From a921aac51e88b2ee8a6c9357118926bd323f85e9 Mon Sep 17 00:00:00 2001 From: MacRimi Date: Tue, 2 Jun 2026 18:21:27 +0200 Subject: [PATCH] disk_host: open host mount path for unprivileged LXC bind-mounts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The fstab-only mount method explicitly says "for LXC bind-mounts" in its dialog wording, but the mount point left behind by mkfs + mkdir is owned root:root with mode 0755. An unprivileged LXC sees the directory through its uid offset (root inside → host uid 100000) which lands under the directory's "others" bits — so the container can read but never write, and the user has to track down the chmod / setfacl step manually. lxc-mount-manager_minimal.sh already offers exactly this fix as `lmm_offer_host_permissions` when the user adds the bind-mount through that script, but the disk-side script never closed its half of the loop. Add a small `_apply_lxc_bind_mount_perms` helper that runs `chmod o+rwx` plus `setfacl o::rwx + default ACL` whenever MODE_FSTAB=1, and call it from both `mount_disk_permanently` (format path) and `mount_existing_disk` (use_existing path). Pure pvesm-only mounts keep the original behaviour — chmod o+rwx on a VM/backup storage isn't desirable. Verified on .55 against the existing /mnt/disk-sda + LXC 112 (unprivileged): unprivileged container root could not write before (Permission denied), writes succeed after the perms are applied and land on the host as uid 100000 as expected. Co-Authored-By: Claude Opus 4.7 --- scripts/share/disk_host.sh | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/scripts/share/disk_host.sh b/scripts/share/disk_host.sh index 37992832..a965e183 100644 --- a/scripts/share/disk_host.sh +++ b/scripts/share/disk_host.sh @@ -584,10 +584,38 @@ mount_disk_permanently() { msg_ok "$(translate "Added to /etc/fstab using device path")" fi + _apply_lxc_bind_mount_perms "$mount_path" + systemctl daemon-reload 2>/dev/null || true return 0 } +# When the user opted into the host-fstab mount method, the whole +# point of the mount is to bind-mount it into LXC containers. A fresh +# ext4/xfs/btrfs filesystem (or a freshly-created /mnt/ directory) +# is owned by root:root with mode 0755 — which an unprivileged LXC +# sees as "others" (its root uid 0 maps to host uid 100000) and is +# therefore read-only. lxc-mount-manager_minimal.sh offers the same +# chmod o+rwx + default-ACL fix when the user adds the bind-mount +# through that script, but most users don't realise they need to do +# both steps. Apply the fix here so that "fstab only" really does +# leave a directory ready to bind-mount from an unprivileged CT. +# Privileged containers don't need this (root inside = root on host) +# but the change is harmless: existing owners keep their access. +_apply_lxc_bind_mount_perms() { + local mount_path="$1" + [[ "${MODE_FSTAB:-0}" -eq 1 ]] || return 0 + [[ -d "$mount_path" ]] || return 0 + + msg_info "$(translate "Applying host permissions for unprivileged LXC bind-mounts...")" + chmod o+rwx "$mount_path" 2>/dev/null || true + if command -v setfacl >/dev/null 2>&1; then + setfacl -m o::rwx "$mount_path" 2>/dev/null || true + setfacl -m d:o::rwx "$mount_path" 2>/dev/null || true + fi + msg_ok "$(translate "Host permissions applied (o+rwx + default ACL) — unprivileged LXCs can read/write through bind-mounts")" +} + mount_existing_disk() { local disk="$1" local mount_path="$2" @@ -621,6 +649,8 @@ mount_existing_disk() { msg_ok "$(translate "Added to /etc/fstab")" fi + _apply_lxc_bind_mount_perms "$mount_path" + DISK_PARTITION="$disk" systemctl daemon-reload 2>/dev/null || true return 0