actually you can remap the uid and gid i think it’s called…
doing that you can fix the permissions… ofc that does introduce some additional security holes, but can’t really get much worse than what i’m already doing when running it directly on the host…
or thats how i understood it from reading abit about it… i’m sure it’s wrong in more ways than i want to count… but it werks… i think… haven’t exactly done a ton of testing on it yet
just copied a script from it… but i have my zfs permissions setup in that way where the owner gets the rights on stuff they create and then others get read only access… and ofc the lower tier users cannot read root owned… i think … something like that… was setting up some network shares and had trouble so i know i did a good deal of tinkering to get that to run as i wanted…
seems to work well for most stuff… anyways on this link there is a guide to how to make lxc containers access host storage… not sure if its applicable outside of proxmox…
i did these changes…
First the file `/etc/subuid` (we allow 1 piece of uid starting from 1005):
root:1005:1
then `/etc/subgid` :
root:1005:1
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
tried to add this to the .conf
# uid map: from uid 0 map 1005 uids (in the ct) to the range starting 100000 (on the host), so 0..1004 (ct) → 100000..101004 (host)
lxc.idmap = u 0 100000 1005
lxc.idmap = g 0 100000 1005
# we map 1 uid starting from uid 1005 onto 1005, so 1005 → 1005
lxc.idmap = u 1005 1005 1
lxc.idmap = g 1005 1005 1
# we map the rest of 65535 from 1006 upto 101006, so 1006..65535 → 101006..165535
lxc.idmap = u 1006 101006 64530
lxc.idmap = g 1006 101006 64530
but that made the container not boot, so i removed it and the other changes seemed enough to make it work… i duno if they actually do anything… had also an extra space in the mount configuration in the .conf file
used this one
mp0: /mnt/bindmounts/shared,mp=/shared
another thing i did tho in the proxmox webgui, was going into the container tab
selecting options: selecting features and clicking the edit button in the top…
then adding nesting and keyctl.
you can however add those atleast for proxmox lxc, in the .conf
looks like this when i check it.
features: keyctl=1,nesting=1
in case you wanted to try and get past the 777 issue
my full LXC .conf file ended up like this
arch: amd64
cores: 4
features: keyctl=1,nesting=1
hostname: CT303
memory: 4096
mp0: /nexus/publicshare,mp=/mnt/publicshare
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=DE:41:4a:14:4B:EE,ip=dhcp,type=veth
ostype: ubuntu
rootfs: tank_vms:subvol-303-disk-0,size=4T
swap: 512
unprivileged: 1
oh yeah i forgot to mention some of these settings was to get docker running inside the container also… but i’m sure you know that
and i duno why it works… magic i guess lol
i just copy stuff…