Unprivileged Linux container in debian series PVE mounts SMB shared directory
tangwudi
|
|
debian
|
2,923

526 Words
|
3 minutes
本文最后更新于 450 天前,其中的信息可能已经有所发展或是发生改变,如有失效可到评论区留言。

Unprivileged LXC

What are unprivileged Linux containers (LXC)? Unprivileged containers are considered to be more secure and confidential than privileged containers. When an unprivileged container is running, the root UID of the container is mapped to a non-root UID on the host system. This makes it difficult for an attacker to gain root privileges to the underlying host even if they crack the container. In short, if an attacker manages to compromise your container through a known software vulnerability, they will immediately find that they cannot obtain any host permissions. Therefore, unprivileged containers are designed to limit the root user permissions of LXC, thereby protecting the security of the host machine. However, this will also cause some inconveniences. For example, when we want to mount an SMB shared NAS directory using the mount command in PVE's unprivileged LXC like in normal Linux, we will fail because of permission errors:

mount error(1): Operation not permitted lxc

So what should we do if we want to mount an external SMB directory in this case? We can only go in a circle: first mount the SMB directory to the pve host, and then use the pve host to map the mounted directory to the unprivileged LXC container.

Note: The following operations are run on the pve host

Mount the shared directory that needs to be mounted to LXC to the PVE host first

Install the cifs-utils package

apt-get install cifs-utils

Create a mount directory

mkdir -p /mnt/share/

Run the mount command

mount -o username=account,password=password//your-ip/shared directory/mnt/share

Mount the PVE host directory into the unprivileged LXC container

pct set "CT id" -mp0 /mnt/share/,mp=/mnt/share

If you want to mount other directories later, they will be mp1, mp2, and so on.

Restart the LXC container and check

ls /mnt/share

If you can see the contents of the SMB directory, it means success.

Note: If you want pve to automatically load the SMB directory when it starts, you need to edit /etc/fstab and add the following content:

//your-ip/shared directory/mnt/share cifs defaults,username=account,password=password

This can be found in my other article:Debian series automatically mount SMB at startup

The content of the blog is original. Please indicate the source when reprinting! For more blog articles, you can go toSitemapUnderstand. The RSS address of the blog is:https://blog.tangwudi.com/feed, welcome to subscribe; if necessary, you can joinTelegram GroupDiscuss the problem together.
debianLXCExperience Sharing
No Comments

Send Comment Edit Comment 


				

			

						

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
							
													

					

				

			

			
			

				

					
				

			

				

											

							
							
						

																					

							
							
						

										
					
											
						

	

		
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠(ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ°Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	

	

		
Emoticons
Emoji
Little Dinosaur
flower!
	


									

			

			
			
		

	






Previous
Next 

                    

                    
			        Related Posts
		            

		            

							
From QUIC to HTTP2: Building a more private and stable Cloudflare Tunnel solution

							
							

							
Home Data Center Series 2024.12.25 Attack Brief: The Largest DDoS Attack Record So Far

							
							

							
Home Data Center Series A bloody murder caused by a "steamed bun": Recording the abnormal blog access phenomenon caused by the upgrade of tailscale in the past few days

							
							

							
Home Data Center Series: Cracking the WordPress AJAX Protection Problem: Using Cloudflare Tunnel to "divide" normal website access and attack traffic

							
							

							
Debian series Free up your disk space: Linux storage space cleanup and optimization guide

							
							

							
A summary of solutions to the problem of WordPress uploading files exceeding the php.ini limit

							
							

							
How to deal with the "This site has encountered a fatal error" problem in WordPress

							
							

							
An incomplete guide to emby's advanced features

							
							

							
Home Data Center SeriesQNAP's scalable and cost-effective storage solutions for home environments

							
							

							
Home Data Center Series: A review of the core concepts of current Web development starting with the Ajax cross-domain issue (from a non-programmer's perspective)

							
							

					
				

			

		

        
		
						
					
		
	

    
    
	
error: 

	
		
		
        

            


                
					en_US				

            

            


                
                    
          						  zh_CN					          
                en_US
            

        


    










        
                
        










Spring Festival









 









hapiness