I’ve create a ZFS pool for all my containers and would like to store unprivileged ones there as well. I’ve found a few discussions about this, but nothing that seems straight forward.
I tried manually creating a ZFS dataset where lxc-create would and chowning it to the uid I expect the container root to have. However, this doesn’t get me far:
lxc-create appears to automatically change ownership of the ZFS dataset to e.g. 100000:100000.
However, does my example actually do the right thing? Doesn’t LXC make special use of the knowledge that the container is on a particular storage backend, and now thinks I used the plain “dir” model. Or is the -B (--bdev) flag solely there to simplify container creation but irrelevant thereafter?
LXC itself has limited added logic for specific storage backends.
Snapshots would be the main place where storage backend specific logic would apply, but since an unprivileged user also can’t create a zfs snapshot, that’d fail if you were using the zfs backend. So in your case, using dir is the right thing to do.