Chown/move permision namespace from nspawn to CT

[mateusz1234]

I am migrating my old sever with used hand crafted nspawns as containers.
Nspawn for an unprivileged containers maps all permissions to a random uid/guid namespace.
CT-s in Proxmox start with 100000 as far I see.
Nspawn:

drwxr-xr-x   2 54067200 54067200 173 Feb  9 06:40 bin/
drwxr-xr-x   3 54067200 54067200   4 May  7  2020 boot/
drwxr-xr-x   4 54067200 54067200  90 Jul 27  2016 dev/
drwxr-xr-x 106 54067200 54067200 202 Apr 14 06:52 etc/
drwxr-xr-x   3 54067200 54067200   3 Jul 27  2016 home/
drwxr-xr-x  23 54067200 54067200  27 Apr 19  2018 lib/
drwxr-xr-x   2 54067200 54067200   3 Jul  7  2020 lib64/
drwx------   2 54067200 54067200   2 Jul 27  2016 lost+found/
drwxr-xr-x   5 54067200 54067200   6 Jan 23  2020 media/
drwxr-xr-x   2 54067200 54067200   2 Jul 19  2016 mnt/
-rw-r--r--   1 54067200 54067200 34M Jan 31  2019 nextcloud.sql
drwxr-xr-x   5 54067200 54067200   5 Jan 23  2020 opt/
drwxr-xr-x   2 54067200 54067200   2 Apr 12  2016 proc/
drwx------   4 54067200 54067200  14 Jan 23  2020 root/
drwxr-xr-x   2 54067200 54067200   2 Jul 27  2016 run/
drwxr-xr-x   2 54067200 54067200 230 Jul  7  2020 sbin/
drwxr-xr-x   2 54067200 54067200   3 Apr 19  2018 snap/
drwxr-xr-x   2 54067200 54067200   2 Jul 19  2016 srv/
drwxr-xr-x   2 54067200 54067200   2 Feb  5  2016 sys/
drwxrwxrwt   8 54067200 54067200  13 Jan 20  2020 tmp/
drwxr-xr-x  10 54067200 54067200  10 Jul 27  2016 usr/
drwxr-xr-x  17 54067200 54067200  19 Mar 17  2018 var/

Proxmox CT:

drwxr-xr-x 23 100000 100000  23 Apr 23 17:09 ./
drwxr-xr-x  4 root   root     4 Apr 23 11:36 ../
drwxr-xr-x  2 100000 100000 156 Jan 24  2019 bin/
drwxr-xr-x  2 100000 100000   2 Jul 17  2018 boot/
drwxr-xr-x  2 100000 100000   2 Apr 23 11:37 certs/
drwxr-xr-x  2 100000 100000   2 Dec 10  2008 dev/
drwxr-xr-x 79 100000 100000 163 Apr 23 11:37 etc/
drwxr-xr-x  2 100000 100000   2 Jul 17  2018 home/
drwxr-xr-x 17 100000 100000  19 Jan 24  2019 lib/
drwxr-xr-x  2 100000 100000   3 Jan 24  2019 lib64/
drwxr-xr-x  2 100000 100000   2 Jan 24  2019 media/
drwxr-xr-x  2 100000 100000   2 Jan 24  2019 mnt/
drwxr-xr-x  3 root   root     3 Apr 23 16:44 new/
drwxr-xr-x  2 100000 100000   2 Jan 24  2019 opt/
drwxr-xr-x  2 100000 100000   2 Jul 17  2018 proc/
drwx------  2 100000 100000   4 Jan 24  2019 root/
drwxr-xr-x  9 100000 100000  13 Jan 24  2019 run/
drwxr-xr-x  2 100000 100000 150 Jan 24  2019 sbin/
drwxr-xr-x  2 100000 100000   2 Jan 24  2019 srv/
drwxr-xr-x  2 100000 100000   2 Jul 17  2018 sys/
drwxrwxrwt  7 100000 100000   7 Apr 23 17:07 tmp/
drwxr-xr-x 10 100000 100000  10 Jan 24  2019 usr/
drwxr-xr-x 11 100000 100000  13 Jan 24  2019 var/

Does someone know of a good automate way to adjust permissions on all files from Nspawn to Proxmox CT?
As far I understand I need to do on all files uuid/guid 54067200 - 53967200 so I get 100000 base. I could probably craft a script for that but maybe they is already some tool out there.

 

[aaron]

Check out `lxc-usernsexec` which allows you to run a command in a mapped namespace. That should help you to create a tar archive in which the local permissions are set correctly (from within the container) which you can then use to create the container in PVE.

FYI: only unprivileged containers are mapped to 100000

 

[mateusz1234]

nice, thanks. I will test that. Looks like it will help a lot.