ZFS (NFS) dataset shared inside of unprivileged LXC/VM

[escher]

Hi guys,
I'm trying to configure a share in my unprivileged container with id mapping.

In host (Proxmox 6.2):
- created user ctuser (1003:1003 in host)
- both /etc/subuid, /etc/subgid look like this:

        root:100000:65536
        ctuser:362144:65536
        root:1003:1

- in /etc/pve/lxc/[CTID].conf:

        mp0: /tank/share,mp=/shared
        ...
        lxc.idmap: u 0 100000 1003
        lxc.idmap: g 0 100000 1003
        lxc.idmap: u 1003 1003 1
        lxc.idmap: g 1003 1003 1
        lxc.idmap: u 1004 101004 64532
        lxc.idmap: g 1004 101004 64532

- ls -la /tank/ returns:
drwxr-xr-x 7 ctuser ctuser 9 Oct 5 16:29 share

lxc container starts ok, /shared gets automatically mounted

In lxc container:
- login as root (0:0 in lxc)
- I can create new file /shared/test.txt and ls -la returns
-rw-r--r-- 1 root root 5 Oct 5 14:29 test.txt
- in host the file looks like
-rw-r--r-- 1 100000 100000 5 Oct 5 16:29 test.txt

Shouldn't it rather be like this?
-rw-r--r-- 1 ctuser ctuser 5 Oct 5 16:29 test.txt

Am I doing something wrong or is this expected?
Is there a better way to do it?

Any help/confirmation would be great.

 

[oguz]

hi,

In host (Proxmox 6.2):
- created user ctuser (1003:1003 in host)
- both /etc/subuid, /etc/subgid look like this:

you need to have an equivalent user in the CT with that uid/gid

try in /etc/subuid and /etc/subgid to put just: root:1003:1 , restart the container