I’ve attempted unsuccessfully to enable trim operations from within an unprivileged container in order to flush space from deleted files on LXD’s RBD mount to my Ceph cluster:
fitrim ioctl failed operation not permitted
This is on a very vanilla LXD Snap 3.3 Cluster and a shiny new Mimic Ceph cluster.
Thanks for any help
Unfortunately I expect it’s simply the kernel refusing an unprivileged user requesting a TRIM operation on a block device.
Unless you’re using a privileged container, I don’t expect you’ll get away from that…
One option would be to have root on the host run fstrim against all /dev/rbd* devices, effectively running TRIM against all running containers.
Otherwise, you’d need to wait until we have a way to catch such system calls in userspace (there’s ongoing kernel work to allow that), at which point we could have LXD catch that particular ioctl and replay it as real root.