unprivileged

  1. E

    Using large range of UIDs/GIDs above 65535 in unprivileged LXC (crashing)

    Hello all, Yet another post about UID/GID mapping on unprivileged containers. Context Before referring me to wiki and forum, I am aware and have read these pages: https://pve.proxmox.com/wiki/Unprivileged_LXC_containers https://forum.proxmox.com/threads/lxc-uid-mapping-woes.99376/...
  2. P

    [solved] Unable to "pct create" an unprivileged debian container

    Hi, I'm using Proxmox PVE 8.1. Creating unprivileged containers using the WebGUI works fine, but I'm unable to create an unpriviledged container using the pct create command line tool and even worse I'm unable to find my mistake. Thus your help is very much appreciated. #Creating an privileged...
  3. L

    If NFS is not available cant start Container

    Hi, I have 2 containers one privileged and another unprivileged both have the same configuration on /etc/fstab They both start if the NFS storage is available. However, when NFS storage is not available, the unprivileged container fails to start and the privileged starts but never connects to...
  4. K

    nextcloud-data mount in unprivilegiertem LXC verhält sich seltsam

    Hallo zusammen, Ich versuche aktuell, eine Nextcloud zum Laufen zu bringen, bei der ich die Daten gerne auf dem NAS ablegen möchte, den Container selbst aber auf dem Host. Dazu habe ich auf dem PVE über die fstab einen CIFS Share (uid und gid = 100033 [www-data]) eingebunden und per mount an den...
  5. F

    Cannot write to local NFS mount from either root or within CTs

    hi everyone, i'm having a blast using proxmox! I'm facing an issue with how i want to organize my lxc infrastructure. here a brief roundup of the setup: single node (neuromancer) running both VMs and CTs zfs pool ("vault") with a few datasets (both used for proxmox storage and user storage)...
  6. B

    Do idmaps for bind mounts in multiple unprivileged containers require separate users?

    Hi folks, I have been using the unprivileged containers wiki guide to bind mount a directory for containerA (uid+guid 1000), which works grand. When I tried to do a similar thing for a separate mount point for containerB (also uid+gid 1000), things went awry. Using the same idmap lxc config...
  7. H

    ZFS 2.2.0 Released: ID mapping of unprivileged containers during mount

    https://github.com/openzfs/zfs/releases/tag/zfs-2.2.0 OpenZFS 2.2.0 - Lists following new features: Linux container support (#12209, #14070, #14097, #12263) - Added support for Linux-specific container interfaces such as renameat(2), support for overlayfs, idmapped mounts in a user namespace...
  8. S

    uid/gid allocation for nested LXD in unprivileged container

    Hi everyone, I am trying to configure Gitlab runners with custom LXD executors inside proxmox's LXC container. Basically, I want to be able to spin-up LXC containers inside Proxmox's unprivileged LXC container. I did the following: 1. Created unprivileged Ubuntu 22.04 LXC container with...
  9. M

    CT not properly working after manually making privileged

    I wasnt aware of the process how to make an unprivileged CT privileged, so I just changed "unprivileged: 1" to "unprivileged: 0" in the conf. Then I could not start docker any longer the CT, so I reversed this change. But docker could still not be started. I assume the permissions have been...
  10. J

    [SOLVED] NGINX with kTLS on unprivileged LXC on Proxmox 7.3

    Good day everyone! I have a 5-node cluster on PVE 7.3-6 with a couple hundred unprivileged LXC, all using the Debian 11 Bullseye template. I was looking at how Netflix can serve 800Gb/s of TLS encrypted video content from a single server, and a large part of it appears to be kTLS. I also saw...
  11. E

    rbind-ing a zfs mountpoint for LXC containers not working as expected

    Greetings folks, I've been trying to get a Samba share set up through an unprivileged Alpine LXC container. I have a ZFS storage pool that I would like to share with this (and other) containers. Thing is I want to do this with a recursive bindmount so that I can have other containers use the...
  12. K

    ppp_generic module missing proxmox 7

    I'm trying to create a pptp vpn gateway to my nated webserver in a unprivileged container, but there is no ppp_generic module in the proxmox server to make available to the container. I tested the same configuration in a vm, but I don't want the overhead and the security of the pptp protocol...
  13. G

    LXC Unprivileged enabling docker - Security risk?

    We would like to enbable nesting and keyctl for our LXC containers. Our customers demand these features so they can install and use Docker. There are (fairly old) posts suggesting this would be a security risk and we should be careful if we really want to do it as it could be possible for an...
  14. H

    Linux 5.12 - ID Maping for Unprivileged CTs!

    https://kernelnewbies.org/Linux_5.12#ID_mapping_in_mounts They just released Linux 5.12, which can remap UIDs/GIDs of mountpoints. This is absolutely awesome feature which would mean that we don't really need to backup/restore or otherwise convert CT's filesystem when switching containers...
  15. R

    [SOLVED] can not 'chown' folder or file in unprivileged lxc container proxmox ve 6.2

    Hello, I recently created an lxc container in the proxmox 6.2 gui and installed a freeipa server on it. I used a centos 7 template for this. The ipa-server runs fine, but I see some unexpected behaviour in the logs and I found that I as root can not change owner or group from any created file...
  16. Y

    Restoring failed

    After trying to restore zst backup I got: TASK ERROR: unable to restore CT 606 - command 'set -o pipefail && cstream -t 41943040 | lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- tar xpf - --zstd --totals --one-file-system -p --sparse --numeric-owner --acls --xattrs...
  17. A

    Neue USB Gerätenummer nach jedem Einschalten (USB Scanner als headless scan station in LXC)

    Hallo zusammen, je länger ich mich mit Proxmox beschäftige, desto begeisterter bin ich von den Möglichkeiten. Gleich vorab, ich bin recht neu auch im Bereich Linux. Eine Frage vorab (falls der lange Text abschreckt :-)): Wie bekomme ich SANE dazu, den USB Scanner in /dev/usb/scanner zu finden...
  18. E

    ZFS (NFS) dataset shared inside of unprivileged LXC/VM

    Hi guys, I'm trying to configure a share in my unprivileged container with id mapping. In host (Proxmox 6.2): - created user ctuser (1003:1003 in host) - both /etc/subuid, /etc/subgid look like this: root:100000:65536 ctuser:362144:65536 root:1003:1 - in...
  19. M

    [SOLVED] Lxc unprivileged - mount from /etc/fstab file

    Hi Community, I don't know if it's possible but I'm trying to add an nfs mountpoint in my container via the /etc/fstab file. This one is not mounted when starting the container, if I run manually /bin/mount -a, I have the following error: mount.nfs: Operation not permitted Host server logs ...
  20. S

    NFS mount inside an unprivileged container

    Hello, I have an NFS share mounted to proxmox host and I want to mount that share from host to an unprivileged container. So I added a line "mp0: /location/on/host,mp=/location/on/container" In privileged mode everything works and permissions are ok. When I switch to unprivileged mode...

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!