I headed down the path of using privileged containers bindmounted to host paths with the appropriate user/group mapping. All of that is working well in all 3 containers. I can move files around within the containers and see the changes on the host.
The corner I am in is that I want to run resilio-sync in one container with access to a bindmount. If you’re not familiar, its an application that allows multiple PC’s to sync files. When installed initially, it wants to run as it’s own user (rslsync). It has the ability run as a different user I already have created and mapped in the container. However, to do this, it needs access to the /home directory of that user that is already mapped and when I look at the permissions for all home folders for all users that are mapped, ownership is nobody:nogroup.
I’m assuming with the /home folders for the users/groups that are mapped, the folders lose they’re own identity of sorts. Is this true? Is this the expected behavior? If so, how do I get out of this corner?
For clarity - I’m losing use (nobody:nogroup) of the /home paths for each user inside of the container for the respective user. Is this the expected behavior after lxc user mappings?
I have one user and group in the container and on the host with the same ID (1000).
Here’s my containerID.conf:
arch: amd64
cores: 1
hostname: lxclxc
memory: 512
mp1: /mnt/pve/hostshare/lxclxc,mp=/mnt/bindmount/lxclxc
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=16:97:71:D6:A1:D5,type=veth
ostype: debian
rootfs: CT-Thin:vm-105-disk-0,mountoptions=noatime,size=3G
swap: 512
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535
Here’s my /etc/subuid:
dma:100000:65536
root:100000:65536
sambacontainer:165536:65536
spideroakcontainer:231072:65536
synccontainer:296608:65536
root:1000:1
Here’s my /etc/subgid:
dma:100000:65536
root:100000:65536
sambacontainer:165536:65536
spideroakcontainer:231072:65536
synccontainer:296608:65536
root:1000:1
I need to crack this nut for my own sanity. I can’t throw in the towel now. I’ve been at this for 3 days for various reasons and hiccups.
I got Reslio-Sync to work in my container. What I still need clarification or answers on is why are the home folders in a container re-assigned to nobody:nogroup? This makes them unusable in the container.