UID mapping / container backup

[oliwel]

Hi All,

I am looking for some help on the UID mapping stuff from lxc and hope somebody can provide some insight on that

I use PVE with LVM on SAN storage and want to backup my container disks using rsync. Basically I create a LVM snapshot of the containers disks, mount the snapshots in the root machine and use rsync to transfer them to my backup server. Works so far but: In the root context I see the mapped uids which makes it very cumbersome to restore individual files to a running guest.

Is there any option to have some kind of namespace or the like when mounting the drives so the mapped uids are visible from the root host?

best reagrds

Oliver

 

[wolfgang]

Hi,

if you use unprivileged container all UID will be mapped to UID + 100000.
This is like this feature work.
The security is that no user in a CT exists on the host.
You can set the UID remap in five blocks.
So you can say UID 0-1000 will be remapped and all others stay the same.
This setup where two blocks.

 

[oliwel]

Hi Wolfgang,

thanks for your reply - this explains how the feature works but unfortunately not answer my question / solve the problem...

Is there a way to apply the UID mapping without entering the real container context? Might it be an option to create a "read only" container with a bash only on the fly mounting the snapshots so the UID mapping is "active" in the shell? I used Linux vServer for a long time where you had the option to create a shell inside the namespace without interfering with the actual container...

Oliver

 

[wbumiller]

You can try `lxc-usernsexec -m b:0:100000:65536 /bin/bash` after mounting, but then you'll effectively be user 100000 on the host, so you won't be able to copy files to your target unless you use some kind of authentication in between (eg. using rsync over ssh).