Hi folks! I'm struggling with some strange behavior where I'm attempting to mount some host file systems in the unprivileged guest containers. The reason why it's strange is because it's wildly inconsistent, even in the same guest.
I've found several guides (One, Two) that follow the same set of recommended action, and I've followed it consistently. What's happening is, however, some zfs data sets are correctly being mapped in the guest, and others aren't. Even on the same container, I can swap between two different mounted host data sets, with exactly the same permissions applied, and one maps, but the other doesn't. In the examples below, I show how the same permission configuration works on one dataset (doom-wiki) and maps to "nobody:nogroup" on another dataset, both configured exactly the same on the host, and the guest.
Setting the permissions:
Ensuring that the groups and users on the guest will have good permissions:
On each guest container:
On host:
Output of
Output of
Output of
Output of
Can anyone help explain the behavior, or recommend troubleshooting?
(I've validated using
I've found several guides (One, Two) that follow the same set of recommended action, and I've followed it consistently. What's happening is, however, some zfs data sets are correctly being mapped in the guest, and others aren't. Even on the same container, I can swap between two different mounted host data sets, with exactly the same permissions applied, and one maps, but the other doesn't. In the examples below, I show how the same permission configuration works on one dataset (doom-wiki) and maps to "nobody:nogroup" on another dataset, both configured exactly the same on the host, and the guest.
Setting the permissions:
chown -R media:media-share /path/to/datasetEnsuring that the groups and users on the guest will have good permissions:
chmod -R 770 /path/to/datasetOn each guest container:
groupadd -g 10000 media-shareuseradd <containername> -u 1000 -g 10000 -m -s /bin/bashOn host:
pct set <container id> -mp0 /path/to/host/dataset/,mp=/mnt/dataset/pct set <container id> -mp1 /path/to/host/dataset2/,mp=/mnt/dataset2/Output of
ls -al /doom-pool/doom-data/ on host:Output of
ls -al /mnt on guest (/mnt/):Output of
ls -al /mnt/doom-wiki on guest (/mnt/doom-wiki):Output of
ls -al /mnt/doom-usenet on guest (/mnt/doom-usenet):Can anyone help explain the behavior, or recommend troubleshooting?
(I've validated using
stat -c '%u %g' /mnt/dataset (in the various iterations) that the groups and users are showing up correctly in their respective ranges on the host and guest. I'm very confident it's not an inconsistent application of perms.)