Since the last LXD update to version 4.24 I’m experiencing difficulties with adding a host folder as disk device to my unprivileged containers:
lxc config device add c1 common_share disk source=/opt/common_share path=/opt/common_share shift=true
Error: Failed to start device "common_share": Required idmapping abilities not available
Most likely this has to do with the “restricted.containers.interception project option” paragraph in the release notes but as a relative new LXD user this doesn’t point me in the direction of a solution.
Making the container privileged solves the problem but that’s not what I want. Also leaving out the shift=true option and setting rwx permissions for all users on the share folder does work but is not very elegant.
Ideally I’d like to have the old situation back. Is there any way of doing that? I’m aware about the security implications but for me it seems to be the most practical solution.