Use nsenter with pid:host to run zpool in host mount namespace

docker-compose.yml

@@ -5,16 +5,13 @@ services:
     container_name: jbod-monitor
     restart: unless-stopped
     privileged: true
+    pid: host
     network_mode: host
     volumes:
       - /dev:/dev
       - /sys:/sys:ro
       - /run/udev:/run/udev:ro
-      - /usr/sbin/zpool:/host/zpool:ro
-      - /usr/sbin/zfs:/host/zfs:ro
-      - /lib/x86_64-linux-gnu:/host/lib:ro
     environment:
       - TZ=America/Denver
       - UVICORN_LOG_LEVEL=info
-      - ZPOOL_BIN=/host/zpool
+      - ZFS_USE_NSENTER=true
-      - ZFS_HOST_LIB=/host/lib

services/zfs.py

@@ -15,16 +15,18 @@ async def get_zfs_pool_map() -> dict[str, str]:
     """
     pool_map = {}
     try:
-        env = os.environ.copy()
+        # When running in a container with pid:host, use nsenter to run
-        host_lib = os.environ.get("ZFS_HOST_LIB")
+        # zpool in the host mount namespace so it finds its own libs.
-        if host_lib:
+        use_nsenter = os.environ.get("ZFS_USE_NSENTER", "").lower() in ("1", "true")
-            env["LD_LIBRARY_PATH"] = host_lib
+        if use_nsenter:
+            cmd = ["nsenter", "-t", "1", "-m", "--", "zpool", "status", "-P"]
+        else:
+            cmd = [ZPOOL_BIN, "status", "-P"]
 
         proc = await asyncio.create_subprocess_exec(
-            ZPOOL_BIN, "status", "-P",
+            *cmd,
             stdout=asyncio.subprocess.PIPE,
             stderr=asyncio.subprocess.PIPE,
-            env=env,
         )
         stdout, _ = await proc.communicate()
         if proc.returncode != 0: