Is there a way to use shiftfs selectively? Then once enabled, it applies to all newly created containers.
I tried lxd with disabled shiftfs, applied this to a container (before first start): security.protection.shift: "true"
resulted in: Error: Failed to handle idmapped storage: Container is protected against filesystem shifting
Than enabled shiftfs for lxd snap, but how to make a container where shifting is desired?
security.protection.shift: "false" obviousely no effect.
Must define raw id maps individually?
that’s definitely a shiftfs bug. Shiftfs is not properly resolves path. We have seen a lot of issues like that with overlayfs (that was patched to work over shiftfs).
Is there a way to use shiftfs selectively? Then once enabled, it applies to all newly created containers.
You can try to set security.shifted to false on the storage pool. But as far as I understand you can’t control this parameter individually for the rootfs.
For additional disk devices you can control if shifting is used or not by: lxc config device set container_name disk_name shift=true
@amikhalitsyn Thanks for elaborating. @tomp Is it worth opening issues for those or just live with it?
Selective shiftfs.
once shiftfs enabled for snap.lxd config, it applies to all subsequently created instances.
Either lxd.daemon shiftfs=false but apply individually to instances
or globally shiftfs=true, but disable in cases by instance/profile config.
resolve rootfs path inside container:
overlayfs not exposing zpool structure: zpool/lxdpool/containers/project_container
shiftfs not showing full host path: /var/snap/lxd/common/lxd/storage-pools/mystoragepool/containers/Project_Contanername/rootfs
Can you clarify on the exact command required to do that? The documentation isn’t very straightforward when it comes to actually explaining all options available and how to use them…