Unprivileged LXC local directory bind mount point not working

stepanov1975

New Member
Oct 22, 2021
7
2
3
46
I am trying to mount a directory from Proxmox host to an unprivileged LXC (Proxmox 7)
From this page - Unprivileged LXC containers it seems like all I need to do is to add
pct set 100 -mp0 /mnt/bindmounts/shared,mp=/shared
To the LXC configuration file.
I did this:

102.conf
Code:
arch: amd64
cores: 8
features: keyctl=1,nesting=1
hostname: docker
memory: 8224
mp0: /mnt/bindmounts/shared,mp=/shared
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=F2:5F:0C:03:19:CC,ip=dhcp,type=veth
onboot: 1
ostype: debian
rootfs: proxthin:vm-102-disk-0,size=1000G
startup: order=1,up=600
swap: 512
unprivileged: 1

On Proxmox host:
Code:
root@pve:~# ls -l /mnt/bindmounts/
total 4
drwxr-xr-x 2 root root 4096 Oct 24 20:52 shared

Inside LXC I see:
drwxr-xr-x 2 nobody nogroup 4096 Oct 24 20:52 shared

But when I am trying to write I don't have permission
Code:
root@docker /# touch shared/a.txt
touch: cannot touch 'shared/a.txt': Permission denied

I would be grateful if someone could help me with this
 

dcsapak

Proxmox Staff Member
Staff member
Feb 1, 2016
8,221
1,044
164
34
Vienna
the reason is that in unprivileged containers, the users are mapped to different id, so that privileged users in the container are really unprivileged users outside.
check this wiki page for some examples how to configure things: https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
 

stepanov1975

New Member
Oct 22, 2021
7
2
3
46
the reason is that in unprivileged containers, the users are mapped to different id, so that privileged users in the container are really unprivileged users outside.
check this wiki page for some examples how to configure things: https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
@dcsapak Thank you for the replay. I checked this wiki page and as far as I understand it says that for default configuration all users will be mapped to nobody . That is perfectly fine for me. I don't need permission inside the container. I only
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!