i have an NFS mount on the host (which is shared from a freenas server) and which is working fine. the uid/gid on the host is 146:146.
i want to make this accessible on the container & don’t want to use privileged container and if i simply do:
lxc config device add disk source=/path/to/nfs-on-host path=/path/on/container
then i get the expected problem of the path on the container showing up with nobody:nogroup.
i tried to use a raw.idmap:
printf “uid 146 132\ngid 146 139” | lxc config set pvr raw.idmap -
which worked syntactically, but rendered the container inaccessible:
Error: Common start logic: Failed to change ACLs on /var/snap/lxd/common/lxd/storage-pools/ssdpool/containers/pvr/rootfs/var/log/journal
Try lxc info --show-log pvr for more info
and output of lxc info --show-log pvr:
Name: pvr
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/05/30 21:10 UTC
Status: Stopped
Type: container
Profiles: default
Log:
lxc pvr 20200601174457.897 WARN cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1152 - File exists - Failed to create directory “/sys/fs/cgroup/cpuset//lxc.monitor.pvr”
lxc pvr 20200601174457.898 WARN cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1152 - File exists - Failed to create directory “/sys/fs/cgroup/cpuset//lxc.payload.pvr”
lxc pvr 20200601174457.902 WARN cgfsng - cgroups/cgfsng.c:fchowmodat:1572 - No such file or directory - Failed to fchownat(17, memory.oom.group, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
uid 146, gid 146 on the host have the same username and group name as uid 132 gid 139 on the container.
The permissions of the shared folder in the container show up as 644 (EDIT - that should be 755) - & both the ubuntu user as well as the user with uid/gid of 132/139 can both read and write to the shared folder and it’s subfolders, so maybe i don’t need to make any further adjustments?
What would be the correct way to do the id mapping? ubuntu 20 and lxd is installed via snap.
As an alternative, you can use shiftfs.
But that requires you to have right kernel (for now ubuntu for example has the right one) or use dkms to patch the kernel.
You can search this forum for more info.
Edit:
Also:
The permissions of the shared folder in the container show up as 644 - & both the ubuntu user as well as the user with uid/gid of 132/139 can both read and write to the shared folder and it’s subfolders, so maybe i don’t need to make any further adjustments?
Well then everything seems fine.
But someone around here will have a more accurate answer for you.
So couldn’t you just access the freenas server from the container?
thanks for the hint on shiftfs - i will look at that.
I tried mounting the freenas server from within the container but it doesn’t work (i thought you can only do that with privileged containers) - and i thought going this (seemingly) roundabout way to mount on the host and then do the lxd config add device disk was the way to do it…
i tried shiftfs.
no difference in what i currently have.
the NFS mounted share on the host shows up with all of the same permissions in the container - just owned by nobody:nogroup instead of the actual user:group combo from the host (which is also a user:group combo on the container just with different uid & gid #s in the container).
it all works in terms of what i’m trying to accomplish in terms of accessing the NFS share, I’m just not sure why or if i’m missing a step somewhere…
Like I state in my shiftfs tutorial, with shiftfs the folder is mounted with the same UID/GID that the folder belongs to on host.
So the user (or a user) in the container needs to have the same UID/GIDs, in order to access it with rwx.
If they differ, you must find an additional solution.
Normally you can add a user in the container that has the same uid.
But in your case the uids seem a bit odd to me: 146:146
But maybe thats just because I mostly use debian based systems, where the (regular) user ids are 1000 and more .
i added a user in the container with same uid:gid 146:146), but still no difference. I’m on ubuntu 20.04, so also debian based - the account in the container i am using is a result of installing an application - normal user added accounts are same as you expect - uid/gid’s 1000 & above.
So not sure if shiftfs isn’t doing anything with the the uid/gid’s below 1000 or if there’s something else going on. i’m going to try a few things - other users with uid/gid >= 1000 and/or starting with an ubuntu based NFS server (vs the freenas share)… maybe something going on there. if i find anything clarifying, will report back. thanks…
ah, ok… i found your tutorial (i had previously only found the thread in which Stephane intro’d shiftfs. anyway, your tutorial also mentions the device key (shift=true) that is required… adding that and now it all works as expected… thanks.
.