One slightly tricky thing with proxmox (at least to me), is getting things right with bind mounts and id mapping from host to container. This is a brief overview of the basics and how to set this up so it works correctly:
Background is that a proxmox container UID and GID space starts from 100000 in the host and therefore root (uid 0) in the container is not the same as root (uid 0) in the host. The same is true for all other UIDs and GIDs between the host and the container. This is a nice security feature – the idea being a compromise of the container does not give any privileges on the host.
With a bind mount though, a resource (the mount point or directory) is going to be shared between the host and the container. In order for both the container and host to have access to the resource you will need to setup an id map that allows mapping of the host UID/GID to an appropriate UID/GID in the container.
To do this, you will need to add lxc.idmap entries to the container configuration. Let’s assume that you want to share a directory that should be accessible by uid 1000, gid 1000 in the host and uid 1001, gid 4 in the container. For this, you will add the following lxc.idmap entries in the container configuration:
lxc.idmap: u 0 100000 1001
lxc.idmap: u 1001 1000 1
lxc.idmap: u 1002 101002 64534
lxc.idmap: g 0 100000 4
lxc.idmap: g 4 1000 1
lxc.idmap: g 5 100005 64531The format for the lines are: <type> <container_id> <host_id> <count> where type is u for UID and g for GID.
Finally, you will need to allow these remapping of the host IDs in the container by editing /etc/subuid and /etc/subgid – typically the container mapping is done as root, so adding this entry in /etc/subuid and /etc/subgid for the above case would work – it states root in the container is allowed to remap one ID starting from 1000:
root:1000:1