How to add or mount directory in LXD (Linux container)

I have two LXD containers running. One is for Nginx, and another is for processing data. I need to share data between two containers. How do I add or mount a shared directory between two?

One can manage devices of running containers using lxc command. To add devices such as directory to containers, use lxc config device add command. This page explains how to add a host directory to an LXD container

How add or mount directory in LXD/LXC

The procedure to mount directories in LXD as follows:

  1. Open the terminal application
  2. For remote LXD/Linux server login using the ssh command
  3. To mount the host’s /wwwdata/ directory onto /var/www/html/ in the LXD container named c1, run:
    lxc config device add c1 sharedwww disk source=/wwwdata/ path=/var/www/html/
  4. Verify that directory has been mounted onto c1 container by running:
    lxc exec c1 -- "ls /var/www/html"

Let us see all steps in detail for mounting directories as both in read-only and read/write mode onto containers.

Mounting your home directory in LXD (read-only)

The syntax is as follows:
lxc config device add {container-name} {name} disk source={/path/to/source/dir/} path={/path/to/dest/onto/container/}
Let us create a new container named c1:
lxc launch images:centos/8/amd64 c1
lxc list c1

Create a new directory named /dest/ onto container named c1, run:
lxc exec c1 -- "mkdir /dest/"
lxc exec c1 -- "ls -ld /dest/"

Mount your $HOME (/home/vivek/) directory onto c1 at /dest/ in read only:
lxc config device add c1 myhomedir disk source=$HOME path=/dest/
lxc config device add c1 myhomedir disk source=/home/vivek/ path=/dest/
Please note that if /dest/ directory does not exist, it will be created automatically by above lxc command. Now that disk added onto c1, verify it:
lxc config device show c1
Restart the container to verify that settings remain valid:
lxc restart c1
lxc config device show c1
## login onto c1 container ##
lxc exec c1 bash
cd /dest/
ls -l
## is it read-only or read-write? ##
mkdir foo

How to remove/delete/unmount directory from an LXD container

To remove container devices such as disk named myhomedir from c1 container, run:
lxc config device remove c1 myhomedir
Device myhomedir removed from c1

Verify it:
lxc config device show c1

Add a shared host directory to an LXC/LXD container (read-write mode)

By default, the root user is not allowed to modify files inside containers from a host. It is a security feature of LXD. In other words, you need to remap your user ID if you need read-write access for mounted folders.

The subordinate gid file

Each line in /etc/subgid contains a user name and a range of subordinate group ids that user is allowed to use. This file specifies the group IDs that ordinary users can use, with the newgidmap command, to configure gid mapping in a user namespace. This is specified with three fields delimited by colons (“:). Use the cat command:
cat /etc/subgid
Sample outputs:


Whre fields are:

  • vivek – Login name or UID on host
  • 100000 – Numerical subordinate group ID
  • 65536 – Numerical subordinate group ID count

The subordinate uid file

Again, each line in /etc/subuid contains a user name and a range of subordinate user ids that user is allowed to use. This file specifies the user IDs that ordinary users can use, with the newuidmap command, to configure uid mapping in a user namespace. To view this file, run:
cat /etc/subuid
Sample outputs:


How to allow LXD to remap your user ID on the host

Use the id command to find out your uid/gid:
Sample outputs:

uid=1000(vivek) gid=1000(vivek) groups=1000(vivek),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),115(lpadmin),116(sambashare),998(lxd)

Next, I am going to allow the LXD demon which is running as root to remap my host’s user ID inside a container:
echo "root:1000:1" | sudo tee -a /etc/subuid /etc/subgid
This is a one time set up and no need to repeat. Make sure file has been updated:
cat /etc/{subuid,subgid}

How to remap your user ID inside the container

Find UID inside the container for the user named vivek (user account must exist inside the c1):
lxc exec c1 bash
grep ^vivek /etc/passwd

Create a user account named if no output displayed by above grep command:
lxc exec c1 bash
adduser vivek
id vivek

Type the following command to map both the UID and the GID, from the host’s UID (1000) to the c1 container’s 1000 UID (vivek):
lxc config set c1 raw.idmap "both 1000 1000"
Restart the container to settings take effect:
lxc restart c1
Finally, mount and map the directory in a read/write mode:
lxc config device add c1 myhomedir disk source=/home/vivek/ path=/home/vivek/
lxc config show c1

Test it

lxc exec c1 bash
cd /home/vivek
mkdir delta
echo "" > test.txt
cat test.txt
rmdir delta
## back to host ##
## make sure bar.txt still exists on host ##
ls -l test.txt
cat test.txt

Successfully mounted hosts /home/vivek/ directory onto c1 containers in read-write mode


You learned how to bind-mount your Linux home directory in LXD either in read-only or read-write mode by mapping UID/GID. This feature is handy to mount high availability storage into a container. See LXD project docs for more info.

🐧 Please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

Comments on this entry are closed.

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @