What methods are available for mounting a remote share such as an SMB/CIFS, NFS, or SSHFS share inside an unprivileged Incus container while also properly mapping user IDs between the container and remote file systems?
sshfs should work just fine when initiated from within the container, the others don’t work and require the mount to be done on the host and passed to the container, but that can’t currently be shifted as cifs and nfs don’t support VFS idmap at this stage.
There are FUSE implementations of NFSv3 and basic CIFS so you could use that inside the container to mount things.
What is the sane way to mount an nfs share for example on the host then pass it to the container while working with an unpriviledged container? I have tried mount --bind /mnt/nfsshare /srv/nfs4
that is yet to work…
According to this earlier post by @stgraber, the only way that the Linux kernel can mount an NSF share in an unprivileged container is to bind-mount the share from the host into the container. GitHub has several FUSE implementations of NFS clients that function outside the kernel in user space, but none of them seem to be maintained.
Reading through libfuse
seems like a way to understand the internals first then maybe get inspiration to contribute…