Backup Failure After Debian LXC Upgrade

[jsalas424]

I recenty upgraded my Debian LXC running DNS and backups have started to fail. Here's a writeup of the investigation.

What is the right way to address this?

PVE 8.4.13

Issue:Automated backups of LXC container 101 (AdGuard2, Debian 11) started failing after running apt update && apt dist-upgrade in the container. Manual backups using --mode stop succeed, but scheduled backups using --mode snapshot fail during the suspend mode fallback.

Root Cause:

1. Container storage (local-zfs-dir) uses .raw file format, which doesn't support snapshots
2. Backup automatically falls back to suspend mode, which uses rsync with -A flag (preserve ACLs)
3. The Debian upgrade updated systemd, which now sets POSIX ACLs on /var/log/journal/ files
4. Proxmox host's ZFS pool has acltype=off (confirmed: zfs get acltype rpool/ROOT/pve-1 returns "off")
5. When rsync attempts to preserve ACLs to /tmp/ (on ZFS without ACL support), it fails with "Operation not supported (95)"

ERROR: rsync: [generator] set_acl: sys_acl_set_file(var/log/journal, ACL_TYPE_ACCESS): Operation not supported (95)

ERROR: rsync error: some files/attrs were not transferred (code 23)

Container Configuration:

• Storage: local-zfs-dir:101/vm-101-disk-0.raw,size=5G
• Type: Unprivileged container
• OS: Debian GNU/Linux 11

Questions for Proxmox Support:

1. What is the recommended approach for this scenario?
   • Enable ZFS ACLs system-wide (zfs set acltype=posixacl rpool/ROOT/pve-1)?
   • Change automated backup mode from snapshot to stop?
   • Another solution?
2. Is this expected behavior? Should directory-based storage (.raw files) support snapshots, or should the backup job configuration have been using stop mode from the start?
3. Are there any implications of enabling acltype=posixacl on the root ZFS dataset for other containers or the Proxmox host itself?

Current Workaround:Manual backups using pct backup 101 --mode stop complete successfully.

 

[powersupport]

Your container is stored as a .raw file on ZFS ( local-zfs-dir ), which does not support snapshots. Because of this, snapshot backups fall back to suspend mode, which uses rsync -A to copy files with ACLs. After the Debian upgrade, systemd now adds ACLs to /var/log/journal. Since ACLs are disabled on the Proxmox ZFS pool ( acltype=off ), rsync fails with the error: Operation not supported (95) .

1. Is this expected behavior?
Yes. .raw files on ZFS do not support native snapshots. Falling back to suspend + rsync is expected, and the failure occurs because the destination filesystem does not support ACLs.

2. Should .raw -based storage support snapshots?
No. For snapshot-based backups, containers must use snapshot-capable storage such as:

• ZFS subvolumes ( zfspool )
• LVM-thin
• Ceph RBD
  Directory or file-based .raw storage is not suitable for snapshot mode.

3. Is enabling acltype=posixacl on rpool/ROOT/pve-1 recommended?
While enabling ACLs would resolve the rsync failure, it is not recommended on the Proxmox root dataset as it affects the host and all dependent workloads. This change can alter permission behavior and is not considered a best-practice fix for this scenario.

4. Should the backup job use stop mode instead?
Yes. If you continue using .raw storage, stop mode is the correct and supported backup method. Your manual pct backup --mode stop success confirms this.