Recent content by lethargos

Let me then offer a little bit of context. This is a newly installed Proxmox instance. I started with 8.1.4 (if I remember correctly) then upgraded to 8.1.10. I did play a little bit with lxc profiles in order to get that access to the network interface for nebula (as mentioned in post #3), but...

Yes, I've actually already tried this, but forgot to mention. So removing these lines and disabling nesting will result in the same apparmor error in the host syslog and permission denied/NAMESPACE-related error inside the container.

I see. That's interesting, yes. I would then like to understand where the problem might be.

Well, if you have nesting enabled, then how is your answer relevant to this topic? I might be misreading your reply though.

I should have mentioned it from the beginning, I'm not sure how it slipped. When I start the nftables service ("systemctl start nftables"), I got the above-mentioned error. Inside the container I got: I was able to circumvent this by enabling nesting on the container. But I think this gives too...

Hello, I'm trying to run nftables to do some routing inside an lxc-container, but I keep getting this error: nftables seems to be installed by default in the Debian 12 lxc-container image, so I'm not sure why this isn't working out of the box. In any case, what would be the most sensible way...

Just as a note: you don't need to enable the Firewall at the node level in order to protect the virtual machines or the containers. It's enough to enable it at the datacenter level. Enabling it at the node level is a good idea to protect the node itself, sure, but many rules at the datacenter...

hostname -f shows pve1.example.com. So to what extent should I be worried?

Hello, I would like to change the FQDN in a cluster which we mainly use to access the administrative interface. I see that in /etc/hosts both the fqdn and the one-label names are set: 127.0.0.1 localhost.localdomain localhost 10.88.88.231 pve1.example.com pve1 10.88.88.232 pve2.example.com...

@jdancer Would you mind sharing what do you go by when setting the minimum and maximum limits for the RAM with ballooning turned on?

I often had issues with the VMs not seeing all the available memory and that would lead to OOM. Also, if the minimum limit is too low, the VM might not even boot and get into kernel panic directly, as the virtual machine might see only that minium available memory, which I actually don't...

Hello, I think it would be really great if renaming firewall aliases would dynamically update the firewall rules and the security groups instead of breaking them. At the moment, renaming aliases does not update the rules/security groups which leads to them pointing to a non-existent (previous)...

I'm not sure why the fact that you can see all the disks (including the S/N) is played down like that. Does this occur with standard LXC container outside Proxmox? I know it doesn't happen with docker in any case (not that I believe docker is better) and most probably not in podman either.

I wonder how this is not a huge security concern. Why does Proxmox allow for such privileges inside a container?

Never mind, I was able to solve it with the help of this link https://bobcares.com/blog/change-hostname-proxmox/ I also had to change the "nodes" directive for /etc/pve/storage.conf to the name of the new node.