Is it possible to make a zfs dataset snapshot or zpool available in an unprivileged container?

dionysius · May 31, 2025, 12:44pm

~# lsb_release -ds
Ubuntu 22.04.5 LTS
~# snap list lxd
Name  Version      Rev    Tracking       Publisher   Notes
lxd   6.3-a85d6a5  33246  latest/stable  canonical✓  -

I’d like to access all containers most recent snapshot within an (unprivileged) container for backup-purposes. Said container is responsible for all backup-tasks. Is there a way to mount a full zpool or a specific zfs tree into that container?

Context:

Right now I’m doing preparations on the host and then mount those recursively into the container:

  lxd-backup:
    path: /srv/backup/lxd
    recursive: "true"
    required: "true"
    source: /srv/backup
    type: disk

A cronjob regularly updates the mounted snapshot for each container. This gives some inconveniences as the backup task and this snapshot-update task will never be perfect in sync. And as long as snapshots stay mounted, lxd doesn’t allow me to delete a container (“dataset is busy”, obviously, a snapshot is still mounted).

It would be much easier to handle pre and post backup steps if that backup container can mount those snapshots itself - but for that it needs somehow access to said zpool or zvolumes. Is there a way to do that (optimally unprivileged backup container).

~# lxd init --dump
config:
  core.https_address: '[::]:8443'
networks:
- config:
    ipv4.address: 10.166.4.1/24
    ipv4.nat: "true"
    ipv6.address: fd42:e09f:2070:238f::1/64
    ipv6.dhcp.stateful: "true"
    ipv6.nat: "true"
  description: ""
  name: lxdbr0
  type: bridge
  project: default
storage_pools:
- config:
    source: local/enc/lxd
    volatile.initial_source: local/enc/lxd
    zfs.pool_name: local/enc/lxd
  description: ""
  name: local_enc
  driver: zfs
storage_volumes: []
profiles:
- config:
    limits.cpu.allowance: 25%
    limits.memory: 2GiB
    limits.memory.enforce: soft
  description: Default LXD profile
  devices:
    eth0:
      name: eth0
      network: lxdbr0
      type: nic
    root:
      path: /
      pool: local_enc
      type: disk
  name: default
projects:
- config:
    features.images: "true"
    features.networks: "true"
    features.networks.zones: "true"
    features.profiles: "true"
    features.storage.buckets: "true"
    features.storage.volumes: "true"
  description: Default LXD project
  name: default
  storage: ""
  network: ""