How to mount a host directoy to my unpriviledged lxc

Question

I have an unprivileged lxc container. And I want to mount a directory ~/Project in the host machine to the lxc. I tried to modifying the lxc config file. The following is my lxc config file:

# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist archlinux --release current --arch amd64
# Template script checksum (SHA-1): 1ba3a6d6544626d6e64c7b8f1a51f6022c5e5f8f
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)


# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = x86_64

# Container specific configuration
#lxc.idmap = u 0 100000 65536
#lxc.idmap = g 0 100000 65536
lxc.idmap = u 0 100000 1000
lxc.idmap = g 0 100000 1000
lxc.idmap = u 1000 1000 1
lxc.idmap = g 1000 1000 1
lxc.idmap = u 1001 101001 64535
lxc.idmap = g 1001 101001 64535

lxc.rootfs.path = dir:/var/lib/lxc/main_dev/rootfs
lxc.uts.name = main_dev

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:47:f6:98

# Video configuration
lxc.mount.entry = /dev/dri dev/dri none bind,optional,create=dir
lxc.mount.entry = /dev/snd dev/snd none bind,optional,create=dir
#lxc.mount.entry = /tmp/.X11-unix tmp/.X11-unix none bind,optional,create=dir
lxc.mount.entry = /tmp/.X11-unix mnt/x11 none bind,optional,create=dir
lxc.mount.entry = /dev/video0 dev/video0 none bind,optional,create=file


# User
lxc.mount.entry = ~/Project /home/arch/test none bind 0 0

It didn't work. Also is there a way to copy files in an unprivileged lxc? I tried to copy files into my lxc roofts. But it didn't show-up in the container.

Note: the following are the entries in my /etc/subuid and /etc/subgid (in host machine) where.

sahil:1000:1
sahil:100000:65536

Answer 1

1. Concerning the mount of the host directory

In the configuration file, the "~" notation is not allowed as it is a bash shell specific notation and LXC does not use bash to interpret the pathname. This must be replaced by the full pathname (e.g. /home/sahil/Project).

The mount point should be defined as a relative pathname in the container's rootfs.

If the pathname of the mount point is not yet created in the container's rootfs, it is advised to add the create=dir option.

Hence the mount directive should be something like:

lxc.mount.entry = /home/sahil/Project home/arch/test none bind,create=dir 0 0

2. Concerning the copy of a files from host to container

The configuration file shows the location of the container's rootfs:

lxc.rootfs.path = dir:/var/lib/lxc/main_dev/rootfs

If you need to copy host files into the container, you can copy the files in any (sub)directory from /var/lib/lxc/main_dev/rootfs.

For example:

$ cp /home/sahil/example.txt /var/lib/lxc/main_dev/rootfs/some_place

You may need super user privileges on host side if the "/var/lib/lxc/main_dev/rootfs/" is owned by root. And you will see the copied file on container side.

NB: The location of your container's rootfs is unusual as unprivileged LXC containers have typically their rootfs located in the user's home directory. For example : /home/<login_name>/.local/share/lxc/<container_name>/rootfs