CT not properly working after manually making privileged

M

molotow

New Member
Mar 24, 2023
3
0
1
I wasnt aware of the process how to make an unprivileged CT privileged, so I just changed "unprivileged: 1" to "unprivileged: 0" in the conf. Then I could not start docker any longer the CT, so I reversed this change. But docker could still not be started.


I assume the permissions have been messed up somehow.

Has anyone expierenced the same and found a fix or the reason?
 
unpriviliged means the uid and gid is shifted up 100000, so root (0) in unprivileged ct ist 100000 on host.
mount from host and fix uids or better restore your backup.
at the restore you can choose to restore as unprivileged or privileged container, afaik that is the official way ;)
 
  • Like
Reactions: molotow
So what exactly do I need to do? Are there any guides to do this?
I mean the first option you named
 
Last edited:
pct mount CTID
find /var/lib/lxc/CTID/rootfs -ls |awk '{print $5" "$6" "$11}' |sort -rn

For all lines with UIDs / GIDs smaller 100000 use chmod UID:GID /var/lib/lxc/CTID/rootfs/bin/bzexe adding 100000 to the UID / GID

Good luck
 
I have slightly changed the command to only print the id's that are smaller than 100.000

Code: 
pct mount 100
find /var/lib/lxc/100/rootfs -ls |awk '{print $5" "$6" "$11}' |sort -rn > output.txt
cat output.txt | awk '{if ($1 < 100000 || $2 < 100000) print $3}'
It prints nothing so there are no UID / GID smaller than 100.000.

There are many that are exactly 100.000 but no one smaller than this.
Sample output if I check files with the id 100.000:
Code: 
/var/lib/lxc/100/rootfs/etc/aliases
/var/lib/lxc/100/rootfs/etc/adduser.conf
/var/lib/lxc/100/rootfs/etc
/var/lib/lxc/100/rootfs/dev
/var/lib/lxc/100/rootfs/boot
/var/lib/lxc/100/rootfs/bin
/var/lib/lxc/100/rootfs
2023-03-27 18_41_04-pve0 - Proxmox Virtual Environment - Iridium.png

Is this correct?

____________________

Here are the ids in the passwd file if this is useful:
Code: 
# cut -d: -f1,3 /var/lib/lxc/100/rootfs/etc/passwd
root:0
daemon:1
bin:2
sys:3
sync:4
games:5
man:6
lp:7
mail:8
news:9
uucp:10
proxy:13
www-data:33
backup:34
list:38
irc:39
gnats:41
nobody:65534
_apt:100
postfix:101
sshd:102
systemd-network:103
systemd-resolve:104
messagebus:105
systemd-timesync:106
systemd-coredump:999
myusername:1000
 
Last edited:
This is correct, 100000 is zero inside the unpriv container, that is root. www-data (33) would be 1000033 on the host.

try to start the container with lxc-start -n CTID -F and post what happens
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back