I want to run a Samba server in a container to serve up a ZFS dataset that is mounted on the host filesystem, so that the host can manage snapshots and off-site send/receive, and any malicious process that breaks in via smb can only see the files, not the underlying ZFS dataset/snapshots.
There are only going to be a couple of users, so it’s practical for me to just synchronise ids in /etc/passwd instead of using shiftfs.
What I can’t seem to find however is documentation on where and how to configure LXD to mount a host folder inside a container.
The tutorial here:
provides an example of a “device-configuration in the container/profile-config”, but I am not sure what this is or where to find it, nor have I been able to find any references to that in the documentation. Actually I’m not even sure if this is talking about a shared folder or a loopback block device?
Is there a section of the documentation I have missed that covers this? Alternatively, Is there a config file that contains this container config?