Search results

The apparmor profile solution worked fine until Proxmox 5.0 released LXC 2.1. Now, it no longer works, /proc is no longer mounted with hidepid=2 mount option inside the container. That's how I tried: # /etc/apparmor.d/lxc/lxc-default-cgns-with-proc-remount # Do not load this file. Rather...

I still don't quite get the point. What is your general advice, to either use cpulimit or cores or both combined? Does cores just (visually, e.g. via htop) hide the other cores but itself is not limiting the container to those cores, or does it actually do similar CPU scheduling as cpulimit...

AFAIK there is no easy solution to install Proxmox VE on ZFS on top of a LUKS encrypted volume. For us, both ZFS and encryption are strong requirements and we would prefer to use the Proxmox VE installer to get this up and running as fast as possible. Installing Proxmox VE on top of a plain...

Thanks a lot for this fast reaction time and for pushing it soon after to the pve-no-subscription repo.

Can you give us a time frame when kernel 4.4.19-1-pve (latest available AFAIK) is going to be patched for CVE-2016-5195 / Dirty COW ?

Thanks for the explanation @wbumiller The following might be a bit off-topic, but I would finally like to understand the default mounts inside an LXC container... We now run into another weird issue. If we create a new LXC container from the debian-8.0-standard_8.4-1_amd64.tar.gz template, we...

So, seriously, there is no "unlimited" flag or anything similar in LXC? Simply selecting a huge value seems a bit messy in my eyes, more of a dirty workaround than a real solution. (a bit off-topic) Also, I am confused about all CPU cores being displayed inside the container, no matter which...

Good question! I was also quite confused about these new defaults. I am comparing a plain Debian Jessie OpenVZ container on ProxmoxVE 3.4: $ mount | grep proc proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) vs. a plain Debian Jessie LXC container on ProxmoxVE 4.2: $ mount | grep...

How can I set CPU usage and memory to unlimited for a LXC container? This is used for a single CT which should be able to use all physical system resources. In some situations the Proxmox host node hosts 2 LXC containers, both without such limits. In more than 99% of the time it does only host a...

It was a container which was converted from OpenVZ. Basically I went this direct migration path (migration via `vzdump` and `pct restore` definitely is no option for us and I am going to propose the following as alternative migration path): Stopped all containers (actually replicated them via...

I am still getting the following DENIED apparmor messages upon container start: [376680.591775] audit: type=1400 audit(1472542357.517:395): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default-cgns-with-proc-remount" name="/" pid=8574...

Great, thanks! Now it works. Remounting worked with the following command: $ mount -o remount,relatime,hidepid=2 /proc I had to add the `relatime` flag as it was there before and as I put it into the AppArmor profile as required option. Don't quite get it, why I need to specify it...

Thanks @wbumiller for these detailed instructions. Couldn't get it running yet, though. Reloading the new AppArmor profile with apparmor_parser did not report any errors. Tried it with the following in /etc/pve/lxc/$VMID.conf (which is the correct syntax?): lxc.aa_profile...

besides, setting hidepid=2 on the ProxmoxVE host node has no effect on the LXC containers either. hn$ mount -o remount,hidepid=2 /proc hn$ mount | grep proc proc on /proc type proc (rw,relatime,hidepid=2) On the host node itself, this works just fine.

How can I set proc (/proc) mount options for an LXC container on ProxmoxVE 4.2 (using ZFS storage)? I am talking about hidepid=2, which means: Users are only able too see their own processes (like with hidepid=1), but also the other process IDs are hidden for them in /proc. On Proxmox 3.4 this...

Thanks @dietmar and @LnxBil for your great support. I will then stick with the hardcoded naming scheme. Finally, I also found the right spot in the documentation: https://pve.proxmox.com/wiki/Storage:_ZFS#Using_ZFS_Storage_Plugin_.28via_Proxmox_VE_GUI_or_shell.29 I followed this recommendation...

I have setup a ZFS local storage on latest ProxmoxVE 4.2 with the following options: ID: zfs-containers ZFS Pool: rpool/ROOT Content: Container When creating a new LXC container via ProxmoxVE WebUI Create CT, it get's mounted and name as follows: $ zfs list NAME USED AVAIL REFER...

We are considering to employ Proxmox Mail Gateway in the near future. One major concern is the handling of blacklists/whitelists per receiver domain or even per single recipient: Is this possible through the mail filter rule configuration? Will the mail filter with hundreds or even several...

Can you please confirm this: Second-level quotas in an OpenVZ container (using QUOTAUGIDLIMIT) are not working at all if the underlying filesystem is ZFS? We are running Proxmox VE 3.4 with ZFS on Linux 0.6.4.1 and using 100% OpenVZ CTs, no KVM VMs. We desperately need second level quotas in...

So, you're planning to change that in your next iso build? Would really appreciate!