Shift=true option for disk device is lost after restart of unprivileged container

IjonTichy · January 12, 2024, 5:00pm

Hi there,

I noticed the following problem: After rebooting the ubuntu server host lxc-containers that I gave the shift=true option in adding host-folders as disk loosing this. Thats annoying, especally because I running nextcloudpi in this container and it have not the right permissions after this. My wish is that my nextcloudpi is starting correct after rebooting the host.

Thanks in advance!

stgraber · January 15, 2024, 7:35pm

This is very light on details, what version of Incus, what version of the Linux kernel, what configuration is used on the container in question?

vice · January 15, 2024, 8:34pm

Indeed missing some details, yet worth mentioning, it probabely could work without shiftfs by simply chown the host dirs mounted inside container to incus mapped user id.
On host:
chown -R 1000000.1000000 /home/mountedfolder

Incus mapped value can be found in either:

cat /etc/subuid
lxc config show container (HostID)
when container running: sudo ls -lh /var/lib/incus/containers/“proj_container”/rootfs/

IjonTichy · January 17, 2024, 2:47pm

Sorry, you are right: Ubuntu 23.10 (GNU/Linux 6.5.0-14-generic x86_64), lxc version 5.19.

config:
  boot.autostart: "true"
  image.architecture: amd64
  image.description: Debian bullseye amd64 (20230121_05:25)
  image.name: debian-bullseye-amd64-default-20230121_05:25
  image.os: debian
  image.release: bullseye
  image.serial: "20230121_05:25"
  image.variant: default
  volatile.base_image: 7744f28b9994b2917ae56db68e55365e000729a47998e7d9d3516f8efcba481e
  volatile.cloud-init.instance-id: fa3fa40f-a353-4c7f-9472-06b16d2125e8
  volatile.eth0.host_name: vethca5213cb
  volatile.eth0.hwaddr: 00:16:3e:b8:3d:34
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 47aac9af-d94f-48e9-896b-eb557bdf1012
  volatile.uuid.generation: 47aac9af-d94f-48e9-896b-eb557bdf1012
devices:
  backup:
    path: /media/backup
    shift: "true"
    source: /media/backup
    type: disk
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  platte:
    path: /media/platte
    shift: "true"
    source: /media/platte
    type: disk
  proxy80:
    connect: tcp:127.0.0.1:80
    listen: tcp:0.0.0.0:80
    type: proxy
  proxy443:
    connect: tcp:127.0.0.1:443
    listen: tcp:0.0.0.0:443
    type: proxy
  proxy4443:
    connect: tcp:127.0.0.1:4443
    listen: tcp:0.0.0.0:4443
    type: proxy
  root:
    path: /
    pool: pool
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

Where /media/platte and /media/backup are the host-folders in question.

Thank you!

stgraber · January 17, 2024, 3:43pm

I’m sorry but given the recent actions from Canonical regarding LXD:

We really can’t be providing support to LXD users on this forum anymore.

You may want to consider switching to Incus instead, or if you’d like to stay on LXD, you should reach out on the Canonical forum instead.

Sorry about that!