Feature request: storage volume permissions

[jonathan-conder]

When creating a dir volume:

$ lxc storage volume create default foo

The mounted directory has permissions drwx--x--x (0711). It would be nice to have a config setting to control this. I'd be happy with just the dir driver for now, but we may want zfs as well in future.

It might be possible to work around this using something like:

$ mkdir -p backup/volume
$ $EDITOR backup/index.yaml
$ tar zcf foo.tar.gz backup
$ lxc storage volume import default foo.tar.gz foo

But generating index.yaml is a bit complex and I'm not sure if it's a stable format. Just saying I'd also be happy with an approach along these lines if it's easier to implement.

At the moment our use cache is to mount /var/cache/apt/archives as a volume. Normally this would have 0755 permissions, but as far as I can tell that doesn't really matter because apt runs as root. So I wouldn't treat this request as high priority, at least until we find a use case where the permissions really do matter.

[tomponline]

I'd be tempted to make this a property of the disk device that attaches the volume to an instance, rather than a property of the volume itself, as that then offers the option of having the same volume mounted to multiple instances using different mount perms.

[jonathan-conder]

That's interesting, I didn't even know that was a possibility. Might be worth checking if this is already doable with raw.mount.options or something

[tomponline]

Something related recently landed in Incus lxc/incus#1415

Thinking about this more the uid/gid maybe able to be device specific (if we consider idmapped mounts) however the permission of the volume directory itself would need to be on the volume indeed.

[jonathan-conder]

What a coincidence! That feature looks like it would work for us