Ubuntu 20.04 (Focal Fossa) LXC (template) - Mountpoints no longer Work

[haxxa]

Hello,

Previously under the Ubuntu 18.04 Template I could mount folders on my local disk via a mount point such as:

mp0: /mnt/HDD/Media/eBooks,mp=/media/HDD/Media/eBooks,ro=0

Unfortunately with the Ubuntu 20.04 Template that no longer works, I have the same Mount Point:

mp0: /mnt/HDD/Media/eBooks,mp=/media/HDD/Media/eBooks,ro=0

but when I try to modify the contents from the container I get:

root@Calibre-Web:/media/HDD/Media/eBooks/Calibre-Library# touch test
touch: cannot touch 'test': Permission denied
root@Calibre-Web:/media/HDD/Media/eBooks/Calibre-Library# mkdir test
mkdir: cannot create directory 'test': Permission denied

This works in all my existing containers (Debian 10, Ubuntu 18.04 etc.).

Here is the stats (from the host):

root@Home-Server-U1:/etc/pve/lxc# stat /mnt/HDD/Media/eBooks/Calibre-Library/
  File: /mnt/HDD/Media/eBooks/Calibre-Library/
  Size: 5               Blocks: 24         IO Block: 131072 directory
Device: 33h/51d Inode: 131841      Links: 3
Access: (0775/drwxrwxr-x)  Uid: ( 1000/ UNKNOWN)   Gid: ( 1000/ UNKNOWN)
Access: 2020-04-28 13:40:23.639489530 +1000
Modify: 2020-04-28 13:39:16.077011360 +1000
Change: 2020-04-28 13:40:22.575513397 +1000
 Birth: -

and from the host here are some permission details:

root@Calibre-Web:/media/HDD/Media/eBooks/Calibre-Library# ls -ld
drwxrwxr-x 3 nobody nogroup 5 Apr 28 13:39 .
root@Calibre-Web:/media/HDD/Media/eBooks/Calibre-Library# id
uid=0(root) gid=0(root) groups=0(root)

root@Calibre-Web:/media/HDD/Media/eBooks/Calibre-Library# stat /media/HDD/Media/eBooks/Calibre-Library
  File: /media/HDD/Media/eBooks/Calibre-Library
  Size: 5               Blocks: 24         IO Block: 131072 directory
Device: 33h/51d Inode: 131841      Links: 3
Access: (0775/drwxrwxr-x)  Uid: (65534/  nobody)   Gid: (65534/ nogroup)
Access: 2020-04-28 13:40:23.639489530 +1000
Modify: 2020-04-28 13:39:16.077011360 +1000
Change: 2020-04-28 13:40:22.575513397 +1000
 Birth: -

Not sure what has changed to prevent this working, any guidance?

Regards - Harrison

 

[fabian]

are the other containers privileged, but the new one is unprivileged?

 

[haxxa]

are the other containers privileged, but the new one is unprivileged?

No they are both unprivileged, setting it as privileged on Ubuntu 20.04 resolves the issue but its not desirable security wise.

 

[fabian]

did you setup a special ID mapping for the other containers? can you show an example stat/ls from an old, working container? the default permissions/users should be the same..

 

[haxxa]

The permissions on the filesystem recently changed due to an external factor, I apologize this issue was not related to the container. I wasn't due-diligent enough in checking this.