LXC restore issue and security question

[MasterTH]

Hi,

i just tried to restore an openvz backup to a lxc on zfs-storage in unprivileged mode. i got this error:

 pct restore 101 vzdump-openvz-101-2016_02_21-23_15_57.tar --unprivileged --storage ZFS-Local
extracting archive '/root/vzdump-openvz-101-2016_02_21-23_15_57.tar'
tar: /root/vzdump-openvz-101-2016_02_21-23_15_57.tar: Cannot open: Permission denied
tar: Error is not recoverable: exiting now
command 'lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- tar xpf /root/vzdump-openvz-101-2016_02_21-23_15_57.tar --totals --sparse --numeric-owner --acls --xattrs '--xattrs-include=user.*' '--xattrs-include=security.capability' '--warning=no-xattr-write' -C /var/lib/lxc/101/rootfs --skip-old-files --anchored --exclude './dev/*'' failed: exit code 2

then i decided to test if the container will work in privileged mode. But then i saw that i can read the debug messages from the host itself.... and also the "htop" values are from the host.

how can this be fixed?


kind regards

 

[wbumiller]

The archive will be extracted as the unprivileged user, so it has to be somewhere the unprivileged user can read it. /root usually has permissions 0700, so users cannot enter that directory.
Move the vzdump archive to some other place which unprivileged users have read access to.

 

[MasterTH]

ok, i will give it a try. but whats about the security (dmesg output).

 

[wbumiller]

(...)but whats about the security (dmesg output).

See this thread.