In order for the LXC container to have full access the proxmox host directory, a subgid is set as owner of a host directory, and an ACL is used to ensure permissions.
Add the following line to /etc/pve/lxc/<CT_ID>.conf
mp0:/mount/point/on/host,mp=/mount/point/on/lxc
OR
pct set 100 -mp0 /mnt/bindmounts/shared,mp=/shared
(OPTIONAL) If having issues try setting the directory or dataset on the host to be inside /mnt
In the default Proxmox configuration, unpriviliged container subgids will have the prefix "10" followed by the expected 4-digit gid.
addgroup --gid <GID (ie."101000")> <GroupName (ie."container-data")>
Debian 11 which proxmox is based on does not have acl installed so install acl using
apt install acl
zfs set acltype=posixacl storage/share
Any members of -GID- will have "rwx", new files from -GID- have "rwx" default Note: documentation suggests the "-d" flag should be used to assign default, however I have been able to get the desired result without, so... take that as you will
chgrp -R <GroupName> <Dataset>
chmod -R 2775 <Dataset>
setfacl -Rm g:<GID>:rwx,d:g:<GID>:rwx <Dataset>
GID needs to match the last 4 digits of the subgid assigned earlier
addgroup --gid <GID (ie."1000")> <GroupName (ie."container-data")>
usermod -aG <GroupName> <User>
You should now be able to make modifications to the assigned directory on the host system from within the unpriviliged container.
https://blog.felixbrucker.com/2015/10/01/how-to-mount-host-directories-inside-a-proxmox-lxc-container/ https://www.reddit.com/r/homelab/comments/4h0erv/resolving_permissions_issues_with_host_bind/
Thanks for the succinct gist on the subject! It summarizes about 20 threads I've been reading on the subject to the same conclusions I reached. I will give feedback after I'm done setting up a node this way.
Also this: https://www.itsembedded.com/sysadmin/proxmox_bind_unprivileged_lxc/
I have one question though. You have this:
Why does the directory/dataset need to have the mount point in /mnt on the host?