“EPERM: Operation not permitted.” when adding bind mount as datastore

[norbo80]

Hello,

I had Proxmox Backup Server (PBS) installed bare metal with Proxmox Virtual Environment (PVE). Following advice from fellow Redditors, I decided to set up PBS within an LXC container. During my initial installation, I had a ZFS pool on an external HDD. Now, I’ve imported the Zpool into PVE using the command

zpool import BackupHDD -f
then I added mp0: /mnt/BackupHDD,mp=/mnt/BackupHDD to /etc/pve/lxc/101.conf (binding)

Now I can see my files from external HDD in /mnt/BackupHDD on the LXC container. However, when I try to add /mnt/BackupHDD as a datastore in PBS, I receive the error message: “EPERM: Operation not permitted.”

Here are some details:

• The permissions on the host for /mnt/BackupHDD
  owned by nobody:nogroup
  .
• The LXC container is not locked.
• Container is unprevileged

I tried also add to /etc/pve/lxc/101.conf:

lxc.idmap: u 0 100000 1005
lxc.idmap: g 0 100000 1005

But I'm not sure if I do this correctly.


/etc/pve/lxc/101.conf

arch: amd64
cores: 2
features: nesting=1
hostname: pbs
memory: 2048
mp0: /mnt/datastore/BackupHDD,mp=/mnt/BackupHDD
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.250.1,hwaddr=BC:24:11:D2:62:CC,ip>
ostype: debian
rootfs: local-lvm:vm-101-disk-0,size=16G
swap: 2048
unprivileged: 1
lxc.idmap: u 0 100000 1005
lxc.idmap: g 0 100000 1005

root@pve:/mnt/datastore/BackupHDD# ls -l
total 6
drwxr-xr-x 4 backup backup    4 Feb 12 20:31 ct
drwxr-xr-x 2 root   root      3 Feb 10 18:04 hostbackup
-rw-r--r-- 1 root   root   1444 Feb 10 18:03 hostbackuppve-root-backup-2024_02_10.tar.gz

root@pve:/mnt/datastore/BackupHDD# id backup
uid=34(backup) gid=34(backup) groups=34(backup)
root@pve:/mnt/datastore/BackupHDD# id root
uid=0(root) gid=0(root) groups=0(root)

PBS:

root@pbs:/mnt/BackupHDD# ls -l
total 6
drwxr-xr-x 4 nobody nogroup    4 Feb 12 19:31 ct
drwxr-xr-x 2 nobody nogroup    3 Feb 10 17:04 hostbackup
-rw-r--r-- 1 nobody nogroup 1444 Feb 10 17:03 hostbackuppve-root-backup-2024_02_10.tar.gz

pbs:/mnt/BackupHDD# id nobody
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)

Any ideas on how to resolve this issue? Has anyone encountered a similar problem?

 

[p2imal]

Hello,

I had Proxmox Backup Server (PBS) installed bare metal with Proxmox Virtual Environment (PVE). Following advice from fellow Redditors, I decided to set up PBS within an LXC container. During my initial installation, I had a ZFS pool on an external HDD. Now, I’ve imported the Zpool into PVE using the command

zpool import BackupHDD -f
then I added mp0: /mnt/BackupHDD,mp=/mnt/BackupHDD to /etc/pve/lxc/101.conf (binding)

Now I can see my files from external HDD in /mnt/BackupHDD on the LXC container. However, when I try to add /mnt/BackupHDD as a datastore in PBS, I receive the error message: “EPERM: Operation not permitted.”

Here are some details:

• The permissions on the host for /mnt/BackupHDD
  owned by nobody:nogroup
  .
• The LXC container is not locked.
• Container is unprevileged

I tried also add to /etc/pve/lxc/101.conf:

lxc.idmap: u 0 100000 1005
lxc.idmap: g 0 100000 1005

But I'm not sure if I do this correctly.


/etc/pve/lxc/101.conf

arch: amd64
cores: 2
features: nesting=1
hostname: pbs
memory: 2048
mp0: /mnt/datastore/BackupHDD,mp=/mnt/BackupHDD
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.250.1,hwaddr=BC:24:11:D2:62:CC,ip>
ostype: debian
rootfs: local-lvm:vm-101-disk-0,size=16G
swap: 2048
unprivileged: 1
lxc.idmap: u 0 100000 1005
lxc.idmap: g 0 100000 1005

root@pve:/mnt/datastore/BackupHDD# ls -l
total 6
drwxr-xr-x 4 backup backup    4 Feb 12 20:31 ct
drwxr-xr-x 2 root   root      3 Feb 10 18:04 hostbackup
-rw-r--r-- 1 root   root   1444 Feb 10 18:03 hostbackuppve-root-backup-2024_02_10.tar.gz

root@pve:/mnt/datastore/BackupHDD# id backup
uid=34(backup) gid=34(backup) groups=34(backup)
root@pve:/mnt/datastore/BackupHDD# id root
uid=0(root) gid=0(root) groups=0(root)

PBS:

root@pbs:/mnt/BackupHDD# ls -l
total 6
drwxr-xr-x 4 nobody nogroup    4 Feb 12 19:31 ct
drwxr-xr-x 2 nobody nogroup    3 Feb 10 17:04 hostbackup
-rw-r--r-- 1 nobody nogroup 1444 Feb 10 17:03 hostbackuppve-root-backup-2024_02_10.tar.gz

pbs:/mnt/BackupHDD# id nobody
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)

Any ideas on how to resolve this issue? Has anyone encountered a similar problem?

Darn, I just stumbled on your post and was surprised to see no answer.

I'm tryring to do something similar and running into the same issue. Only difference is I have an NFS share that I'm passing through to my PBS container from PVE and attempting to mount that as a datastore. Getting the generic "EPERM: Operation not permitted." when attemping to create the datastore.

It's got to be something with privileges on the /mnt/$folder when it gets passed to the container as I see it owned by nobody:nogroup.

I keep running into small roadblocks like this and think I'm just going to run PBS as a VM on my PVE node and mount the NFS share directly within the VM. You could try the same by passing through the external disk to the PBS VM.

 

[svengreen1]

Hello,

Also stumbled across this while having the same issue. Think I eventually got it working for anyone else who might be having issues. Haven't tested it too much but it at least let me add the datastore. A tiny bit different from above, I've got a second ext4 ssd connected I wanted to use for backups only.

But basically did the same thing with the mount point, just used the pct command instead so:

pct set 101 -mp0 /mnt/pve/storage/backup,mp=/mnt/storage/backup

Was getting the "EPERM: Operation not permitted" message as well. What seems to have fixed it was specifying a non-existent folder when adding the data store and allowing PBS to create the directory.

So I deleted the pbs-backup directory from the ssd, changed the mount point to:
pct set 101 -mp0 /mnt/pve/storage,mp=/mnt/storage

But then when adding the datastore in PBS, I put the path as: /mnt/storage/backup. PBS was able to create the directory and hopefully it's fixed any permission problems.