[lxc-users] Mount additional storage into unprivileged container

Andrey Repin anrdaemon at yandex.ru
Tue Nov 8 10:16:06 UTC 2016


Greetings, Andriy Tovstik!

> I am learning LXC features because we are going  to implement it in our
> production environment.

LXC or LXD? Your configuration smells the latter.

> Could somebody explain me is there any well documented way to mount
> additional filesystems or (preferable) block devices into Unprivileged
> containers? is it supports live migration of container?

You could do better at explaining, what you need that for. It'll speed up the
answer.
Normally, you don't need to "mount block devices into container".

> I've read a lot of articles and man pages but unfortunatly this question is still unclear for me...
>
> Currently my config looks like:
>
>  
>
> name: test-container
> profiles:
> - default
> config:
>   raw.lxc: lxc.aa_profile=unconfined
>   security.privileged: "true"
>   volatile.base_image: a19c9ae2bd2e7bf99b0e2d31a0707cc534781a4eba47f44f172f486d2e01c96b
>   volatile.eth0.hwaddr: 00:16:3e:87:d6:d9
>   volatile.last_state.idmap: '[]'
> devices:
>   data:
>     path:  /datastorage
>     source: /dev/sdf
>     type: disk

>
> But when I try to change security.privileged to ‘false’ I lost an ability
> to write to /datastorage path inside container.
>
> Currently I’m using version 2.0.5 of LXC

Doesn't match to your listed config. Smells like LXD.


-- 
With best regards,
Andrey Repin
Tuesday, November 8, 2016 13:13:21

Sorry for my terrible english...


More information about the lxc-users mailing list