mirror of
https://github.com/MacRimi/ProxMenux.git
synced 2026-06-03 13:54:41 +00:00
MacRimi
a921aac51e
The fstab-only mount method explicitly says "for LXC bind-mounts" in its dialog wording, but the mount point left behind by mkfs + mkdir is owned root:root with mode 0755. An unprivileged LXC sees the directory through its uid offset (root inside → host uid 100000) which lands under the directory's "others" bits — so the container can read but never write, and the user has to track down the chmod / setfacl step manually. lxc-mount-manager_minimal.sh already offers exactly this fix as `lmm_offer_host_permissions` when the user adds the bind-mount through that script, but the disk-side script never closed its half of the loop. Add a small `_apply_lxc_bind_mount_perms` helper that runs `chmod o+rwx` plus `setfacl o::rwx + default ACL` whenever MODE_FSTAB=1, and call it from both `mount_disk_permanently` (format path) and `mount_existing_disk` (use_existing path). Pure pvesm-only mounts keep the original behaviour — chmod o+rwx on a VM/backup storage isn't desirable. Verified on .55 against the existing /mnt/disk-sda + LXC 112 (unprivileged): unprivileged container root could not write before (Permission denied), writes succeed after the perms are applied and land on the host as uid 100000 as expected. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>