Local backup failing due to permissions

[dmpm]

I've created a folder '/mnt/home/PVE-backup' and added it as a directory in Datacentre-Storage, I can backup my docker container and my HAOS VM, but when I try to backup my (stopped) PBS container to it I get:

INFO: starting new backup job: vzdump 120 --notification-mode auto --mode snapshot --node pve --notes-template '{{guestname}}' --compress zstd --storage PVE-backup --remove 0
INFO: Starting Backup of VM 120 (lxc)
INFO: Backup started at 2024-07-27 17:46:16
INFO: status = stopped
INFO: backup mode: stop
INFO: ionice priority: 7
INFO: CT Name: PBS
INFO: including mount point rootfs ('/') in backup
INFO: creating vzdump archive '/mnt/home/PVE-backup/dump/vzdump-lxc-120-2024_07_27-17_46_16.tar.zst'
INFO: tar: ./var/lib/private: Cannot open: Permission denied
INFO: tar: ./var/log/journal/910a541b0dac4cffb5abbdd0c4cb04f7/system.journal: Cannot open: Permission denied
INFO: tar: ./var/log/private: Cannot open: Permission denied
INFO: tar: ./var/log/btmp: Cannot open: Permission denied
INFO: tar: ./var/cache/private: Cannot open: Permission denied
INFO: tar: ./root: Cannot open: Permission denied
INFO: Total bytes written: 1927485440 (1.8GiB, 101MiB/s)
INFO: tar: Exiting with failure status due to previous errors
ERROR: Backup of VM 120 failed - command 'set -o pipefail && lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- tar cpf - --totals --one-file-system -p --sparse --numeric-owner --acls --xattrs '--xattrs-include=user.*' '--xattrs-include=security.capability' '--warning=no-file-ignored' '--warning=no-xattr-write' --one-file-system '--warning=no-file-ignored' '--directory=/mnt/home/PVE-backup/dump/vzdump-lxc-120-2024_07_27-17_46_16.tmp' ./etc/vzdump/pct.conf ./etc/vzdump/pct.fw '--directory=/mnt/vzsnap0' --no-anchored '--exclude=lost+found' --anchored '--exclude=./tmp/?*' '--exclude=./var/tmp/?*' '--exclude=./var/run/?*.pid' ./ | zstd '--threads=1' >/mnt/home/PVE-backup/dump/vzdump-lxc-120-2024_07_27-17_46_16.tar.dat' failed: exit code 2
INFO: Failed at 2024-07-27 17:46:34
INFO: Backup job finished with errors
INFO: notified via target `mail-to-root`
TASK ERROR: job errors

 

[fiona]

Hi,
did you ever change whether the container is privileged or not? From the log, it seems that the container is unprivileged, so done with a mapping active, i.e. lxc-usernsexec -m u:0:100000:65536, so root gets mapped to 100000 (which is the ID for root inside the unprivileged container). Likely that user does not have the necessary permission to access the files in question. You can mount the container filesystem on the host with pct mount 120 and check the owner and permissions for the problematic files.

 

[dmpm]

Hi,
did you ever change whether the container is privileged or not? From the log, it seems that the container is unprivileged, so done with a mapping active, i.e. lxc-usernsexec -m u:0:100000:65536, so root gets mapped to 100000 (which is the ID for root inside the unprivileged container). Likely that user does not have the necessary permission to access the files in question. You can mount the container filesystem on the host with pct mount 120 and check the owner and permissions for the problematic files.

Thanks.

Yeah, I think I did originally have it as privileged and then changed it to unprivileged by editing the .conf, so that was probably the problem.

I deleted it and restored it as an unprivileged container and I don't get this error when doing the backup anymore.