Skip to content

Instantly share code, notes, and snippets.

@ajmassi

ajmassi/LXCBindMount.md

Last active March 31, 2024 04:13
Show Gist options
  • Star 71 You must be signed in to star a gist
  • Fork 15 You must be signed in to fork a gist
  • Save ajmassi/e6862294d114467b46f9b7f073921352 to your computer and use it in GitHub Desktop.
Save ajmassi/e6862294d114467b46f9b7f073921352 to your computer and use it in GitHub Desktop.
Download ZIP
Create a bind mount from a Proxmox host on an unprivileged lxc container
Raw
LXCBindMount.md

Proxmox Assign Bind Mount To Unprivileged Container

In order for the LXC container to have full access the proxmox host directory, a subgid is set as owner of a host directory, and an ACL is used to ensure permissions.

Bind Mount dataset to LXC

Add the following line to /etc/pve/lxc/<CT_ID>.conf

mp0:/mount/point/on/host,mp=/mount/point/on/lxc

Create group on host

In the default Proxmox configuration, unpriviliged container subgids will have the prefix "10" followed by the expected 4-digit gid.

addgroup --gid <GID (ie."101000")> <GroupName (ie."container-data")>

Set ACL for shared dataset

Any members of -GID- will have "rwx", new files from -GID- have "rwx" default Note: documentation suggests the "-d" flag should be used to assign default, however I have been able to get the desired result without, so... take that as you will

chgrp -R <GroupName> <Dataset>
chmod -R 2775 <Dataset>
setfacl -Rm g:<GID>:rwx,d:g:<GID>:rwx <Dataset>

Inside your LXC container

Create group

GID needs to match the last 4 digits of the subgid assigned earlier

addgroup --gid <GID (ie."1000")> <GroupName (ie."container-data")>

Add users to new permitted group

usermod -aG <GroupName> <User>

You should now be able to make modifications to the assigned directory on the host system from within the unpriviliged container.

References

https://blog.felixbrucker.com/2015/10/01/how-to-mount-host-directories-inside-a-proxmox-lxc-container/ https://www.reddit.com/r/homelab/comments/4h0erv/resolving_permissions_issues_with_host_bind/

@oldercodergithub
Copy link

unfortunatelly not worked for me. still getting permission error.

@BassT23
Copy link

BassT23 commented Jun 11, 2023

work for me (pve 7.4)
thx

@jeroenbeuz
Copy link

Thanks for this! Works perfectly

@rkraken
Copy link

rkraken commented Nov 9, 2023

Thanks! I wasn't familiar with setfacl so I learned something. Couldn't the last command be simplified, given that chmod was already performed?

setfacl -Rm d:g::rwx

@pablomujica
Copy link

Thanks! been going through everything, mapping LXC users UID, but this did it.

The only note I have is that setfacl wasnt installed on my 7.4-3 host. To install it:
apt install acl

@Weyla
Copy link

Weyla commented Dec 3, 2023

This guide made setting up my plex and torrent lxc very quick. Thanks!

@fl3usner
Copy link

fl3usner commented Jan 4, 2024

Thanks mate, helped me a lot! Didn't work for me first, had to reboot the lxc first. Since then, flawless ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment