I am trying to figure out if it’s possible or not, much seem to indicate it’s not, but it’s old information at times so not sure what still holds or not.
I think it’s an issue in how the kernel works and not how the isolations work (apparmor for example),
which is why it’s just “not possible”.
For my usecase i would like if it was possible to have a container mount (or similar) a network share so it can be accessed, and i don’t need write access if that perhaps might help.
When trying to make it work i just get errors which i couldn’t figure out if i was doing something wrong or not, as sometimes i saw apparmor in the dmesg logs, but it seems to have just been for some other mistakes, the actually “errors” just didn’t show, but i noticed it worked when i made the container privileged so i assume it was just locked down, but would like to know how one can actually tell if that’s the case.