Sharing TrueNAS Datasets with Unprivileged LXC Containers in Proxmox for Plex/Jellyfin
Sharing TrueNAS Datasets with Unprivileged LXC Containers in Proxmox
Tl;dr: you cannot mount or access the storage between Proxmox and TrueNAS? it's because of the GUID and UID. Took me almost 3 days to read the instruction and figured out this problem. Here is the write-up.
My take: this is your personal home-lab, keep it simple. Don't overwhelm yourself, take the easy way.
-----
Sharing datasets from your TrueNAS to unprivileged LXC containers in Proxmox can be tricky. Due to security restrictions, you can't directly mount network shares within an unprivileged container. This post outlines a straightforward method using a Proxmox host mount and pass-through.
The Challenge:
Unprivileged LXCs run with limited host privileges. Directly mounting NFS or SMB shares from TrueNAS often fails due to permission issues. While creating a privileged LXC is an option, it reduces security.
The Solution: Host Mount and Pass-through
This method involves mounting the TrueNAS share on your Proxmox host and then passing it through to your unprivileged LXC.
Step 1: Install Necessary Packages on the Proxmox Host
Open your Proxmox host shell and run:
apt update && apt install -y nfs-common cifs-utils
Step 2: Create a Mount Point
Create a local directory on your Proxmox host where you'll mount the TrueNAS share:
mkdir /mnt/truenas-share
Step 3: Edit /etc/fstab for Automatic Mounting
Edit the /etc/fstab file to automatically mount the TrueNAS share on boot:
nano /etc/fstab
Add the appropriate line based on your TrueNAS share type (replace //10.0.0.2/PlexMedia and /mnt/truenas-share with your actual share path and mount point):
//10.0.0.2/PlexMedia /mnt/truenas-share cifs username=<your_username>,password=<your_password>,uid=100000,gid=100000 0 0
For NFS:
10.0.0.2:/mnt/HDD500G1/PlexMedia /mnt/truenas-share nfs defaults,_netdev 0 0
Important Note on UID and GID: For unprivileged LXCs, Proxmox remaps root (UID 0, GID 0) to an offset UID/GID (typically starting at 100000). To ensure write permissions within the LXC, we use uid=100000 and gid=100000 in the fstab entry. If you have a user inside the LXC with UID 1000 that needs access, use uid=101000 and gid=101000.
Step 4: Mount the Share
Mount the share manually to ensure the fstab entry is correct:
mount -a
Check if the share is mounted without errors:
df -h | grep truenas-share
Step 5: Pass Through the Mount Point to the LXC
Use the pct set command to pass the host mount point to your unprivileged LXC (replace 101 with your LXC ID and /mnt/truenas-share and /media/plex with your host and LXC mount points respectively):
pct set 101 -mp0 /mnt/truenas-share,mp=/media/plex
Now, within your LXC (container ID 101), the TrueNAS share will be accessible at /media/plex.
Let me know if this works for you.
