Issue with cPanel on lxc container

powersupport

powersupport

Well-Known Member
Jan 18, 2020
295
2
58
30
Recently, I set up a container in Proxmox, which is unprivileged, and installed cPanel on it, but there are certain functions that are not working, for example, the account usage quota not showing. when we checked the same with cPanel support they mentioned we need to make the container to privileged.

1 ) Is there any issue if we run a privileged container on production?

2) If there are issues, how we can change unprivileged to privileged?

3) Is there any workaround in unprivileged container to work it with all featured without changing to privileged

Any help apreciated

Thank you.
 
powersupport said:
1 ) Is there any issue if we run a privileged container on production?
Click to expand...
Privileged containers pose additional security risks and should only be ran in trusted environments. This means this depends on whether you only want to use cPanel for yourself and whether it is reachable from the outside. To quote from our wiki article [1]:

Privileged Containers​

Security in containers is achieved by using mandatory access control AppArmor restrictions, seccomp filters and Linux kernel namespaces. The LXC team considers this kind of container as unsafe, and they will not consider new container escape exploits to be security issues worthy of a CVE and quick fix. That’s why privileged containers should only be used in trusted environments.
Click to expand...

powersupport said:
2) If there are issues, how we can change unprivileged to privileged?
Click to expand...
Backup + Restore is the recommended way of converting an unprivileged container to a privileged container and vice-versa.

powersupport said:
3) Is there any workaround in unprivileged container to work it with all featured without changing to privileged
Click to expand...
If cPanel support couldn't provide any workaround, then probably no. At least their documentation [2] also recommends running as privileged. If the security implications of this are okay, is for you to decide.

[1] https://pve.proxmox.com/wiki/Linux_Container#_security_considerations
[2] https://docs.cpanel.net/knowledge-base/general-systems-administration/linux-containers/
 
You must log in or register to reply here.
Top Bottom