LXC restore (can only restore as privileged but need it unprivileged)

V

voarsh

Member
Nov 20, 2020
218
19
23
28
My LXC container fails to restore if it is an unprivileged container:
tar: ./var/lib/docker/overlay2/c9dd9b8b5fcdec7ffed4b6246ab45da0a8a1daf1a7b3ecc59f0375a48fd51262/diff/usr/bin/with-contenv: Cannot mknod: Operation not permitted
tar: ./var/lib/docker/overlay2/b6a50c2c550cfa595697d9fb3f2deef89b75e751856c00530bf086fa08586d08/diff/var/lib/apt/lists/auxfiles: Cannot mknod: Operation not permitted
tar: ./var/lib/docker/overlay2/ced7f8096034fb8e480b0647bd5457177e98b217f075b5e80fdae3f3183a71e8/diff/tmp/s6-overlay-amd64-installer: Cannot mknod: Operation not permitted
tar: ./var/lib/docker/overlay2/2491928852fce238cb3447d82b9fbb8bb854263c03e538013d27d2a18ba90629/diff/usr/bin/with-contenv: Cannot mknod: Operation not permitted
tar: ./var/lib/docker/overlay2/b5fe9c561076bd2855956e4b554d94c12bdaaf418d053cd533932ef07b6896f7/diff/usr/bin/with-contenv: Cannot mknod: Operation not permitted
tar: ./var/lib/docker/overlay2/6be083d6bcfeb044ef66026fe2b172582241d8978d76eb7e318c6253f6194d71/diff/usr/local/lib/python3.8/site-packages/pip-20.2.4.dist-info: Cannot mknod: Operation not permitted
tar: ./var/lib/docker/overlay2/8d0607b98400fae7923ad6842eca957f08c8820f01e2da879a5922cf78f322bf/diff/bin/bash: Cannot mknod: Operation not permitted
tar: ./var/lib/docker/overlay2/8d0607b98400fae7923ad6842eca957f08c8820f01e2da879a5922cf78f322bf/diff/var/cache/apk/APKINDEX.2c4ac24e.tar.gz: Cannot mknod: Operation not permitted
tar: ./var/lib/docker/overlay2/8d0607b98400fae7923ad6842eca957f08c8820f01e2da879a5922cf78f322bf/diff/var/cache/apk/APKINDEX.40a3604f.tar.gz: Cannot mknod: Operation not permitted
tar: ./var/lib/docker/overlay2/8d0607b98400fae7923ad6842eca957f08c8820f01e2da879a5922cf78f322bf/diff/usr/bin/openssl: Cannot mknod: Operation not permitted
tar: ./var/lib/docker/overlay2/8d0607b98400fae7923ad6842eca957f08c8820f01e2da879a5922cf78f322bf/diff/usr/bin/curl: Cannot mknod: Operation not permitted
tar: ./var/lib/docker/overlay2/8d0607b98400fae7923ad6842eca957f08c8820f01e2da879a5922cf78f322bf/diff/usr/lib/bash: Cannot mknod: Operation not permitted

However, restoring with unprivileged unticked, it restores.
However, Docker, etc doesn't work because of AppArmor:
" AppArmor: Permission denied; attempted to load a profile while confined?"

How can I restore it as privileged and change it after it has been created to unprivileged? This seems to be the only way to get the LXC working.
I read somewhere I might find it difficult to make it unprivileged after it is created as privileged (without backing up and restoring). In my case that won't work.

When I edit the lxc config at: /etc/pve/lxc/
and add unprivileged: 1 - when I power on and try to login I get incorrect logins, for details I know work. I don't get this when I restore as privileged.
 
Last edited:
would love to see an fix for this.. have the same problem when restoring LXC backups since i run docker inside.. there must be somekind of solution?
 
  • Like
Reactions: voarsh
It works :)

TL;DR: make sure you're using at least kernel 5.4.78-2-pve

---------------
I was having the same problem: restoring a LXC container backup with Docker inside failed with mknod: permission denied. I was curious since this only happened on one of my PVE hosts, not the other. So I chased down the differences between the hosts.

In the end I found this "sister post" :) : https://forum.proxmox.com/threads/task-error-unable-to-restore-ct-106.79901/post-354356

and updated the "other host" to the newest (stock) kernel. Now it works on both machines.

My thanks to everyone for this fantastic product :)
 
  • Like
Reactions: trenetics
socrates324 said:
It works :)

TL;DR: make sure you're using at least kernel 5.4.78-2-pve

---------------
I was having the same problem: restoring a LXC container backup with Docker inside failed with mknod: permission denied. I was curious since this only happened on one of my PVE hosts, not the other. So I chased down the differences between the hosts.

In the end I found this "sister post" :) : https://forum.proxmox.com/threads/task-error-unable-to-restore-ct-106.79901/post-354356

and updated the "other host" to the newest (stock) kernel. Now it works on both machines.

My thanks to everyone for this fantastic product :)
Click to expand...
How did you do it? I have the same issue, but there isn't a kernel update listed in the "updates" section of the Web console.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom