Dear,
First of all, thanks for your help. First containers launched and I managed to mount a /var/lib/docker using btrfs while whole system use zfs → My building time in docker dropped from 30 minutes to 1 to build same package
Now another problem is about mounting a classical disk in both privileged and unprivileged container this time.
On host I created lxd group by hand (missing)
Host:
root@server:~# egrep '(root|lxd)' /etc/subuid
root:100000:65536
lxd:100000:65536
develop:1017504:65536
root@server:~# egrep '(root|lxd)' /etc/subgid
root:100000:65536
lxd:100000:65536
develop:1017504:65536
Note : I had to add lxd
in this file using VI. I do not know if it is the good way
Here is my disc that I want to mount:
root@server:~# ls -l /disks
drwxr-xr-x 19 develop develop 4096 Aug 18 01:15 www
Shiftfs in proc/mount returns nothing in both containers.
Config of privileged container:
root@server:~# lxc config show --expanded c0 | egrep "(priv|idmap)"
security.privileged: "true"
volatile.idmap.base: "0"
volatile.idmap.current: '[]'
volatile.idmap.next: '[]'
volatile.last_state.idmap: '[]'
And listing my disk gives me 1000:
root@server:~# lxc exec c0 -- ls -l /disks
-rwxrwx--- 1 1000 1000 332 Jun 25 2020 README
Config of my unprivileged container :
root@server:~# lxc config show --expanded c1 | egrep "(priv|idmap)"
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
And listing my disk gives me :
root@server:~# lxc exec c1 -- ls -l /disks
-rwxrwx--- 1 nobody nogroup 332 Jun 25 2020 README
Aside note : I didn’t create develop
user in containers right now. I tried giving root:root in a specific file within the disk and showed the right, same thing.
Any help would be welcome.