I’ve tried searching the forums, but can’t find any matches for my problem, so here goes:
I have an LXC container (privileged) that bind mounts a bunch of kerberized NFSv4 mounts from the host.
Initially i tried mounting them as NFS shares through the config file, assuming it worked like FreeBSD jails, but no matter what i did i could not make it work, so i had to fall back to bind mounts.
Inside the container, root can browse the shares just fine, but as soon as i switch to a user account, i get access denied or stale file handle. I’ve installed krb5 inside the container, and the user has a valid krb5 token for accessing the shares.
I have the same setup on FreeBSD jails, where the mounting is handled by iocage, with the subtle difference that FreeBSD supports a NFS option called “allgssname”, forcing all client access to use the host credentials.
Any idea what i’m missing ?