CT container does't work after change to privileged

H

hellowoodes

New Member
Jun 27, 2023
4
1
3
I created a ubuntu CT container, and I need mount nfs, so I changed the /etc/pve/lxc/100.conf, change the configuration `unprivileged` from 1 to 0, but it could't work after edited, most of dir change to `100000`:

Code: 
drwxr-xr-x 19 100000 100000 4.0K Mar  2 19:08 .
drwxr-xr-x  4 root   root   4.0K Mar  2 19:18 ..
lrwxrwxrwx  1 100000 100000    7 Oct  7 16:35 bin -> usr/bin
drwxr-xr-x  2 100000 100000 4.0K Oct  7 16:35 boot
drwxr-xr-x  3 165534 165534 4.0K Mar  2 18:23 data
drwxr-xr-x  2 100000 100000 4.0K Oct  7 16:35 dev
drwxr-xr-x 88 100000 100000 4.0K Mar  2 19:08 etc
drwxr-xr-x  2 100000 100000 4.0K Oct  7 16:35 home
lrwxrwxrwx  1 100000 100000    7 Oct  7 16:35 lib -> usr/lib
lrwxrwxrwx  1 100000 100000    9 Nov 19 20:31 lib32 -> usr/lib32
lrwxrwxrwx  1 100000 100000    9 Oct  7 16:35 lib64 -> usr/lib64
lrwxrwxrwx  1 100000 100000   10 Nov 19 20:31 libx32 -> usr/libx32
drwx------  2 root   root    16K Mar  2 17:55 lost+found
drwxr-xr-x  2 100000 100000 4.0K Nov 19 20:31 media
drwxr-xr-x  2 100000 100000 4.0K Nov 19 20:31 mnt
drwxr-xr-x  3 100000 100000 4.0K Mar  2 17:59 opt
drwxr-xr-x  2 100000 100000 4.0K Oct  7 16:35 proc
drwx------  8 root   root   4.0K Mar  2 18:20 root
drwxr-xr-x 12 100000 100000 4.0K Nov 19 20:32 run
lrwxrwxrwx  1 100000 100000    8 Oct  7 16:35 sbin -> usr/sbin
drwxr-xr-x  2 100000 100000 4.0K Nov 19 20:31 srv
drwxr-xr-x  2 100000 100000 4.0K Oct  7 16:35 sys
drwxrwxrwt  2 root   root   4.0K Mar  2 18:40 tmp
drwxr-xr-x 14 100000 100000 4.0K Nov 19 20:31 usr
drwxr-xr-x 11 100000 100000 4.0K Mar  2 17:55 var

Then I found some fix method like add lxc.idmap:

Code: 
cat /etc/pve/lxc/100.conf
arch: amd64
cores: 4
features: mount=nfs,nesting=1
hostname: base
lock: mounted
memory: 4096
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.2.2,hwaddr=AA:BB:CC:DD:00:00,ip=192.168.2.100/24,ip6=auto,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-100-disk-0,size=40G
swap: 512
unprivileged: 0
lxc.apparmor.profile: unconfined
lxc.cap.drop:
lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 65536

and add `/etc/subgid` and `/etc/subuid`:

Code: 
cat /etc/subgid
root:100000:65536

cat /etc/subuid
root:100000:65536

after do that some dir works, but the `/root` still has issue, the user and group is nobody and nogroup. I tried to change by edit the user and group either host or container, It's does't worked.

Code: 
drwx------   8 nobody nogroup 4.0K Mar  2 18:20 root

I almost give up PVE because of this issue, It's so unreasonable for user to use, the container is break down just because changed to privileged! Does somebody know how to fix that? Thank you so much.
 
Last edited:
hellowoodes said:
I created a ubuntu CT container, and I need mount nfs, so I changed the /etc/pve/lxc/100.conf, change the configuration `unprivileged` from 1 to 0, but it could't work after edited, most of dir change to `100000`:

Code: 
drwxr-xr-x 19 100000 100000 4.0K Mar  2 19:08 .
drwxr-xr-x  4 root   root   4.0K Mar  2 19:18 ..
lrwxrwxrwx  1 100000 100000    7 Oct  7 16:35 bin -> usr/bin
drwxr-xr-x  2 100000 100000 4.0K Oct  7 16:35 boot
drwxr-xr-x  3 165534 165534 4.0K Mar  2 18:23 data
drwxr-xr-x  2 100000 100000 4.0K Oct  7 16:35 dev
drwxr-xr-x 88 100000 100000 4.0K Mar  2 19:08 etc
drwxr-xr-x  2 100000 100000 4.0K Oct  7 16:35 home
lrwxrwxrwx  1 100000 100000    7 Oct  7 16:35 lib -> usr/lib
lrwxrwxrwx  1 100000 100000    9 Nov 19 20:31 lib32 -> usr/lib32
lrwxrwxrwx  1 100000 100000    9 Oct  7 16:35 lib64 -> usr/lib64
lrwxrwxrwx  1 100000 100000   10 Nov 19 20:31 libx32 -> usr/libx32
drwx------  2 root   root    16K Mar  2 17:55 lost+found
drwxr-xr-x  2 100000 100000 4.0K Nov 19 20:31 media
drwxr-xr-x  2 100000 100000 4.0K Nov 19 20:31 mnt
drwxr-xr-x  3 100000 100000 4.0K Mar  2 17:59 opt
drwxr-xr-x  2 100000 100000 4.0K Oct  7 16:35 proc
drwx------  8 root   root   4.0K Mar  2 18:20 root
drwxr-xr-x 12 100000 100000 4.0K Nov 19 20:32 run
lrwxrwxrwx  1 100000 100000    8 Oct  7 16:35 sbin -> usr/sbin
drwxr-xr-x  2 100000 100000 4.0K Nov 19 20:31 srv
drwxr-xr-x  2 100000 100000 4.0K Oct  7 16:35 sys
drwxrwxrwt  2 root   root   4.0K Mar  2 18:40 tmp
drwxr-xr-x 14 100000 100000 4.0K Nov 19 20:31 usr
drwxr-xr-x 11 100000 100000 4.0K Mar  2 17:55 var

Then I found some fix method like add lxc.idmap:

Code: 
cat /etc/pve/lxc/100.conf
arch: amd64
cores: 4
features: mount=nfs,nesting=1
hostname: base
lock: mounted
memory: 4096
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.2.2,hwaddr=AA:BB:CC:DD:00:00,ip=192.168.2.100/24,ip6=auto,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-100-disk-0,size=40G
swap: 512
unprivileged: 0
lxc.apparmor.profile: unconfined
lxc.cap.drop:
lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 65536

and add `/etc/subgid` and `/etc/subuid`:

Code: 
cat /etc/subgid
root:100000:65536

cat /etc/subuid
root:100000:65536

after do that some dir works, but the `/root` still has issue, the user and group is nobody and nogroup. I tried to change by edit the user and group either host or container, It's does't worked.

Code: 
drwx------   8 nobody nogroup 4.0K Mar  2 18:20 root

I almost give up PVE because of this issue, It's so unreasonable for user to use, the container is break down just because changed to privileged! Does somebody know how to fix that? Thank you so much.
Click to expand...
Thanks so much, finally I resolved by backup and restore.
 
You must log in or register to reply here.
Top Bottom