sh 如何在LXC / LXD容器中设置*可写*共享目录

Posted 2021-05-07

[robin@xps ~ ]$ lxc launch ubuntu:16.04 my-xenial  # Create & start a new container
[robin@xps ~ ]$ getfacl ./share/ # Check extended permissions on "share" directory
# file: share
# owner: robin
# group: robin
user::rwx
group::rwx
other::r-x
[robin@xps ~ ]$ sudo ls -ld /var/lib/lxd/containers/my-xenial  # Find the user ID for my container (165536)
[sudo] password for robin: 
drwxr-xr-x+ 4 165536 165536 4096 May 13 08:59 /var/lib/lxd/containers/my-xenial
[robin@xps ~ ]$ # Give my container access to the "share" directory
[robin@xps ~ ]$ setfacl -Rm user:lxd:rwx,default:user:lxd:rwx,user:165536:rwx,default:user:165536:rwx share
[robin@xps ~ ]$ getfacl share  # Behold the new expanded permissions!
# file: share
# owner: robin
# group: robin
user::rwx
user:lxd:rwx
user:165536:rwx
group::rwx
mask::rwx
other::r-x
default:user::rwx
default:user:lxd:rwx
default:user:165536:rwx
default:group::rwx
default:mask::rwx
default:other::r-x
[robin@xps ~ ]$ # Add the shared directory to the container as a device
[robin@xps ~ ]$ lxc config device add my-xenial share disk source=`pwd`/share path=/srv/share
Device share added to my-xenial
[robin@xps ~ ]$ # I can now successfully create a new file in the shared directory
[robin@xps ~ ]$ lxc exec my-xenial -- touch /srv/share/anewfile
[robin@xps ~ ]$ ls -l share/anewfile 
-rw-rw-r--+ 1 165536 165536 0 May 13 14:22 share/anewfile