Mount host directory into LXC container

[Francesco Piraneo G.]

Hi everybody,
I'm stuck about mounting an host directory into an LXC container; the directory has to be read/write and the container is unpriviledged.

Some googling leads me to bind mount points but the instructions here doesn't looks very clear for me; moreover issuing a command like:

pct set 103 --mp0 /host/dir /container/mount/point
(where 103 is my container ID)

leads to result:
400 too many arguments
pct set <vmid> [OPTIONS]

I tried to directly modify the file in /var/lib/lxc/103/config following the indications in LXC.CONTAINER.CONF but it seems that this file is overwritten every time the container is started.

A working example and / or a link to document is strongly appreciated.

TIA
Francesco

 

[fiona]

Hi,
the correct syntax for the pct command is

pct set 103 -mp0 mp=/host/dir,/container/mount/point

EDIT: should be

pct set 103 -mp0 /host/dir,mp=/container/mount/point

See here for more information.

If you want to modify the container config directly, you need to use the one in /etc/pve/nodes/NODE/lxc/ID.conf.

 

[Francesco Piraneo G.]

Hi Fabian
thank you for your answer.
I've noticed that the syntax to achieve the result is:

pct set 103 -mp0 /host/dir,mp=/container/mount/point

(note the position of mp= to designate the mountpoint into the container)
This is equal to what stated into the wiki.

As user I strongly suggest you to amend the wiki to be more clear about the syntax and where to find the file; it's true that what you written is in the doc but it was quite hard to me to understand without knowing.

As a future release the function to handle the mountpoints from the web interface can be useful.

Now I have a question about the permission: Has the shared directory on the host side to be a+rwx or a less privileged permission is ok?

Moreover I noticed that the mountpoint inside the container is automatically created but not removed leaving an empty dir when the mountpoint is removed from the configuration file.

I wrote all these considerations hoping can be useful to others.

Thank you again! F.

 

[fiona]

Hi Fabian
thank you for your answer.
I've noticed that the syntax to achieve the result is:

pct set 103 -mp0 /host/dir,mp=/container/mount/point

(note the position of mp= to designate the mountpoint into the container)
This is equal to what stated into the wiki.

Sorry, I accidentally switched the paths.

As user I strongly suggest you to amend the wiki to be more clear about the syntax and where to find the file; it's true that what you written is in the doc but it was quite hard to me to understand without knowing.

It is mentioned in the wiki page, in the man page for pct and in the Proxmox Container Toolkit chapter of the documentation. You just have to search for "bind mount". Where else should it also be or do you mean the way it's currently worded is hard to follow?

As a future release the function to handle the mountpoints from the web interface can be useful.

I'm quite sure that's on someones to-do-list, but you can always create a feature request on the bugtracker.

Now I have a question about the permission: Has the shared directory on the host side to be a+rwx or a less privileged permission is ok?

See this wiki page for more information. You don't have to set a+rwx permissions, if you correctly set up UID/GID mapping for the container.

Moreover I noticed that the mountpoint inside the container is automatically created but not removed leaving an empty dir when the mountpoint is removed from the configuration file.

That is normal behavior, otherwise when unmounting the system would need to know whether the directory was specifically created for mounting something. Basically, it's not umount's business to remove files.

I wrote all these considerations hoping can be useful to others.

Thank you again! F.

 

[Jsingh]

Is mounting a zfs data set using bind mounts secure and suitable for access control? From what I read in the documentation, its not.

 

[fiona]

Hi,

Is mounting a zfs data set using bind mounts secure and suitable for access control? From what I read in the documentation, its not.

can you link to where did you read that? If you set up the user ID mappings and ACLs correctly (use zfs set acltype=posixacl <dataset> to enable), I'd guess that it should be fine (but I'm not a security expert).

 

[Jsingh]

I misread something there (regarding symlinks inside source path)
https://pve.proxmox.com/wiki/Linux_Container#pct_settings

My intent is to create a samba share using a bind mount point inside a container and authentication for multiple users using active directory. Is this scenario feasible?

 

[UdoB]

My intent is to create a samba share using a bind mount point inside a container and authentication for multiple users using active directory. Is this scenario feasible?

Yes, but it is not trivial - there are a lof of small details that need to fit to offer a seamless experience.

For this I am using the "zamba"-part of this project: https://github.com/bashclub/zamba-lxc-toolbox

Best regards

 

[tejasthakur123]

I am facing a problem migrating the container when binds are on ( so not able to achieve HA)
everytime I need to edit the lines inside /etc/pve/nodes/<hostname>/lxc/<containerid>.conf

any solution on that ?

if you can see screenshot its shared CIFS





it was failed when I tried to migrate



successful after # on the line

 

[fiona]

Hi,

I am facing a problem migrating the container when binds are on ( so not able to achieve HA)
everytime I need to edit the lines inside /etc/pve/nodes/<hostname>/lxc/<containerid>.conf

any solution on that ?

if you can see screenshot its shared CIFS

View attachment 56183



it was failed when I tried to migrate

View attachment 56182

successful after # on the line

View attachment 56184

since it's a shared network storage, you can set the shared=1 option on the bind-mount, then you should be able to migrate.

 

[tejasthakur123]

Thanks, Fiona
working now