[lxc-users] Unprivileged containers with /home on NFS, chown not permitted
Kaj Wiik
kaj.wiik at iki.fi
Fri Feb 22 11:49:27 UTC 2019
I disabled subtree check that did not solve the problem...
Is this something expected, i.e. there is nothing to do for it and should I
move to privileged containers? I would not like to do that...
Thanks,
Kaj
On Wed, 20 Feb 2019 at 12:53, Kaj Wiik <kaj.wiik at iki.fi> wrote:
> I investigated further and if I
> chown 101001.101001 autossh
> in the NFS mounted directtory in the host, everything works for that
> particular user.
>
> But I cannot e.g.
> # adduser foo
> Adding user `foo' ...
> Adding new group `foo' (1002) ...
> Adding new user `foo' (1002) with group `foo' ...
> Creating home directory `/home/foo' ...
> Stopped: chown 1002:1002 /home/foo: Operation not permitted
>
> in the container...
>
> I already changed the NFS share subtree ownership to the mapped one (42000
> in my case) and asked to disable subtree check from the share (not yet
> done).
>
> This must be something with the difference of normal directory and NFS but
> what...?
>
> Thanks,
> Kaj
>
>
> On Wed, 20 Feb 2019 at 00:23, Kaj Wiik <kaj.wiik at iki.fi> wrote:
>
>> Hi!
>>
>> I have set up an unprivileged container with bind mount /home from NFS
>> share mounted on host.
>>
>> The /home directory has been mapped to root in the container:
>> printf "uid 42000 0\ngid 42000 0\n" | lxc config set container raw.idmap -
>>
>> The problem is that chown does not work, e.g.:
>> chown: changing ownership of '/home/autossh/.ssh': Operation not
>> permitted
>>
>> If I change the target directory to a 'normal' one instead of NFS
>> mounted, everything works.
>>
>> Any ideas, please....
>>
>> NFS v3 and v4, lxc --version 3.0.3
>>
>> Thanks,
>> Kaj
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20190222/7cf73e5f/attachment.html>
More information about the lxc-users
mailing list