LXC containers -- questions about users, volumes, permissions

Apps and Virtualization
1

Coming from Proxmox, I am finding setting up an LXC container in TrueNAS to be a bit confusing. Are there tutorials or guides for setting up something like a general-purpose Debian environment in a TrueNAS container? Three things in particular are confusing me:

  1. Users and permissions. I see documentation about userid mapping, but nothing about the basic task of setting up a container with root and normal users. How do you do that?

  2. Is there the same concept of “privileged” and “unprivileged” containers as in Proxmox? If I want a container to be able to, e.g., install fancontrol in the LXC to monitor the system fans, I think I need in Proxmox terms a privileged container. Does that exist in TrueNAS containers?

  3. Root volume. In Proxmox, you create a root volume for the container’s filesystem. There doesn’t seem to be any analog to this in TrueNAS container creation. Where does your new container live, and how do you set its size?

I haven’t been able to find any basic info that describes these aspects of TrueNAS containers. Any pointers to info would be appeciated. Thanks!

2
  1. There’s a buildin user in truenas called truenas_container_unpriv_root which gets automatically mapped to the root user inside the lxc. If you add that user to your datasets acls your container root has permissions set.
    Other users can be mapped using the webui of truenas.
  2. Right now truenas uses incus as the lxc backend and as far as i understood it launches unpriviledged container by default.
  3. Truenas asks you to select a pool for your lxcs. On that pool truenas will create a hidden dataset caled .ix-virt. The filesystem of the lxcs gets saved there. As far as i can tell there’s no gui exposed way to set the size, but standard incus commands should be able to adjust it.

In the next release in april the lxc backend will switch from incus to libvirt, so i don’t know if the above will still be valid after the change.

3

T:hanks! That helps a lot, especially about the special user.