[lxc-users] LXC, unprivileged containers and glusterfs

Dirk Geschke dirk at lug-erding.de
Thu Oct 17 07:50:43 UTC 2019


Hi all,

maybe someone has an idea how to solve this problem with glusterfs
and unprivileged lxc. 

My idea was to start the container on a glusterfs filesystem, so I
have the data available, even if one gluster node fails. 

I would be able to even start the container on another host without
copying the data.

It seemed to work, until I tried to access a directory as user root
within the LXC:

   root at lxc-playground:/var/spool# ls -l
   total 12
   drwxr-xr-x 3 root        root        4096 May 27 16:34 cron
   drwxr-x--- 5 Debian-exim Debian-exim 4096 May 27 16:34 exim4
   lrwxrwxrwx 1 root        root           7 May 27 05:25 mail -> ../mail
   drwx------ 2 root        root        4096 Jan 18  2017 rsyslog
   root at lxc-playground:/var/spool# cd exim4/
   root at lxc-playground:/var/spool/exim4# ls
   ls: cannot open directory '.': Permission denied

I thought first, it is a problem with LXC, but then I found in the
gluster logs:

   W [fuse-bridge.c:1132:fuse_fd_cbk] 0-glusterfs-fuse: 1185751: OPENDIR() /playground/.local/share/lxc/lxc-playground/rootfs/var/spool/exim4 => -1 (Permission denied)

Does anyone have an idea what is going wrong here and how to fix
this? 

Would it be possible to use an unprivileged container on a glusterfs?

Best regards

Dirk

-- 
+----------------------------------------------------------------------+
| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk at geschke-online.de / dirk at lug-erding.de  / kontakt at lug-erding.de |
+----------------------------------------------------------------------+


More information about the lxc-users mailing list