I’m trying to mount a folder into a container with shift=true, but get an error message “Required idmapping abilities not available”. I’m on NixOS with lots of adjustments to permissions etc, so it might be something related to that, I’m just not sure what to check. I tried with both tmpfs and zfs folders. ‘incus info’ shows ‘lxc_features:idmapped_mounts_v2: true’ and ‘kernel_features:
idmapped_mounts: true’.
What filesystem is the source path on?
ZFS (I’m also trying to mount some secrets from /run, so those are tmpfs)
VFS idmap support is a per-filesystem thing, not all of them have implemented the logic needed to make this work.
ZFS introduced it in ZFS 2.2, so if you’re on an older release, it won’t work.
tmpfs introduced it in Linux 6.3.
Both should be new enough as far as I can tell.
Linux version (uname -r): 6.12.78
ZFS version (modinfo zfs | grep version): 2.3.6-1
ETA: I found out only some folders fail, but I haven’t been able to figure out what causes it. For example, /run/wrappers is fine but /run/secrets is not. I thought it might be related to who owns the folder, as two folders owned by root:keys both failed, but one folder owned by root:root also failed while other root:root folders did not, so that’s not it. It doesn’t seem like a chmod permissions issue either, since some folders that have stricter permissions are fine.
Can you show the full container config?
In general bind-mounts from and into /run are a bad idea and result in a bunch of issues as /run is mounted by the container on boot and is generally expected to be empty at that state. Bind-mounting stuff over that prior to boot is likely to cause issues. The same is generally true of anything involving /tmp.