unprivileged

Hi everyone, I am trying to configure Gitlab runners with custom LXD executors inside proxmox's LXC container. Basically, I want to be able to spin-up LXC containers inside Proxmox's unprivileged LXC container. I did the following: 1. Created unprivileged Ubuntu 22.04 LXC container with...

I wasnt aware of the process how to make an unprivileged CT privileged, so I just changed "unprivileged: 1" to "unprivileged: 0" in the conf. Then I could not start docker any longer the CT, so I reversed this change. But docker could still not be started. I assume the permissions have been...

Good day everyone! I have a 5-node cluster on PVE 7.3-6 with a couple hundred unprivileged LXC, all using the Debian 11 Bullseye template. I was looking at how Netflix can serve 800Gb/s of TLS encrypted video content from a single server, and a large part of it appears to be kTLS. I also saw...

Greetings folks, I've been trying to get a Samba share set up through an unprivileged Alpine LXC container. I have a ZFS storage pool that I would like to share with this (and other) containers. Thing is I want to do this with a recursive bindmount so that I can have other containers use the...

I'm trying to create a pptp vpn gateway to my nated webserver in a unprivileged container, but there is no ppp_generic module in the proxmox server to make available to the container. I tested the same configuration in a vm, but I don't want the overhead and the security of the pptp protocol...

We would like to enbable nesting and keyctl for our LXC containers. Our customers demand these features so they can install and use Docker. There are (fairly old) posts suggesting this would be a security risk and we should be careful if we really want to do it as it could be possible for an...

https://kernelnewbies.org/Linux_5.12#ID_mapping_in_mounts They just released Linux 5.12, which can remap UIDs/GIDs of mountpoints. This is absolutely awesome feature which would mean that we don't really need to backup/restore or otherwise convert CT's filesystem when switching containers...

Hello, I recently created an lxc container in the proxmox 6.2 gui and installed a freeipa server on it. I used a centos 7 template for this. The ipa-server runs fine, but I see some unexpected behaviour in the logs and I found that I as root can not change owner or group from any created file...

After trying to restore zst backup I got: TASK ERROR: unable to restore CT 606 - command 'set -o pipefail && cstream -t 41943040 | lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- tar xpf - --zstd --totals --one-file-system -p --sparse --numeric-owner --acls --xattrs...

Hallo zusammen, je länger ich mich mit Proxmox beschäftige, desto begeisterter bin ich von den Möglichkeiten. Gleich vorab, ich bin recht neu auch im Bereich Linux. Eine Frage vorab (falls der lange Text abschreckt :-)): Wie bekomme ich SANE dazu, den USB Scanner in /dev/usb/scanner zu finden...

Hi guys, I'm trying to configure a share in my unprivileged container with id mapping. In host (Proxmox 6.2): - created user ctuser (1003:1003 in host) - both /etc/subuid, /etc/subgid look like this: root:100000:65536 ctuser:362144:65536 root:1003:1 - in...

Hi Community, I don't know if it's possible but I'm trying to add an nfs mountpoint in my container via the /etc/fstab file. This one is not mounted when starting the container, if I run manually /bin/mount -a, I have the following error: mount.nfs: Operation not permitted Host server logs ...

Hello, I have an NFS share mounted to proxmox host and I want to mount that share from host to an unprivileged container. So I added a line "mp0: /location/on/host,mp=/location/on/container" In privileged mode everything works and permissions are ok. When I switch to unprivileged mode...

Hello, I'd like to setup unprivileged containers with glusterfs mount in it. The idea is to have 1 ansible controller in each datacenter, so, in case we lost a datacenter connectivity, we still be able to run playbooks from the other datacenter. So, my lxc.idmap does the job for the bind mount...

Hello together, Currently I'm running Proxmox VE 5.4-2 (running kernel: 4.15.18-20-pve) and I wanted to have a secondary Samba 4 domain controller in an unprivileged LXC container. I installed in a container the debian-10.0-standard_10.0-1_amd64.tar.gz and upgraded it afterwards to Debian...

Hello together, Currently I'm running Proxmox VE 5.4-2 (running kernel: 4.15.18-20-pve) and I wanted to have a secondary Samba 4 domain controller in an unprivileged LXC container. I installed in a container the debian-10.0-standard_10.0-1_amd64.tar.gz and upgraded it afterwards to Debian...

I'm trying to mount a USB Zwave device in a container and I had this configuration working in an older installation but now I'm running into permission issues. Here is my conf file for the container: arch: amd64 cores: 2 hostname: hass memory: 8192 net0...

Hi, I'm running FreeIPA and I would like to use unprivileged containers so I can use Docker in containers. My Proxmox host is joined to IPA, and my containers too. My FreeIPA install uses 1284000000-1284200000 for uids and gids. This breaks with: $ cat /etc/subuid root:100000:65536 $ cat...

Hi, I'm toying with unprivileged containers in order to be able to use Docker inside them. This seems to work, but it break my FreeIPA setup. My Proxmox host is joined to FreeIPA, and my provisioning procedure for containers also joins them to FreeIPA. This means that my user is in a very...

Reading https://pve.proxmox.com/wiki/Linux_Container#_privileged_containers both Proxmox and the LXC team are recommending that we use unprivileged containers, and stop using privileged containers. So why is not the default?