unable to mount rw host cifs in PCT

[Fra]

We need to share a host mounted cifs into a CT

Following https://www.thushanfernando.com/notes/proxmox-cifs-setup/ I successfully mounted the host mounted cifs into the container

root@proxmox:~# cat /etc/pve/lxc/701.conf
arch: amd64
cores: 2
features: nesting=1
hostname: mypct
memory: 4096
mp0: local-lvm:vm-701-disk-1,mp=/disco_aggiuntivo,backup=1,size=250G
mp1: /mnt/pve/StorageBoxFinland,mp=/media/StorageBoxFinland
net0: name=eth0,bridge=vmbr1,gw=10.10.10.254,hwaddr=82:37:98:D4:95:F0,ip=10.10.10.122/24,type=veth
onboot: 1
ostype: centos
parent: vzdump
rootfs: local-lvm:vm-701-disk-0,size=80G
swap: 1024
unprivileged: 1

I can then read the mounted cifs.

to bypass apparmor (seeing in dmesg) I've added allow mount fstype=cifs, into /etc/apparmor.d/lxc/lxc-default

The problem is that I am unable to write on it inside the container

root@proxmox:~# pct enter 701
root:# touch /media/StorageBoxFinland/test
touch: cannot touch '/media/StorageBoxFinland/eccomi': Permission denied

inside the container I see the uid:guid of the mounted fs is 65534:65534

As you see above I've tried the features: nesting=1 as in https://forum.proxmox.com/threads/apparmor-denied-operation-mount-error-13.68866/


any idea?

 

[Fra]

uh, I see it works if I set the PC as unprivileged: 0 (note for quick readers: WARNING: this was a big mistake, see below)

is this the way to go?

 

[Fra]

(and no need for the features: nesting=1)

 

[Fra]

nope: changing the `unprivileged: 0` is not possible I see

 

[Fra]

we've found a workaround for the need we originally had (copying data from a volume in the PCT into a host shared cifs partition) by just temporarly mounting the PCT volume in the proxmox host

mount /dev/pve/vm-701-disk-1 /disco_aggiuntivo/

so our problem is solved: but it would be useful to know anyhow how to be able to mount a cifs in a PTC