]

For anyone having this issue, this is how I solved it:

• in /etc/subuid and /etc/subgid only add the following line:

root:3000:1

• in /etc/pve/lxc/<LXC_ID>.conf

# Continuous UID/GID mapping from host to container:
lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 65536

• stop and start container (restarting doesn't do the job):

sudo pct shutdown VM_ID
sudo pct start VM_ID

That did that trick!