[lxc-users] sharing files and unprivileged LXC container

[Justus Schubert]

Hi everyone, 

I'm trying the first time lxc. something I do not understand is the shared use 
of resources. This seems to be a problem especially with unprivileged 
containers.
My first thought was to have a shared folder with custom user/group mapping in 
unprivileged LXC container for (user)mount

I set up a LCX Container. My hostsystem is ArchLinux and the Container use 
Debian. I start the container as root and use user/group mapping so the 
container run 'unprivileged'. 
>> my /etc/lxc/default.conf:
>> lxc.idmap = u 0 100000 65536
>> lxc.idmap = g 0 100000 65536

>> my /etc/subuid & /etc/subgid:
>> root:100000:65536

Now i like to share my homedir within the container.
>> my /var/lib/lxc/<lxc-name>/config:
>> lxc.mount.entry = /home/<user> /var/lib/lxc/<lxc-name>/rootfs/mnt/share 
none bind 0 0

Because of the mapping described above rights of the shared folder are set to 
nobody nogroup. 

After some research, I came to the idea that there are certainly other ways to 
solve the problem. Maybe SSHfs, NFS or SAMBA? something that the 'usermapping' 
can implement in the protocol?
can someone tell me his experiences or show ways of solution?
in concrete terms, I am looking for ideas for the realization:
1) How can I share rights among 'unprivileged' users from the host to the 
container? User1 from host shares a folder to user1 from the container-os. 
both are not root. How can I achieve this?
2) sharing files between unprivileged lxc containers

I can imagine that such questions are asked frequently. but unfortunately I 
have not found a simple and consistent solution. 

Thanks in advance for your help!

-- 

Justus Schubert
01099 Dresden
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20191211/ae7f9fad/attachment.sig>