• news
  • pics
  • linux
  • windows
  • proxmox
  • game
  • news
  • pics
  • linux
  • windows
  • proxmox
  • game
Home
proxmox

Using local directory bind mount points

Bind mount points are directories on the host machine mapped into a container using the Proxmox framework. It is not (yet) possible to create bind mounts through the web GUI, you can create them either by using pct as

pct set 100 -mp0 /mnt/bindmounts/shared,mp=/shared

or changing the relevant config file, say, /etc/pve/lxc/1234.conf as

mp0: /mnt/bindmounts/shared,mp=/shared

However you will soon realise that every file and directory will be mapped to “nobody” (uid 65534), which is fine as long as

  • you do not have restricted permissions set (only group / user readable files, or accessed directories), and
  • you do not want to write files using a specific uid/gid, since all files will be created using the high-mapped (100000+) uids.

Sometimes this isn’t acceptable, like using a shared, host mapped NFS directory using specific UIDs. In this case you want to access the directory with the same – unprivileged – uid as it’s using on other machines. You need to change the mapping.

Let’s see an example, we want to make uid 1005 accessible in an unprivileged container.

First, we have to change the container UID mapping in the file /etc/pve/lxc/1234.conf:

# uid map: from uid 0 map 1005 uids (in the ct) to the range starting 100000 (on the host), so 0..1004 (ct) → 100000..101004 (host)
lxc.idmap = u 0 100000 1005
lxc.idmap = g 0 100000 1005
# we map 1 uid starting from uid 1005 onto 1005, so 1005 → 1005
lxc.idmap = u 1005 1005 1
lxc.idmap = g 1005 1005 1
# we map the rest of 65535 from 1006 upto 101006, so 1006..65535 → 101006..165535
lxc.idmap = u 1006 101006 64530
lxc.idmap = g 1006 101006 64530

Then we have to allow lxc to actually do the mapping on the host. Since lxc creates the CT using root, we have to allow root to use these uids in the container.

First the file /etc/subuid (we allow 1 piece of uid starting from 1005):

root:1005:1

then /etc/subgid:

root:1005:1

As a final step, remember to change to owner of the bind mount point directory on the host, to match the uid and gid that were made accessible to the container:

chown -R 1005:1005 /mnt/bindmounts/shared

You can start or restart the container here, it should start and see /shared mapped from the host directory /mnt/bindmounts/shared, all uids will be mapped to 65534:65534 except 1005, which would be seen (and written) as 1005:1005.

Previous article Proxmox中Lxc容器挂载远程目录
Next article 紧身胶衣问谁看不下贱?“HK416”:真的不鼓包的哦!~…

therock

2 Comments

  1. graliontorile
    March 8, 2022 at 4:11 pm

    Wohh just what I was searching for, regards for posting.

  2. Bxdizx
    March 14, 2022 at 4:37 pm

    lyrica 150mg over the counter – lyrica pills lyrica 75mg price

Meta
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Categories
  • game
  • linux
  • news
  • pics
  • proxmox
  • windows
Recent Posts
  • 紧身胶衣问谁看不下贱?“HK416”:真的不鼓包的哦!~…
  • Using local directory bind mount points
  • Proxmox中Lxc容器挂载远程目录
  • livego流媒体服务实现无插件播放视频(支持hls,flv)
  • PVE直通核显给虚拟机
Recent Comments
  • Degebu on Proxmox中Lxc容器挂载远程目录
  • Bxdizx on Using local directory bind mount points
  • Markvem on livego流媒体服务实现无插件播放视频(支持hls,flv)
  • Eron Plus on livego流媒体服务实现无插件播放视频(支持hls,flv)
  • buy generic cialis online with mastercard on livego流媒体服务实现无插件播放视频(支持hls,flv)
Archives
  • April 2022 (1)
  • February 2022 (5)
  • January 2022 (2)
  • December 2021 (3)
  • November 2021 (1)
  • October 2021 (2)
  • September 2021 (1)
  • August 2021 (1)
  • July 2021 (8)
  • June 2021 (14)
  • May 2021 (2)
  • April 2021 (2)
  • March 2021 (10)
  • January 2021 (4)
  • December 2020 (4)
  • November 2020 (13)
  • April 2020 (276)
  • March 2020 (1)
  • June 2019 (5)
  • May 2019 (10)
  • December 2015 (1)