[lxc-users] Crucial LXD, Bind Mounts & Gluster Question

Eric naisanza at gmail.com
Sun Aug 14 15:40:10 UTC 2016


On August 14, 2016 9:55:36 AM EDT, Personal <zach at zachlanich.com> wrote:
>I would have to at very least chown the subdirectory to the same user
>the container is running on in order to have write access to it from
>with in the container, but that was my thought that the volume itself
>provides enough protection. My friend who is an experienced systems
>administrator seems to be very uncomfortable with the idea of bind
>mounting into the container, as he thinks it kind of breaks the
>isolation that the containers provide when adding write access to the
>mount, Thoughts?

Another way is setting extended attributes (setfacl) to the parent dataset that is being shared (xattr=sa, acltype=posixacl) 

It's also tricky, because new files created by the container gets assigned the UID of the user from the container (setting the defaults for the xattr probably would resolve that, but I'll have to test it out)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160814/a33c029a/attachment.html>


More information about the lxc-users mailing list