LXC /dev/loop mounting broken after upgrade to PVE 7.0

P

piexil

Active Member
Jul 20, 2018
13
1
43
This broke for me after upgrading to proxmox 7. Worked perfectly for over a year before.

LXC conf file:
Code: 
arch: amd64
cores: 8
features: fuse=1,mknod=1,mount=nfs;cifs,nesting=1
hostname: ddt-wddt-builder
memory: 8192
net0: name=eth0,bridge=vmbr0,firewall=1,gw=10.4.141.1,hwaddr=6A:8B:AE:9C:D8:87,ip=10.4.141.237/24,ip6=dhcp,type=veth
onboot: 1
ostype: ubuntu
rootfs: local-zfs:subvol-162-disk-0,size=192G
swap: 0
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: b 7:* rwm
lxc.cgroup.devices.allow: c 10:237 rwm
lxc.mount.entry: /dev/loop0 dev/loop0 none bind,create=file 0 0
lxc.mount.entry: /dev/loop1 dev/loop1 none bind,create=file 0 0
lxc.mount.entry: /dev/loop2 dev/loop2 none bind,create=file 0 0
lxc.mount.entry: /dev/loop3 dev/loop3 none bind,create=file 0 0
lxc.mount.entry: /dev/loop4 dev/loop4 none bind,create=file 0 0
lxc.mount.entry: /dev/loop5 dev/loop5 none bind,create=file 0 0
lxc.mount.entry: /dev/loop6 dev/loop6 none bind,create=file 0 0
lxc.mount.entry: /dev/loop7 dev/loop7 none bind,create=file 0 0
lxc.mount.entry: /dev/loop-control dev/loop-control none bind,create=file 0 0

unconfined privileged LXC container with the loopback points mounted,
trying to mount any iso i just get
Code: 
root@ddt-wddt-builder:/var/jenkins/workspace/wddt_master_2# mkdir t
root@ddt-wddt-builder:/var/jenkins/workspace/wddt_master_2# mount -o loop,ro ubuntu-20.04.2.0-desktop-amd64.iso t
mount: t: failed to setup loop device for /var/jenkins/workspace/wddt_master_2/ubuntu-20.04.2.0-desktop-amd64.iso.

Works fine on the PVE host so I know it's not a kernel driver issue.

Dug deeper with strace
seems to fail at opening the loop device with permission missing, but that doesn't make sense since I'm running unconfined and in a privileged container.

Code: 
openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_CLOEXEC) = -1 EPERM (Operation not permitted)

There are no apparmor messages in dmesg.
 
  • Like
Reactions: piexil and Stoiko Ivanov
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back