[SOLVED] LXC: Unprivileged container bind mount no files visible

L

landei

New Member
Jan 7, 2020
24
3
3
36
Hello,

I would like to mount a folder from the proxmox host to an unprivileged lxc-container.

For this I added the following line to the container configuration: mp0: /theshire/br,mp=/mnt/br none bind 0 0

df on the lxc deliveres the following for the mounted folder: rpool/ROOT/pve-1 453852672 80682112 373170560 18% /mnt/br none bind 0 0

mkdir logged in as root on the lxc in /mnt/br works.
Such a created folder I can see on the lxc-machine being logged in as standard user but if I try to create a folder with the standard user, then I get "permission" denied.
Furthermore none of the lxc-users can see the content of the folder which is on the host and also the host cannot see the folder created on the lxc-container.

On the host as well on the lxc-container the same user is existant and id deliveres exact the same (same user-id, groups and group-ids). Also the folder on the host belongs to that user as well.

What could be the problem?
Thanks
 
hi,

do the lxc uid/gid have r/w permissions on the directory?
 
Hi,

I am not sure whether I understood you right.
On the host is a folder and the owner has read/write rights. The same user exists on the LXC as well with exact the same UID, groups and GID.

Or does the container itself also have rights?
If yes, how can I check what you said?

Thanks
 
landei said:
The same user exists on the LXC as well with exact the same UID, groups and GID.
Click to expand...

if you use an unprivileged container, the uid/gid will be mapped to something else on the host. you will need to allow that mapped uid/gid to read/write on the directory on the host. you can do this by setting the owner or relaxing the permissions with chmod

check here[0] for more information.

[0]: https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
 
Thank you very much. :)

Edit:
I now found the solution.
The following config is working:

/etc/subuid:
Code: 
root:100000:65536
br:427680:65536
root:1009:1

/etc/subgid:
Code: 
root:100000:65536
br:427680:65536
root:1009:1

container config:
Code: 
lxc.idmap: u 0 100000 1009
lxc.idmap: g 0 100000 1009
lxc.idmap: u 1009 1009 1
lxc.idmap: g 1009 1009 1
lxc.idmap: u 1010 101010 64526
lxc.idmap: g 1010 101010 64526
 
Last edited:
  • Like
Reactions: elBradford
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom