On August 14, 2016 9:55:36 AM EDT, Personal <z...@zachlanich.com> wrote: >I would have to at very least chown the subdirectory to the same user >the container is running on in order to have write access to it from >with in the container, but that was my thought that the volume itself >provides enough protection. My friend who is an experienced systems >administrator seems to be very uncomfortable with the idea of bind >mounting into the container, as he thinks it kind of breaks the >isolation that the containers provide when adding write access to the >mount, Thoughts?
Another way is setting extended attributes (setfacl) to the parent dataset that is being shared (xattr=sa, acltype=posixacl) It's also tricky, because new files created by the container gets assigned the UID of the user from the container (setting the defaults for the xattr probably would resolve that, but I'll have to test it out)
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
