Mount FS to LXC

[gusto]

I installed proxmox 6.2 on RAID 1

zpool status
   pool: rpool
 state: ONLINE
  scan: none requested
config:

        NAME                                             STATE     READ WRITE CKSUM
        rpool                                            ONLINE       0     0     0
          mirror-0                                       ONLINE       0     0     0
            ata-VBOX_HARDDISK_VB591de502-5953a7c0-part3  ONLINE       0     0     0
            ata-VBOX_HARDDISK_VB6234c490-ac6c93c7-part3  ONLINE       0     0     0

errors: No known data errors

Then I added another disk and created a new pool

zpool create datapool ata-VBOX_HARDDISK_VBd3554746-3b5feeec

 zpool status
  pool: datapool
 state: ONLINE
  scan: none requested
config:

        NAME                                     STATE     READ WRITE CKSUM
        datapool                                 ONLINE       0     0     0
          ata-VBOX_HARDDISK_VBd3554746-3b5feeec  ONLINE       0     0     0

errors: No known data errors

  pool: rpool
 state: ONLINE
  scan: none requested
config:

        NAME                                             STATE     READ WRITE CKSUM
        rpool                                            ONLINE       0     0     0
          mirror-0                                       ONLINE       0     0     0
            ata-VBOX_HARDDISK_VB591de502-5953a7c0-part3  ONLINE       0     0     0
            ata-VBOX_HARDDISK_VB6234c490-ac6c93c7-part3  ONLINE       0     0     0

errors: No known data errors

I created a new file system and set the quota to 3GB

zfs create datapool/videodata
zfs set quota=3G datapool/videodata

zfs list
NAME                           USED  AVAIL     REFER  MOUNTPOINT
datapool                       111K  5.33G       24K  /datapool
datapool/videodata              24K  3.00G       24K  /datapool/videodata
rpool                         1.71G  5.07G       96K  /rpool
rpool/ROOT                    1.25G  5.07G       96K  /rpool/ROOT
rpool/ROOT/pve-1              1.25G  5.07G     1.25G  /
rpool/data                     465M  5.07G       96K  /rpool/data
rpool/data/subvol-100-disk-0   465M  2.55G      465M  /rpool/data/subvol-100-disk-0

So far I have created 1x LXC and FS datapool /videodata I would like to use to store in LXC. It probably needs to mount into LXC, but I don't know how to do it. Later, I would like to share this FS datapool /videodata among more LXCs or also VM.

Can anyone advise me on how to proceed?

So far, I'm testing it in a virtual box. I want to put it on bare metal only when it will work according to my ideas

 

[Dunuin]

So far I have created 1x LXC and FS datapool /videodata I would like to use to store in LXC. It probably needs to mount into LXC, but I don't know how to do it. Later, I would like to share this FS datapool /videodata among more LXCs or also VM.

Can anyone advise me on how to proceed?

You can't bind-mount a folder to a VM. For that you would need to use a SMB/NFS share.
Bind-mounting is possible with LXCs but if you are using unprivileged LXCs that is difficult because of the user/group remapping. You would need to manually edit the user mapping if you don't want to use chmod 777 everywhere.

 

[gusto]

If I use a privileged container, how do I do it?

 

[Dunuin]

I would never use a privileged LXC for a service that is accessible from the internet. If there is a bug and the LXC gets hacked it is too easy to get root access of the complete Proxmox host.
If it is just a local service you can bind-mount folders using the GUI: Datacenter -> YourNode -> YourLXC -> Ressources -> Add -> Mount Point

 

[gusto]

I just want to use LXC for web services (LAMP) nextcloud, wordress etc ...
If I create a unprivileged LXC, can I have more problems than with a privileged LXC?
Now I have privileged LXC (LAMP, Nextcloud, Wordpress ...) and it works fine. You write, however, that it is dangerous.

 

[Dunuin]

I just want to use LXC for web services (LAMP) nextcloud, wordress etc ...
If I create a unprivileged LXC, can I have more problems than with a privileged LXC?
Now I have privileged LXC (LAMP, Nextcloud, Wordpress ...) and it works fine. You write, however, that it is dangerous.

Yes, unprivileged LXCs cause problems because all your users in that LXC are unprivileged and mapped. But thats the point why it is more secure. If your privileged LXC gets hacked and someone gets root access inside of that container the attacker also has root access to the complete proxmox host because its the same root user.
If a unprivileged LXC gets hacked its not that bad because all users are mapped. Your root user (uid=0) inside the LXC is mapped to a unprivileged user on the host with the UID = 100000 and that user has no administrative rights outside of that LXC.

A VM is completely isolated, a unprivileged LXC is half isolated and a privileged LXC is barely isolated. The better the isolation, the more secure it is, because if something gets hacked, it only affects the LXC/VM and not all of them or the complete proxmox host. As soon as someone gets root access of your Proxmox host its not that hard to hack a complete network.

 

[gusto]

Where am I making a mistake?
So far, I'm testing a privileged LXC
I made a mountpoint to LXC

pct set 100 -mp0 /datapool/videodata,mp=/var/www/nextcloud

Now I expect that when I write in var /www/nextcloud in LXC, I will also see it in PVE /datapool/videodata.
I downloaded linux mint at /var/www/nextcloud

wget http://ftp.energotel.sk/pub/linux/mint/stable/20/linuxmint-20-cinnamon-64bit.iso

When I look at PVE proxmox, I see that the pool still has 24.5 KB used


EDIT
I don't know what happened, but after the container restarts, it already works.
Was a restart required?