I’m a happy lxd user, thank you for all the awesome work. We’ve migrated 90% of our stuff into containers with great results and one of the things left to do is to move our local nfs server. I found this bug detailing how to get that going, however I wanted to verify if the expectation is that everything will work as it would on a bare host. Is that the case? I’m not quite clear on the details of privileged Vs unprivileged (while not mentioned in the bug, it seems indeed n-k-s requires a privileged container, which makes sense) and wondering if in some use cases functionalities could break.
I would appreciate any detail on the implication of running this container unprivileged and with nfs-kernel-server - for example my expectation is that if the container/nfs was to lock-up somehow it would take down the host/all containers since the kernel space is shared. Is that the case?
Also I’m not quite clear on the implications of running a privileged container - I get that root inside becomes the same root on the host, but does that mean that container will have access to resources/mount points on the host or other containers, or it “just” means that in the case of a breach access to the host will be as root?