Search results

Why are /dev/null and /dev/zero allowed then? Urandom is a pretty safe device node and important to many pieces of unthreatening software.

Aha, that was it. I dont specifically remember doing anything to rsyslog, but /dev/log was not there. This helped: https://unix.stackexchange.com/questions/317064/how-do-i-restore-dev-log-in-systemdrsyslog-host had to use the symlink solution at the end after restarting the systemd socket...

note that the container command (and container) seem to behave properly, just get this warning. pveversion: proxmox-ve: 5.3-1 (running kernel: 4.15.18-12-pve) pve-manager: 5.3-12 (running version: 5.3-12/5fbbbaf6) pve-kernel-4.15: 5.3-3 pve-kernel-4.15.18-12-pve: 4.15.18-35...

whenever i issue a pct comand I get setlogsock(): type='unix': path not available at /usr/share/perl5/PVE/SafeSyslog.pm line 38. Is there a path missing somewhere? This was after a recent upgrade to latest.

see https://forum.proxmox.com/threads/unprivileged-containers.26148

Not a simple fix, unfortunately. Is there a way to list specific device nodes as available to all unprivileged containers, I cant imagine a major risk exposing a read-only /dev/random or /dev/urandom to containers. How are /dev/null and /dev/zero allowed? Seems...

Seems LXC is susceptible to a container-escape problem. Just wondering about updates for this issue. https://seclists.org/oss-sec/2019/q1/119 At this point in time debian has no patches yet. https://security-tracker.debian.org/tracker/CVE-2019-5736

Why isn't centos 5.8 supported? I had to edit this code or the CentOS in /usr/share/perl5/PVE/LXC/Setup/CentOS.pm. Changed the 6 to a 5, seems to run ok: if ($release =~ m/release\s+(\d+\.\d+)(\.\d+)?/) { if ($1 >= 5 && $1 < 8) { $version = $1; }

Just ran up against this issue myself. Terrible there's no easy solution from LXC. Yeah, openVZ was far superior in accounting in many many ways -- you could get your own vmstat, your own load counter, your own IP list off each container immediately and easily - and centrally reported. Figuring...

need more details - did you move your vps container to an ext4 partition on a zvol? Creating zvols, mounting them and copying to them is general linux/zfs, not specific to promox. Lots of help on stackexchange or oracle zfs docs on how.

Solved my issue under 5.2 here: https://forum.proxmox.com/threads/cpanel-disk-quotas-for-lxc-need-help.26478/page-2#post-229811

Figured it out. Here's how: my container has a zvol on /dev/zd16: /dev/zd16 76G 5.2G 67G 8% /rpool/data/subvol-202-disk-1 added some lxc permissions to all containers (since im just running cpanel here on this node): since zd16 is brw-rw---- 1 root disk 230, 16...

ok thanks. And actually I didnt paste my latest config which was per df: /dev/zd16 76G 5.1G 67G 8% /rpool/data/subvol-202-disk-1 so it's just named that but actually on a /dev/zd* device. as for writing entries by hand - the GUI has quota=1 greyed out, and I...

solved here https://forum.proxmox.com/threads/cpanel-disk-quotas-for-lxc-need-help.26478/page-2#post-229811

All instructions for this do not work: https://pve.proxmox.com/wiki/Linux_Container#_using_quotas_inside_containers I cannot turn on quotas in the GUI even with container stopped. It is greyed out. (I am using an ext4 fs on a zvol). Near the bottom of this...

This does not work. "vm 202 - lxc.aa_profile is deprecated and was renamed to lxc.apparmor.profile" secondly a naked remount command in an lxc.conf file? "vm 202 - unable to parse config: mount -o remount,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 /" Doesnt seem correct. I...

Following along hints from https://unix.stackexchange.com/questions/450308/how-to-allow-specific-proxmox-lxc-containers-to-mount-nfs-shares-on-the-network and elsewhere, I've updated /etc/apparmor.d/lxc/lxc-default-with-mounting to include simfs in the list, and then in the lxc container's...

Im using an ascii template I created (by installing a VM off the iso, then tarring up what was in the filesystem...), I've had success using it on older Pve (5.0?) or either I missed this warning or it's new on 5.2 - maybe it's ignorable. extracting archive...

Same problem, pve5.1 won't accept a password for external vnc despite one being set. Is it the wrong username then? (Is there a username?) Works without a password, but risky to leave open.

Aha thanks, good info!!