Backup of unprivileged LXC fails - permission denied inside LXC

[simi]

Hi,
I am trying to backup an unpriviledged LXC with a bind mount and mapped users. The backup process presumably fails as the access to the user's home directory inside the LXS seems to be denied:

2021-05-28 20:05:20 INFO: Starting Backup of VM 241 (lxc)
2021-05-28 20:05:20 INFO: status = stopped
2021-05-28 20:05:20 INFO: backup mode: stop
2021-05-28 20:05:20 INFO: ionice priority: 7
2021-05-28 20:05:20 INFO: CT Name: P-ng
2021-05-28 20:05:20 INFO: including mount point rootfs ('/') in backup
2021-05-28 20:05:20 INFO: excluding bind mount point mp0 ('/data') from backup (not a volume)
2021-05-28 20:05:20 INFO: creating vzdump archive '/mnt/pve/Backup_QNAS/dump/vzdump-lxc-241-2021_05_28-20_05_20.tar.zst'
2021-05-28 20:05:38 INFO: tar: ./home/user/.bash_history: Cannot open: Permission denied
2021-05-28 20:05:38 INFO: Total bytes written: 2253383680 (2.1GiB, 119MiB/s)
2021-05-28 20:05:38 INFO: tar: Exiting with failure status due to previous errors
2021-05-28 20:05:46 ERROR: Backup of VM 241 failed - command 'set -o pipefail && lxc-usernsexec -m u:0:100000:1000 -m g:0:100000:1000 -m u:1000:1000:1 -m g:1000:1000:1 -m u:1001:101001:64535 -m g:1001:101001:64535 -- tar cpf - --totals --one-file-system -p --sparse --numeric-owner --acls --xattrs '--xattrs-include=user.*' '--xattrs-include=security.capability' '--warning=no-file-ignored' '--warning=no-xattr-write' --one-file-system '--warning=no-file-ignored' '--directory=/tmp/vzdumptmp1747_241/' ./etc/vzdump/pct.conf ./etc/vzdump/pct.fw '--directory=/mnt/vzsnap0' --no-anchored '--exclude=lost+found' --anchored '--exclude=./tmp/?*' '--exclude=./var/tmp/?*' '--exclude=./var/run/?*.pid' ./ | zstd --rsyncable '--threads=1' >/mnt/pve/Backup_QNAS/dump/vzdump-lxc-241-2021_05_28-20_05_20.tar.dat' failed: exit code 2

This doesn't seem to be the "usual" problem of non-existing access rights to the storage location. I tried to backup on my NAS, locally and by using a /tmp folder.

How do I have to confige proxmox or the LXC that the backup process can access the user files inside the LXC?

Many thanks

LXC-config:

arch: amd64
cores: 4
features: keyctl=1,nesting=1
hostname: P-ng
memory: 4096
mp0: /data1/share/Docs/,mp=/data
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.1.254,hwaddr=xx:xx:xx:A9:45:7B,ip=192.168.1.112/24,type=veth
ostype: debian
parent: PortainerUpdate
rootfs: LXC:subvol-241-disk-0,size=64G
searchdomain: 192.168.1.99
swap: 512
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535

[PortainerUpdate]
#data folder user owner
arch: amd64
cores: 4
features: keyctl=1,nesting=1
hostname: P-ng
memory: 4096
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.1.254,hwaddr=xx:xx:xx:xx:45:7B,ip=192.168.1.112/24,type=veth
ostype: debian
parent: vorSMB
rootfs: LXC:subvol-241-disk-0,size=64G
searchdomain: 192.168.1.99
snaptime: 1622152939
swap: 512
unprivileged: 1
[vorSMB]
arch: amd64
cores: 4
features: keyctl=1,nesting=1
hostname: P-ng
memory: 4096
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.1.254,hwaddr=xx:xx:xx:xx:45:7B,ip=192.168.1.112/24,type=veth
ostype: debian
rootfs: LXC:subvol-241-disk-0,size=64G
searchdomain: 192.168.1.99
snaptime: 1622138120
swap: 512
unprivileged: 1

 

[willekind]

I'm getting this exact same issue! Did you find a solution yet please?

 

[Dunuin]

I'm getting this exact same issue! Did you find a solution yet please?

Have you verified that UID 0 and UID 100000 got write access to the backup storage?

 

[willekind]

No, but this solution worked:
Adding this to /etc/vzdump.conf :
tmpdir: /tmp

 

[Dunuin]

No, but this solution worked:
Adding this to /etc/vzdump.conf :
tmpdir: /tmp

Yes, then your backup storage isn't allowing UID 100000 to write temporary files, which isn't a problem when writing temp files to "/tmp" as that folder got 777 rights, allowing everyone everything.