Recent content by mathx

  1. /proc and /sys missing for pct enter container but exists for ssh session in

    Something funky with pct enter -- this just stared happening, wasnt occuring before. Something's changed (no no packages have been updated on the container that i know of... but obviously something changed while I wasnt looking...) root@arch:/etc/pve/nodes/arch/lxc# pct enter 909 website:/# ps...
  2. Unprivileged containers

    There is some security risk to that. It should not be done without knowledge of what its effects are.
  3. cPanel Disk Quotas for LXC - need help

    Solution is for zfs to support quotas in lxc, but it can't yet apparently.
  4. Disk quota inside LXC container.

    did you follow my link to the other thread...?
  5. Proxmox and SACK attack - CVE-2019-11477, CVE-2019-11478, CVE-2019-11479

    Which version is the minimal fixed version #? pve-kernel-4.15.18-16-pve amd64 4.15.18-41 [52.5 MB] pve-kernel-4.15.18-12-pve amd64 4.15.18-36 [52.5 MB] during a single update, want to be sure which of my other hosts need upgrading.
  6. cPanel Disk Quotas for LXC - need help

    Update: this of course doenst dynamically generate the lxc.cgroup.devices.allow = b 230:16 rwm entry which should extend to all 230:* device nodes. If you have a trusted environment, could add entries for as many volumes as you think you'll ever need (ie :32 :48 :64 etc etc on up, seems to...
  7. cPanel Disk Quotas for LXC - need help

    Some more helpful details - I guess I hadn't rebooted since tuning - and /dev/zd## drives can renumber randomly if you've created/removed other zvols. At any rate, for whatever reason, they changed on me. So instead of using rootfs:/dev/zd16 for eg in your rootfs lxc/$CTID.conf file options...
  8. Unprivileged containers

    Why are /dev/null and /dev/zero allowed then? Urandom is a pretty safe device node and important to many pieces of unthreatening software.
  9. issuing any pct commands causes setlogsock(): type='unix': path not available at /usr/share/perl5/PV

    Aha, that was it. I dont specifically remember doing anything to rsyslog, but /dev/log was not there. This helped: https://unix.stackexchange.com/questions/317064/how-do-i-restore-dev-log-in-systemdrsyslog-host had to use the symlink solution at the end after restarting the systemd socket...
  10. issuing any pct commands causes setlogsock(): type='unix': path not available at /usr/share/perl5/PV

    note that the container command (and container) seem to behave properly, just get this warning. pveversion: proxmox-ve: 5.3-1 (running kernel: 4.15.18-12-pve) pve-manager: 5.3-12 (running version: 5.3-12/5fbbbaf6) pve-kernel-4.15: 5.3-3 pve-kernel-4.15.18-12-pve: 4.15.18-35...
  11. issuing any pct commands causes setlogsock(): type='unix': path not available at /usr/share/perl5/PV

    whenever i issue a pct comand I get setlogsock(): type='unix': path not available at /usr/share/perl5/PVE/SafeSyslog.pm line 38. Is there a path missing somewhere? This was after a recent upgrade to latest.
  12. Cannot create Unprivledged container - not permitted on urandom and random

    see https://forum.proxmox.com/threads/unprivileged-containers.26148
  13. Unprivileged containers

    Not a simple fix, unfortunately. Is there a way to list specific device nodes as available to all unprivileged containers, I cant imagine a major risk exposing a read-only /dev/random or /dev/urandom to containers. How are /dev/null and /dev/zero allowed? Seems...
  14. Updates re CVE-2019-5736: runc / lxc container escape vulnerability

    Seems LXC is susceptible to a container-escape problem. Just wondering about updates for this issue. https://seclists.org/oss-sec/2019/q1/119 At this point in time debian has no patches yet. https://security-tracker.debian.org/tracker/CVE-2019-5736
  15. lxc-start fails! --> unsupported Ubuntu version '18.04'

    Why isn't centos 5.8 supported? I had to edit this code or the CentOS in /usr/share/perl5/PVE/LXC/Setup/CentOS.pm. Changed the 6 to a 5, seems to run ok: if ($release =~ m/release\s+(\d+\.\d+)(\.\d+)?/) { if ($1 >= 5 && $1 < 8) { $version = $1; }

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!