PVE 9.1.1 Unprivileged LXC Device mount point permission problem

[mail-gateway]

Hello,
I've created device mount point in unprivileged lxc container with following command :
pct set 140 -mp0 volume=/dev/mapper/lsdata,mp=/data

Container starts successfully, but I can't create any directory in /data

drwxr-xr-x 3 nobody nogroup 4096 Nov 22 14:55 data

root@m-server:~# mkdir /data/d
mkdir: cannot create directory '/data/d': Permission denied

Same scenario on PVE 8.4.1 is working fine. I didn't remember to have done any special settings on PVE 8.4.1 to work.

The block device /dev/mapper/lsdata is opened luks device on both PVEs.

 

[bl1mp]

Hi mail-gateway,
which user context, do you usw within the Container?
From the filesystem permissions, the folder belongs to the nobody user, who is the only one with write permissions (beside root).

BR, Lucas

 

[mail-gateway]

I've used root. I just found a workaround: I've created filesystem with following command :
mkfs.ext4 -E root_owner=100000:100000 /dev/mapper/lsdata

and now I can create directories and change permissions.
May be is some kind of strange behaviour like bug.

 

[leesteken]

This is to be expected because the "root" user inside an unprivileged container is mapped to user 100000 on the Proxmox host. See also https://pve.proxmox.com/wiki/Unprivileged_LXC_containers and threads like this one: https://forum.proxmox.com/threads/proxmox-container-uid-gid-mapping.129544/post-567487

 

[mail-gateway]

I've searched for existing solutions, but all that I've found was for bind mounts, not for device mounts.
In PVE 8.4.1 i don't remember to done any mapping or something like this workaround to set unprivileged root uid 100000 for the new filesystem