Mount "homes" in LXC containers (Solved)

Post Reply
mseewald
Starting out
Posts: 29
Joined: Sat Nov 11, 2017 9:38 pm

Mount "homes" in LXC containers (Solved)

Post by mseewald »

Hi all,
There isn't much documentation for QNAP's way of using LXC and I thought I share a useful bit:
Issue:
  • QNAP GUI does not allow to mount "homes", e.g. when running Debian 10 as LXC.
Solution:
  • Create a file /usr/local/container-station/lxc/share/lxc/config/common.conf.d/mymounts.conf

Code: Select all

lxc.mount.entry = /share/homes/ home none bind,create=dir 0 0
See also /usr/local/container-station/lxc/share/lxc/config/common.conf.d/README for further information.
Comments welcome, including on why QNAP chose to not allow mounting "homes" via GUI (still unclear to me).

Addition, Jan 12: Above mentioned file gets deleted whenever container station package is updated.
mseewald
Starting out
Posts: 29
Joined: Sat Nov 11, 2017 9:38 pm

Re: Mount "homes" in LXC containers (Solved)

Post by mseewald »

Given there is a new debian bullseye coming and QNAP will stop LXC support, I had to figure out how to do the above with an unpriviledged LXD container. Of note, the above mentioned .conf file located in /usr/local/container-station/lxc/share/lxc/config/common.conf.d/ will still be used (shared settings, not container specific) and home directories show up as intended. However, permissions will be wrong because 1) LXD has its own namespace and requires mapping and 2) QNAP's default mapping changes all UID/GID from the host system.

Here is how you can query your UID/GID mappings on command line:

Code: Select all

lxc config get <LXDCONTAINERNAME> volatile.idmap.next
And this is how you can map them:

Code: Select all

lxc config get <LXDCONTAINERNAME> volatile.idmap.next '[{"Isuid":true,"Isgid":false,"Hostid":0,"Nsid":0,"Maprange":100000000},{"Isuid":false,"Isgid":true,"Hostid":0,"Nsid":0,"Maprange":100000000}]'
Essentially, this will take host UID/GID ranging from 0-100000000 and map them to the same UID/GID in the container. You can confirm this by checking the container-specific .conf file in: /var/log/lxd/<LXDCONTAINERNAME>/lxc.conf
(Please note that you can not edit this .conf file directly as it gets overwritten at each start of the container.)
Treviño
First post
Posts: 1
Joined: Fri Jun 15, 2018 1:25 am

Re: Mount "homes" in LXC containers (Solved)

Post by Treviño »

Weird, with old LXC I used to just modify the container config file (the one in `/var/lib/lxc/<container-name>/config) to apply a policy to just one specific container.

With LXD (I've to use it privileged for now), I can't keep a preserved configuration because files in `/usr/local/container-station/lxc/share/lxc/config/common.conf.d/*.conf` doesn't seem to be read here, while using `lxc config device add <container-name> homes disk source=/share/homes/ path=/home readonly=false` works, but it's not compatible with Web UI mount folders configuration (that can be useful to use at times)...

So, to manage it I think it's better to use the lxc profiles. So, if you want to apply this to all your containers just use this:

Code: Select all

lxc profile device add default homes disk source=/share/homes/ path=/home readonly=false
Otherwise you can create a new profile to be used only by specific instances:

Code: Select all

lxc profile create shared-homes
lxc profile device add shared-homes homes disk source=/share/homes/ path=/home readonly=false
lxc profile add <instance-name> shared-homes
Read more at: https://linuxcontainers.org/lxd/advanced-guide/
Post Reply

Return to “Container Station”