LXC Container directories owned by nobody nogroup

V

vNate

Member
Mar 16, 2023
2
0
6
Hello all

Been banging my head a bit and I know there are 100s of threads, I've read most I can get hold of.
My issue is not the bind mount, that works. Issue is that /lost+found, /proc and /sys inside the container is owned by nobody nogroup after all my fiddling. Figured I'd ignore the problem but an apt operation failed due to no access to these dirs so here we are.

host /etc/subuid:

root:100000:65536
##svcmedia:165536:65536 <- with or without, does not make a differnce
root:6000:59536 <- I had this as root:6000:1 as well, no difference

host /etc/subgid:

root:100000:65536
##svcmedia:165536:65536
root:5000:60536 <- I had this as root:5000:1 as well, no difference

host /etc/pve/lxc/200.conf:

arch: amd64
cores: 4
features: nesting=1
hostname: SABnzbd
memory: 8192
mp0: /data/workspace/complete,mp=/media/workspace/complete
mp1: /data/workspace/incomplete,mp=/media/workspace/incomplete
net0: name=eth0,bridge=vmbr2,firewall=1,hwaddr=BC:24:11:19:C5:00,ip=dhcp,tag=50,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-200-disk-0,size=16G
swap: 8192
unprivileged: 1
lxc.idmap: u 0 100000 6000
lxc.idmap: u 6000 6000 1
lxc.idmap: u 6001 106001 59535
lxc.idmap: g 0 100000 5000
lxc.idmap: g 5000 5000 1
lxc.idmap: g 5001 105001 60535

host /etc/passwd:

....
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
...
svcmedia:x:6000:5000:,,,:/home/svcmedia:/bin/bash

container /etc/passwd:

...
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
...
svcmedia:x:6000:5000:,,,:/home/svcmedia:/bin/bash

and here is the issue on the container:

drwxr-xr-x 18 root root 4096 Jan 7 15:12 .
drwxr-xr-x 18 root root 4096 Jan 7 15:12 ..
lrwxrwxrwx 1 root root 7 Oct 7 08:35 bin -> usr/bin
drwxr-xr-x 2 root root 4096 Oct 7 08:35 boot
drwxr-xr-x 6 root root 480 Jan 7 15:12 dev
drwxr-xr-x 84 root root 4096 Jan 7 15:12 etc
drwxr-xr-x 3 root root 4096 Jan 2 21:05 home
lrwxrwxrwx 1 root root 7 Oct 7 08:35 lib -> usr/lib
lrwxrwxrwx 1 root root 9 Nov 19 12:31 lib32 -> usr/lib32
lrwxrwxrwx 1 root root 9 Oct 7 08:35 lib64 -> usr/lib64
lrwxrwxrwx 1 root root 10 Nov 19 12:31 libx32 -> usr/libx32
[COLOR=rgb(226, 80, 65)]drwx------ 2 nobody nogroup 16384 Jan 2 11:07 lost+found[/COLOR]
drwxr-xr-x 3 svcmedia media 4096 Jan 7 08:34 media
drwxr-xr-x 2 root root 4096 Nov 19 12:31 mnt
drwxr-xr-x 2 root root 4096 Nov 19 12:31 opt
[COLOR=rgb(226, 80, 65)]dr-xr-xr-x 742 nobody nogroup 0 Jan 7 15:12 proc[/COLOR]
drwx------ 4 root root 4096 Jan 7 08:21 root
drwxr-xr-x 16 root root 480 Jan 7 15:12 run
lrwxrwxrwx 1 root root 8 Oct 7 08:35 sbin -> usr/sbin
drwxr-xr-x 2 root root 4096 Nov 19 12:31 srv
[COLOR=rgb(226, 80, 65)]dr-xr-xr-x 13 nobody nogroup 0 Jan 1 20:07 sys[/COLOR]
drwxrwxrwt 9 root root 180 Jan 7 15:13 tmp
drwxr-xr-x 14 root root 4096 Nov 19 12:31 usr
drwxr-xr-x 11 root root 4096 Jan 2 20:54 var

tried a pct mount to chown but I get the finger when trying to change /proc and /sys....

root@pv1:/var/lib/lxc/200/rootfs# ls -la [22/22]
total 84
drwxr-xr-x 18 100000 100000 4096 Jan 7 17:12 .
drwxr-xr-x 4 root root 4096 Jan 7 17:57 ..
lrwxrwxrwx 1 100000 100000 7 Oct 7 10:35 bin -> usr/bin
drwxr-xr-x 2 100000 100000 4096 Oct 7 10:35 boot
drwxr-xr-x 2 100000 100000 4096 Oct 7 10:35 dev
drwxr-xr-x 84 100000 100000 4096 Jan 7 17:12 etc
drwxr-xr-x 3 100000 100000 4096 Jan 2 23:05 home
lrwxrwxrwx 1 100000 100000 7 Oct 7 10:35 lib -> usr/lib
lrwxrwxrwx 1 100000 100000 9 Nov 19 14:31 lib32 -> usr/lib32
lrwxrwxrwx 1 100000 100000 9 Oct 7 10:35 lib64 -> usr/lib64
lrwxrwxrwx 1 100000 100000 10 Nov 19 14:31 libx32 -> usr/libx32
drwx------ 2 root root 16384 Jan 2 13:07 lost+found
drwxr-xr-x 3 svcmedia media 4096 Jan 7 10:34 media
drwxr-xr-x 2 100000 100000 4096 Nov 19 14:31 mnt
drwxr-xr-x 2 100000 100000 4096 Nov 19 14:31 opt
drwxr-xr-x 2 100000 100000 4096 Oct 7 10:35 proc
drwx------ 4 100000 100000 4096 Jan 7 10:21 root
drwxr-xr-x 12 100000 100000 4096 Nov 19 14:32 run
lrwxrwxrwx 1 100000 100000 8 Oct 7 10:35 sbin -> usr/sbin
drwxr-xr-x 2 100000 100000 4096 Nov 19 14:31 srv
drwxr-xr-x 2 100000 100000 4096 Oct 7 10:35 sys
drwxrwxrwt 2 100000 100000 4096 Nov 19 14:32 tmp
drwxr-xr-x 14 100000 100000 4096 Nov 19 14:31 usr
drwxr-xr-x 11 100000 100000 4096 Jan 2 22:54 var
root@pv1:/var/lib/lxc/200/rootfs# chown -R root /sys

chown: changing ownership of '/sys/fs/resctrl': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/MTC-eb704011-1402-11d3-8e77-00a0c969723b': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/HDDP-fab7e9e1-39dd-4f2b-8408-e20e906cb6de': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/DbocBoot0005-1ba4c901-eb4a-493f-aeef-90a6136da384': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/MemoryOverwriteRequestControl-e20939be-32d4-41be-a150-897f85d49829': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/DbocBoot0004-1ba4c901-eb4a-493f-aeef-90a6136da384': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/MemoryOverwriteRequestControlLock-bb983ccf-151d-40e1-a07b-4a17be168292': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/NETWORK_SETTINGS_VAR-6568a5f5-1144-401c-b693-34353e9afdd5': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/BugCheckParameter1-ba57e015-65b3-4c3c-b274-659192f699e3': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/BugCheckCode-ba57e015-65b3-4c3c-b274-659192f699e3': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/BugCheckProgress-ba57e015-65b3-4c3c-b274-659192f699e3': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/PBRDevicePath-a9b5f8d2-cb6d-42c2-bc01-b5ffaae4335e': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/DbocBoot0003-1ba4c901-eb4a-493f-aeef-90a6136da384': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/OfflineUniqueIDRandomSeedCRC-eaec226f-c9a3-477a-a826-ddc716cdc0e3': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/OfflineUniqueIDRandomSeed-eaec226f-c9a3-477a-a826-ddc716cdc0e3': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/CurrentPolicy-77fa9abd-0359-4d32-bd60-28f4e78f784b': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/certdb-d9bee56e-75dc-49d9-b4d7-b534210f637a': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/DbocBoot0002-1ba4c901-eb4a-493f-aeef-90a6136da384': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/DbocBoot0001-1ba4c901-eb4a-493f-aeef-90a6136da384': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/DbocBoot0000-1ba4c901-eb4a-493f-aeef-90a6136da384': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/IPv6_NETWORK_SETTINGS_VAR-1be37575-5184-4127-8b59-6e3ab124dfbf': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/USER_SETTINGS_VAR-56f0edc4-25ae-4236-aca3-0bcd410aa2ae': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/Tcg2PhysicalPresence-aeb9c5c1-94f1-4d02-bfd9-4602db2d3c54': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/BootState-356471b1-b483-42ae-b6e7-3b2ebab14e15': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/PhysicalPresence-0f6499b1-e9ad-493d-b9c2-2f90815c6cbc': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/Tcg2PhysicalPresenceFlags-aeb9c5c1-94f1-4d02-bfd9-4602db2d3c54': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/PhysicalPresenceFlags-0f6499b1-e9ad-493d-b9c2-2f90815c6cbc': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/UefiOptimizedBoot-356471b1-b483-42ae-b6e7-3b2ebab14e15': Operation not permitted
chown: changing ownership of '/sys/firmware/efi/efivars/RTC-378d7b65-8da9-4773-b6e4-a47826a833e1': Operation not permitted

Built new containers from scratch and the directory ownership looks the same without any bind or user mapping so I think I broke something on my host...

Some guidance would be apprecaited.
 
Last edited:
Think I figured it out... expected behaviour. I built a CT on a vanilla host and the premissions look the same
 
You must log in or register to reply here.
Top Bottom