unprivileged

  1. E

    ZFS (NFS) dataset shared inside of unprivileged LXC/VM

    Hi guys, I'm trying to configure a share in my unprivileged container with id mapping. In host (Proxmox 6.2): - created user ctuser (1003:1003 in host) - both /etc/subuid, /etc/subgid look like this: root:100000:65536 ctuser:362144:65536 root:1003:1 - in...
  2. M

    [SOLVED] Lxc unprivileged - mount from /etc/fstab file

    Hi Community, I don't know if it's possible but I'm trying to add an nfs mountpoint in my container via the /etc/fstab file. This one is not mounted when starting the container, if I run manually /bin/mount -a, I have the following error: mount.nfs: Operation not permitted Host server logs ...
  3. S

    NFS mount inside an unprivileged container

    Hello, I have an NFS share mounted to proxmox host and I want to mount that share from host to an unprivileged container. So I added a line "mp0: /location/on/host,mp=/location/on/container" In privileged mode everything works and permissions are ok. When I switch to unprivileged mode...
  4. V

    permissions in /home messed after adding some idmap

    Hello, I'd like to setup unprivileged containers with glusterfs mount in it. The idea is to have 1 ansible controller in each datacenter, so, in case we lost a datacenter connectivity, we still be able to run playbooks from the other datacenter. So, my lxc.idmap does the job for the bind mount...
  5. C

    Samba secondary DC in an unprivileged LXC container with Debian Buster

    Hello together, Currently I'm running Proxmox VE 5.4-2 (running kernel: 4.15.18-20-pve) and I wanted to have a secondary Samba 4 domain controller in an unprivileged LXC container. I installed in a container the debian-10.0-standard_10.0-1_amd64.tar.gz and upgraded it afterwards to Debian...
  6. C

    Samba secondary DC in an unprivileged LXC container with Debian Buster - ..."security.NTACL") failed: Operation not permitted (1)

    Hello together, Currently I'm running Proxmox VE 5.4-2 (running kernel: 4.15.18-20-pve) and I wanted to have a secondary Samba 4 domain controller in an unprivileged LXC container. I installed in a container the debian-10.0-standard_10.0-1_amd64.tar.gz and upgraded it afterwards to Debian...
  7. O

    Permission issue with mounting USB

    I'm trying to mount a USB Zwave device in a container and I had this configuration working in an older installation but now I'm running into permission issues. Here is my conf file for the container: arch: amd64 cores: 2 hostname: hass memory: 8192 net0...
  8. K

    Can I ask an uid range not to be mapped in an unprivileged container

    Hi, I'm running FreeIPA and I would like to use unprivileged containers so I can use Docker in containers. My Proxmox host is joined to IPA, and my containers too. My FreeIPA install uses 1284000000-1284200000 for uids and gids. This breaks with: $ cat /etc/subuid root:100000:65536 $ cat...
  9. K

    FreeIPA and unprivileged containers

    Hi, I'm toying with unprivileged containers in order to be able to use Docker inside them. This seems to work, but it break my FreeIPA setup. My Proxmox host is joined to FreeIPA, and my provisioning procedure for containers also joins them to FreeIPA. This means that my user is in a very...
  10. C

    [SOLVED] Why is unprivileged container not the default?

    Reading https://pve.proxmox.com/wiki/Linux_Container#_privileged_containers both Proxmox and the LXC team are recommending that we use unprivileged containers, and stop using privileged containers. So why is not the default?
  11. D

    Cannot create Unprivledged container - not permitted on urandom and random

    I am trying to create a Nextcloud container, but it is saying it is not permitted to mknod urandom and random. I don't know what this means, but I am having trouble finding the solution. I do not know what you need to know to help me, so please let me know. Thanks in advance. Formatting...
  12. R

    User mapping breaks unprivileged containers

    Hi, I'm trying to bind-mount a folder in an unprivileged container and be able to read-write-create files on that mount. But so far I was only able to mount the folder but from within the container it is not possible to even see the contents of the folder (nobody permissions). So I'm trying...
  13. J

    Mount LVM in Unprivileged LXC Containers

    I am trying to mount a host LVM to multiple unprivileged containers but having little luck. Here is the relevant parts of my unprivileged container conf file. What I have done: Created a uid/gid on the HOST and CONTAINER for app-files (1005) mp0: local-lvm:vm-108-disk-3,mp=/mnt/MYDIR...
  14. D

    Permission issues when administering unpriviliged containers

    On a completely fresh install of Proxmox VE 5.1, I'm unable to create unprivileged containers from templates and creating backups. I get permission errors when I try. The issue with creating the containers seems to be that templates gets saved with root ownership and strict permissions that...
  15. S

    privileged versus unprivileged LXC

    Hi, Where to see if a linux container is privileged or not? Rephrased: How to check if a CT is unprivileged? At https..//pve.proxmox.com/wiki/Unprivileged_LXC_containers is only stated it must be set during create. Nothing the check the result. I did create through rest API and can't see...
  16. S

    [SOLVED] Presenting a CIFS share to a Container

    I have mounted a CIFs share in my proxmox host that presents files as owned by foo:users. Foo's id is 1002. I want to present this share to a unprivileged container, I'm assuming using a bind mount. The user in the container has id 1000:1000, and creates files like so. I have added the...
  17. F

    Unprivileged CT issues after install

    I am using unprivi CTs for the first time. Build: prox 5 ve 2x Dell R720 with 6xSAS drives each in hardware RAID10 running default local thin LVM storage. Dual e5-2640 CPUs, 64GB ram etc. Findings: Downloaded the centos 6 template (v20161207) via the prox ve. Did a yum update. Everything works...
  18. J

    LXC restore from NFS failed

    Hi. I've dumped an existing unprivileged LXC container to NFS storage and then tried to restore it on the same Proxmox server with unprivileged box ticked. The restoration has failed with the following error: ... extracting archive...
  19. S

    Unprivileged Bind Mounts and multiple access

    Say I have 5 containers each running an application. For each I have bind mounted a directory: /mnt/container_data/container1 /mnt/container_data/container2 etc Where the application will contain all its application data. I now create a further container running a backup application. To that...
  20. A

    change limits for unprivileged container

    How do change (persistent) limits (open files) for unprivileged containers? root@container1:~# ulimit -n 65536 -bash: ulimit: open files: cannot modify limit: Operation not permitted prlimit - not affected changes in pvenode:/etc/security/limit.conf - not affected

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!