unprivileged container

Sorry for what I'm sure is an exceedingly stupid question, but is this an insecure way to mount an external disk to an unprivileged container? I added this to /etc/fstab, the disk mounts at boot, and I have rwx permissions as the user with ID 101000 in the container: UUID=XXXX-XXXX /mnt/files...

Hi, I just finished doing uid and gid mapping on a non-privileged container for gpu passthrough and the container boots fine. This container will run jellyfin and yes I know they say to use privileged containers but for security reasons I couldn't. I got to the point where it says to install the...

Hello, I managed to follow the directions at https://pve.proxmox.com/wiki/Unprivileged_LXC_containers (and a forum post on here) and get a LXC read/write access to a NFS mountpoint from my host. However, I was wondering what security issues this brings up as I am trying to avoid using a...

I am running a multi-user PVE with a binding to an active directory of ~200+ active users. I would like to enforce the usage of unprivileged containers only, i.e. I would like to disable the option for users to untick the unprivileged option when creating containers. Is that possible? How?

A quick validation question for the gurus here: Is it possible to bind mount a host directory to multiple LXC containers and not run into disk write conflicts? Let's say there is a folder [or entire drive] on the host at /mnt/ssd/myfolder. And I have multiple unprivileged LXC containers, say...

Howdy folks, Brand new Proxmox user and I've hit a roadblock with NFS shares in an unprivileged LXC container. I've been trying to bind mount and map based off this guide. My UID/GID 3000 mapping in the VM confs look like this: ... lxc.idmap = u 0 100000 3000 lxc.idmap = g 0 100000 3000...

Howdy folks, Brand new Proxmox user and I've hit a roadblock with NFS shares in an unprivileged LXC container. I've been trying to bind mount and map based off this guide. My UID/GID 3000 mapping in the VM {id}.conf looks like this: ... lxc.idmap = u 0 100000 3000 lxc.idmap = g 0 100000 3000...

Hi friends hope you're doing well. After reading this very usefull (not enough for my dumb person) explanation on bind mounts for unprivileged containers on proxmox ( + this ) i got this silly question. i always need a real life example. Hope some cool person will kindly give me a hint. I...

Hello everybody, I wanted to install a self-hosted instance of gitlab on my proxmox node and I wanted to avoid a VM because I wanted to avoid to run the gitlab database inside a virtual disk and I wanted to avoid a privileged container because the gitlab webserver could be faced to the public...

Hello, I created several Unprivileged LXC container to start my home server. Right now I have a container that serves as a fileserver and a container that serves to download torrents. I applied on each container the way to bind a mount point from a host by following the wiki on Unprivileged...

Hi, I'm facing some issues trying to build a sock5 proxy container (with docker-ce) inside an unprivileged lxc container. I put the feature "mknod=1" (which is experimental I get it.) No matter this feature, the command mknod performed inside my lxc container returns an error ~# mknod...

Hello, I have installed Collabora Online Development Edition in unprivileged CT of Proxmox (and Nextcloud on an other CT) : LOOLWSD 6.4.10 (git hash: b4fa48ef) Collabora Office 6.4-45 (git hash: a21347f) It is on a "Debian GNU/Linux 10 (buster)" unprivileged CT of Proxmox with...

Hello guys, i trying to get proxmox + nextcloud container (from Turnkey image) to host my nextcloud files on USB hard drive. Let's begin: 1. I create a user id, a group id with value 2000 and add the new user to new group on pve host. 2. I do the samething on nextcloud container, so user id and...

Hey I downloaded the turnkey file-server, then bound mounted some zfs storage, I cannot write to the storage, (nobody,nogroup) I followed this guide: https://pve.proxmox.com/wiki/Unprivileged_LXC_containers but it didn't work ! (I try to run sleep from the container and it get 101005 uid in...