- General Advantages:
- faster startup of containers
- easier and less risky setup of uid/gid-shifting
If you want to share e.g. a folder between host & container or between containers.
If you want to share volumes between isolated containers.
How to get shiftfs:
- For Ubuntu Users: It is already included in the Ubuntu Kernel.
- For other Distros: It is not included in the mainline kernel yet, but you can add it via dkms.
I created a github repo for this: https://github.com/toby63/shiftfs-dkms/
2. Sharing disk-devices:
If you want to share a disk device (for example a folder) between host/container or between containers, so that both parties can have full access (rwx) to it, shiftfs will make that much easier.
You only need to add this key to your device-configuration in the container/profile-config:
This will match the hosts uid/gid (of the folder owner) with the container uid/gid.
So if the hosts uid is 1000, the user in the container also needs to have the uid 1000 to be able to access it.
See forum post by stgraber.
3. Sharing volumes:
If you want to share a volume between isolated containers, shiftfs will make that possible.
You add this key to your volume-configuration:
Then you attach the volume to both containers:
lxc storage volume attach POOL-NAME VOLUME-NAME container1 DEVICENAME /PATH
lxc storage volume attach POOL-NAME VOLUME-NAME container2 DEVICENAME /PATH
If you don’t want LXD to remap (the UIDs/GIDs of) your container when shiftfs is not available (for example because of a failed dkms update), you can apply the following config key to your container (profile):
"Prevents the instance's filesystem from being uid/gid shifted on startup"(See: https://linuxcontainers.org/lxd/docs/master/instances )
Related error report: Container error after changing shiftfs (false/true)
If you use shiftfs for disk devices it is possible for root or sudo users inside the container to setuid on a file that can be used by unpriviledged users on the host to get root access.
- Trying out `shiftfs`