LXD has changed a lot since I last had to install it. I prefer RHEL-based distros, and chose rocky 8.5 for my host OS.
I have LXD installed via snap, and I’ve gotten everything working (although getting IPs is really slow for some reason) except bind mounting host directories to containers. I get the dreaded
nobody user in the container.
I think before this was handled with the
subgid stuff, but I’m reading that LXD uses a new kernel feature for this now. However, I don’t have that module available to me, as the kernel is much older.
When using snap, is there actually a way to get the old
subuid method to work? is there something else I can try? Thanks.
subuid/subgid is ignored by the snap so you don’t need to add stuff to those files.
For mapping a directory from the host into the container you pretty much have two options:
- Set shift=true which requires either shiftfs (Ubuntu-only) or the new VFS idmapped mount kernel feature
raw.idmap to directly pass in the owner of the host’s path to the container
In your case, that second option is likely what you’ve been at least partly following as that’s the one which would require subuid/subgid entries on non-snap installs.
On a snap installation, just setting the appropriate raw.idmap and restarting the container with the disk device added should work fine.
Hey, thanks @stgraber, good to see you around still.
It took a bit of digging in the docs to find usage examples of
raw.idmap and figure out that I’m supposed to put it in the config file for the container, but it appears that this works for me without falling back to setting the container to privileged, which I wanted to avoid. Thanks a lot!