Proxmox Assign Bind Mount To Unprivileged Container
In order for the LXC container to have full access the proxmox host directory, a subgid is set as owner of a host directory, and an ACL is used to ensure permissions.
Bind Mount dataset to LXC
Add the following line to /etc/pve/lxc/<CT_ID>.conf
Create group on host
In the default Proxmox configuration, unpriviliged container subgids will have the prefix "10" followed by the expected 4-digit gid.
addgroup --gid <GID (ie."101000")> <GroupName (ie."container-data")>
Set ACL for shared dataset
Any members of -GID- will have "rwx", new files from -GID- have "rwx" default Note: documentation suggests the "-d" flag should be used to assign default, however I have been able to get the desired result without, so... take that as you will
chgrp -R <GroupName> <Dataset> chmod -R 2775 <Dataset> setfacl -Rm g:<GID>:rwx,d:g:<GID>:rwx <Dataset>
Inside your LXC container
GID needs to match the last 4 digits of the subgid assigned earlier
addgroup --gid <GID (ie."1000")> <GroupName (ie."container-data")>
Add users to new permitted group
usermod -aG <GroupName> <User>
You should now be able to make modifications to the assigned directory on the host system from within the unpriviliged container.
Thanks, very useful