Hi. Mr. Okajima,
Thanks for your soon reply.
My NFS export file is like this :
/mnt/NFSmountpoint
172.16.0.0/24(rw,fsid=0,insecure,no_root_squash,no_subtree_check,sync,c
rossmnt).
Is this OK?
And it is OK for me to create and write the NFS server files on
the client side parent server with root user.
I guess the root user in the unprivileged container is mapped as a
unpreviliged user with UID 100000 in the parent server, which has
limited permission to access the NFS server. But why local path works
well? Since local unpreviliged user also has limited permission to
access the local files.
BR.
Michael Mao
[defaultAvatar.png]
maoriguang0797
[email protected]
k [1]ts
On 03/21/2020 11:23, [2]J. R. Okajima wrote:
Hello Michael,
"[email protected]":
> Buf if I set the nfs branch as the first rw branch, as:
> mount -t aufs -o br=/nfsmountpoint=rw:/home/base/rootfs=ro
none /var/lib/lxc/containers/{lxcname}/rootfs
> the LXC can start up in unpreviliged mode, but I can't modify
the files which's ownner is not root. It seems not working in
unpreviliged mode.
> For example, it will fail to run: "useradd {newuser}" in the
container's bash. The result is : "useradd: failure while writing
changes to /etc/shadow"
First of all, you need to confirm that your nfs client have a
writable
acess right to your nfs server. I guess you already checked some
permission bits on your dirs and files. But how about on nfs nfs
server, especially sec=, fsid=, and no_root_squash export options?
One
simple way to check is a superuser on your nfs client create and
write
to a file on nfs server.
J. R. Okajima
References
Visible links
1. https://mail.163.com/dashi/dlpro.html?from=mail88
2. mailto:[email protected]
Hidden links:
4.
https://maas.mail.163.com/dashi-web-extend/html/proSignature.html?ftlId=1&name=maoriguang0797&uid=maoriguang0797%40163.com&iconUrl=https%3A%2F%2Fmail-online.nosdn.127.net%2Fqiyelogo%2FdefaultAvatar.png&items=%5B%22%E9%82%AE%E7%AE%B1%EF%BC%9Amaoriguang0797%40163.com%22%5D
