When you know an LXD container you’re setting up is going to be using a lot of storage space, it’s generally a very good idea to move pressure off the ZFS partition you’ve setup for LXD. This way the data isn’t inside the container, filling up our precious ZFS partition and is more accessible if another container, or the host wishes to access it.
Setting ownership on the host directory
To gain write access within the container, we’ll first need to set the owner of this directory to root inside the container. To find the UID/GID for root, run the following command.
ls -l /var/lib/lxd/storage-pools/ZFSPoolName/containers/ContainerName
Example below. lxd being the name of the ZFS storage pool, and Downloads being the name of the container I’ll be adding this directory into.
alex@NUC:/var/log$ ls -l /var/lib/lxd/storage-pools/lxd/containers/Containername total 5 -r-------- 1 root root 6176 Apr 19 18:22 backup.yaml -rw-r--r-- 1 root root 691 Jan 1 1970 metadata.yaml drwxr-xr-x 22 100000 100000 22 Feb 18 11:50 rootfs drwxr-xr-x 2 root root 4 Feb 18 16:26 templates
Notice in my case the owner of rootfs is 100000:100000 – that’s what we need to set as the owner for the downloads directory.
chown 100000:100000 -R /home/downloads
Adding our directory into a container
We can now mount the directory into the container
The syntax for this command is
lxc config device add CONTAINERNAME LABEL disk path=/MOUNTPATHINSIDECONTAINER source=/MOUNTPATHINSIDEHOST
So for me that is
lxc config device add downloads downloads disk path=/downloads source=/home/downloads
Now lets access the container and ensure the drive has been mounted.
lxc exec downloads bash df -h
/dev/sda1 1.9T 1.3T 548G 71% /downloads
Notice /downloads listed there. Lets ensure we can see inside it
ls -l /downloads
Notice how this directory is now owned and writable by root of the container. At this point you can change ownership to the user inside your container who’ll be writing to the directory.
sudo chown USERNAME:USERNAME-R /downloads
Changing USERNAME to the user you’re giving access to.