Adding a shared host directory to an LXC/LXD Container
The instructions on https://wiki.gentoo.org/wiki/LXD that you mention are correct but may need a bit more explanation.
On the host you first check the ownership of the directory in which the container data is stored. Run
sudo ls -l /var/lib/lxd/containers
and check the owner of the container you would like to share the directory with. In my case the uid
and gid
both were 100000.
Next, use these to change the ownership of the directory you want to share:
sudo chown 100000:100000 /tmp/share_on_host
Share the directory with the container in the way you indicated in your comment:
lxc config device add mycontainer sharedtmp disk \
path=/tmp/share_on_guest source=/tmp/share_on_host
Now, in the container, you will see that the directory /tmp/share_on_guest
(I wouldn't advise to mount your directory as /tmp
because that is used by the system for other stuff and has special permissions) is owned by root. From here on you can use chown
in the container to change the ownership to the appropriate uid
and gid
for your user in the container.
As a side note, after changing the ownership in the container to e.g. a user with uid
33 you will see on the host that the uid
there is now 100033, which makes total sense.
Here is an updated answer to this question.
Mount the host folder /var/www
as /var/test
in the container.
lxc config device add mycontainer vartest disk source=/var/www path=/var/test
You can assign additional devices to the container, and these can be host-accessible folders.
$ lxc config ## display help
...
lxc config device add [<remote>:]<container> <device> <type> [key=value...]
Add a device to a container.
...
Note that <device>
is just an arbitrary name that you assign, which will be used as an ID for subsequent device management.
For example, to mount the host folder "./host" as "/mnt/host" in the container...
lxc config device add mycontainer vartest disk source=$(pwd)/host path=/mnt/host
There remains one problem -- if you want this folder to be writable by both the host and the container, the ownership and permissions need to be configured accordingly. This is complicated by the default mode of LXD which virtualizes the numeric ranges for user and group id
values. There is an easy solution, however: bypass this virtualization by configuring the container to run with host-equivalent privileges...
lxc config set <container> security.privileged true
The full host-security implications of this approach are unclear to me at this time, but would seem to be somewhat "contained" by the virtualization. The practical risk depends on how and why you will be using the container. See technical notes at https://insights.ubuntu.com/2017/06/15/custom-user-mappings-in-lxd-containers
Further note that this approach probably works best if you normally operate in the container as a non-root user, such as if you attach with...
lxc exec zesty -- su --login ubuntu
- Additional notes on configuration: https://help.ubuntu.com/lts/serverguide/lxd.html