I have a case where I have a disk image that has an XFS filesystem that I have to mount as a block device or loop device within an LXD container.
This then needs to be mounted in a folder inside the LXD container so an application in it can manage and utilize the entire .img for its own needs.
I’m not entirely sure how to do this in LXD, is there any easy way to add this? I can’t do a loop mount inside the LXD container because it’s unprivileged.
Hi @teward,
I suspect you can use a unix-block device for this. A cloud-init script could also be used to perform any further modification inside the container.
There 2 issues here:
A unix-block device allows for passing through a block device from the host to the container, but does not support presenting an image file as a block device.
https://documentation.ubuntu.com/lxd/en/latest/reference/devices_unix_block/#type-unix-block
For that you would need to use a loop device and losetup on the host and then pass that device in as a unix-block device.
Then to allow mounting you should be able to use our mount syscall interception feature:
https://documentation.ubuntu.com/lxd/en/latest/syscall-interception/#mount
lxc config set <instance> \
security.syscalls.intercept.mount=true \
security.syscalls.intercept.mount.allowed=xfs \
security.syscalls.intercept.mount.shift=true
If you need to use losetup inside the container, I believe this can be done, but you’d need to pass the various /dev/loop* devices from the host into the container via unix-char device and then also enable https://documentation.ubuntu.com/lxd/en/latest/syscall-interception/#mknod-mknodat interception too.