+Mount Points
+~~~~~~~~~~~~
+
+Beside the root directory the container can also have additional mount points.
+Currently there are basically three types of mount points: storage backed
+mount points, bind mounts and device mounts.
+
+Storage backed mount points are managed by the {pve} storage subsystem and come
+in three different flavors:
+
+- Image based: These are raw images containing a single ext4 formatted file
+ system.
+- ZFS Subvolumes: These are technically bind mounts, but with managed storage,
+ and thus allow resizing and snapshotting.
+- Directories: passing `size=0` triggers a special case where instead of a raw
+ image a directory is created.
+
+Bind mounts are considered to not be managed by the storage subsystem, so you
+cannot make snapshots or deal with quotas from inside the container, and with
+unprivileged containers you might run into permission problems caused by the
+user mapping, and cannot use ACLs from inside an unprivileged container.
+
+Similarly device mounts are not managed by the storage, but for these the
+`quota` and `acl` options will be honored.
+
+WARNING: Because of existing issues in the Linux kernel's freezer
+subsystem the usage of FUSE mounts inside a container is strongly
+advised against, as containers need to be frozen for suspend or
+snapshot mode backups. If FUSE mounts cannot be replaced by other
+mounting mechanisms or storage technologies, it is possible to
+establish the FUSE mount on the Proxmox host and use a bind
+mount point to make it accessible inside the container.
+
+The root mount point is configured with the 'rootfs' property, and you can
+configure up to 10 additional mount points. The corresponding options
+are called 'mp0' to 'mp9', and they can contain the following setting:
+
+include::pct-mountpoint-opts.adoc[]
+
+.Typical Container 'rootfs' configuration
+----
+rootfs: thin1:base-100-disk-1,size=8G
+----
+
+Using quotas inside containers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Quotas allow to set limits inside a container for the amount of disk
+space that each user can use. This only works on ext4 image based
+storage types and currently does not work with unprivileged
+containers.
+
+Activating the `quota` option causes the following mount options to be
+used for a mount point:
+`usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0`
+
+This allows quotas to be used like you would on any other system. You
+can initialize the `/aquota.user` and `/aquota.group` files by running
+
+----
+quotacheck -cmug /
+quotaon /
+----
+
+and edit the quotas via the `edquota` command. Refer to the documentation
+of the distribution running inside the container for details.
+
+NOTE: You need to run the above commands for every mount point by passing
+the mount point's path instead of just `/`.
+
+
+Using ACLs inside containers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The standard Posix Access Control Lists are also available inside containers.
+ACLs allow you to set more detailed file ownership than the traditional user/
+group/others model.
+
+
+Container Network
+-----------------
+
+You can configure up to 10 network interfaces for a single
+container. The corresponding options are called 'net0' to 'net9', and
+they can contain the following setting:
+
+include::pct-network-opts.adoc[]
+
+
projects / pve-docs.git / blobdiff