[lxc-users] from lxc to lxd but sharing dir hell
Ivan Ogai
lxc-users at ogai.name
Tue Sep 13 13:11:57 UTC 2016
Hello!
Using LXC, I had a simple script run as a normal user that
1) created an unprivileged container
2) added a user in the container with the same uid and gid as the user
in the host, let's say 1000
3) modified the configuration of the container in
~/.local/share/lxc/example/conf to share their ids:
lxc.id_map = u 0 100000 1000
lxc.id_map = g 0 100000 1000
lxc.id_map = u 1000 1000 1
lxc.id_map = g 1000 1000 1
lxc.id_map = u 1001 101001 64535
lxc.id_map = g 1001 101001 64535
4) and added a mount to share a directory, e.g.
/home/$USER/development home/$USER/development none bind,create=dir 0 0
The users 1000 in the host and in the guest can edit files in the
development directory and all works perfectly, without permissions hell (see
below).
Now, trying to do the same with LXD (instead of LXC) seems quite more
complicate, or I'm missing something?
For 3), I get with `lxc config show example`:
...
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":65536}]
...
what I guess I should set with:
lxc config set example volatile.last_state.idmap 'some very long and complex string'
Is there a better way of doing it?
For 4), I can create a mount point with:
lxc config device add example development disk source=/home/$USER/development path=home/$USER/development
but the ids of the shared directory in the guest are 65534
I could give access to 65534 in the host with:
setfacl -m "u:166536:rwx" development
but is going to be a permission hell when $USER in the guest and in the host add files.
Is there another way, maybe sharing a directory with some simple id mappings,
other than using NFS or similar which would require root (which is out of
question for a script for us)?
Ivan
More information about the lxc-users
mailing list