LXC restore of backup has broken permissions

Y

Yanwoo

Member
Oct 27, 2017
21
0
6
64
Hi

I've had cause to recover one of my (unprivileged) containers from backup (via the GUI). The recovery process seemed to work fine, and the container appeared to start up as expected.

However, the permissions of several folders in the recovered container have been set to nobody:nogroup, and I am unable to change ownership or permissions.

One of these problematic folders is a local directory bind mount point (to the host), the other contains a nextcloud installation in /var/www/. Previously (at the time of the back up) they were both owned by www-data.

The container config file looks correct with the UID and GID mappings still in place for the mount point owner. I have tested this same configuration on a clean container for the same mounted folders, and it works correctly. So this would appear not to be a container config issue, but that something has been changed or damaged in the backup/restore process?

Has anybody experienced this issue and found a resolution?

I have recently upgraded pve (pve-manager/5.3-5/97ae681d (running kernel: 4.15.18-9-pve)), and wondering if that might be related?

On starting the container, I get a whole load of "operation not permitted" errors

Code: 
root@pve:~# lxc-start -n 220 -F -l DEBUG -o /tmp/lxc-ID.log
systemd 234 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN default-hierarchy=hybrid)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to Ubuntu 17.10!

Set hostname to <nextcloud>.
Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory
Failed to install release agent, ignoring: No such file or directory
[  OK  ] Listening on Journal Socket.
system.slice: Failed to reset devices.list: Operation not permitted
system.slice: Failed to set invocation ID on control group /system.slice, ignoring: Operation not permitted
[  OK  ] Created slice System Slice.
systemd-tmpfiles-setup-dev.service: Failed to reset devices.list: Operation not permitted
systemd-tmpfiles-setup-dev.service: Failed to set invocation ID on control group /system.slice/systemd-tmpfiles-setup-dev.service, ignoring: Operation not permitted
         Starting Create Static Device Nodes in /dev...
[  OK  ] Listening on Journal Socket (/dev/log).
[  OK  ] Listening on Syslog Socket.
[  OK  ] Reached target Remote File Systems.
keyboard-setup.service: Failed to reset devices.list: Operation not permitted
keyboard-setup.service: Failed to set invocation ID on control group /system.slice/keyboard-setup.service, ignoring: Operation not permitted
         Starting Set the console keyboard layout...
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Reached target Swap.
system-container\x2dgetty.slice: Failed to reset devices.list: Operation not permitted
system-container\x2dgetty.slice: Failed to set invocation ID on control group /system.slice/system-container\x2dgetty.slice, ignoring: Operation not permitted
[  OK  ] Created slice system-container\x2dgetty.slice.
[  OK  ] Listening on udev Control Socket.
systemd-modules-load.service: Failed to reset devices.list: Operation not permitted
systemd-modules-load.service: Failed to set invocation ID on control group /system.slice/systemd-modules-load.service, ignoring: Operation not permitted
         Starting Load Kernel Modules...
[  OK  ] Started Forward Password Requests to Wall Directory Watch.
[  OK  ] Reached target User and Group Name Lookups.
system-postfix.slice: Failed to reset devices.list: Operation not permitted
system-postfix.slice: Failed to set invocation ID on control group /system.slice/system-postfix.slice, ignoring: Operation not permitted
[  OK  ] Created slice system-postfix.slice.
ufw.service: Failed to reset devices.list: Operation not permitted
ufw.service: Failed to set invocation ID on control group /system.slice/ufw.service, ignoring: Operation not permitted
         Starting Uncomplicated firewall...
[  OK  ] Listening on udev Kernel Socket.
resolvconf.service: Failed to reset devices.list: Operation not permitted
resolvconf.service: Failed to set invocation ID on control group /system.slice/resolvconf.service, ignoring: Operation not permitted
         Starting Nameserver information manager...
user.slice: Failed to reset devices.list: Operation not permitted
user.slice: Failed to set invocation ID on control group /user.slice, ignoring: Operation not permitted
[  OK  ] Created slice User and Session Slice.
[  OK  ] Reached target Slices.
systemd-udev-trigger.service: Failed to reset devices.list: Operation not permitted
systemd-udev-trigger.service: Failed to set invocation ID on control group /system.slice/systemd-udev-trigger.service, ignoring: Operation not permitted
         Starting udev Coldplug all Devices...
systemd-journald.service: Failed to reset devices.list: Operation not permitted
systemd-journald.service: Failed to set invocation ID on control group /system.slice/systemd-journald.service, ignoring: Operation not permitted
         Starting Journal Service...
mnt-nina.mount: Failed to reset devices.list: Operation not permitted
dev-tty1.mount: Failed to reset devices.list: Operation not permitted
proc-cpuinfo.mount: Failed to reset devices.list: Operation not permitted
dev-tty2.mount: Failed to reset devices.list: Operation not permitted
proc-meminfo.mount: Failed to reset devices.list: Operation not permitted
proc-sysrq\x2dtrigger.mount: Failed to reset devices.list: Operation not permitted
proc-diskstats.mount: Failed to reset devices.list: Operation not permitted
proc-swaps.mount: Failed to reset devices.list: Operation not permitted
sys-kernel-debug.mount: Failed to reset devices.list: Operation not permitted
sys-fs-fuse-connections.mount: Failed to reset devices.list: Operation not permitted
mnt-yanwoo.mount: Failed to reset devices.list: Operation not permitted
proc-sys-net.mount: Failed to reset devices.list: Operation not permitted
dev-full.mount: Failed to reset devices.list: Operation not permitted
dev-null.mount: Failed to reset devices.list: Operation not permitted
proc-stat.mount: Failed to reset devices.list: Operation not permitted
-.mount: Failed to reset devices.list: Operation not permitted
dev-mqueue.mount: Failed to reset devices.list: Operation not permitted
dev-urandom.mount: Failed to reset devices.list: Operation not permitted
proc-sys-fs-binfmt_misc.mount: Failed to reset devices.list: Operation not permitted
dev-zero.mount: Failed to reset devices.list: Operation not permitted
proc-uptime.mount: Failed to reset devices.list: Operation not permitted
dev-random.mount: Failed to reset devices.list: Operation not permitted
dev-tty.mount: Failed to reset devices.list: Operation not permitted
dev-ptmx.mount: Failed to reset devices.list: Operation not permitted
init.scope: Failed to reset devices.list: Operation not permitted
[  OK  ] Started Journal Service.
[  OK  ] Started Load Kernel Modules.
[  OK  ] Started Uncomplicated firewall.
         Mounting Kernel Configuration File System...
         Starting Apply Kernel Variables...
         Starting Flush Journal to Persistent Storage...
[  OK  ] Started Create Static Device Nodes in /dev.
         Starting udev Kernel Device Manager...
[  OK  ] Started Nameserver information manager.
[  OK  ] Reached target Network (Pre).
[FAILED] Failed to mount Kernel Configuration File System.
See 'systemctl status sys-kernel-config.mount' for details.
[  OK  ] Started Apply Kernel Variables.
[  OK  ] Started udev Kernel Device Manager.
[  OK  ] Started Flush Journal to Persistent Storage.
[  OK  ] Started udev Coldplug all Devices.
[  OK  ] Started Set the console keyboard layout.
[  OK  ] Started Dispatch Password Requests to Console Directory Watch.
[  OK  ] Reached target Encrypted Volumes.
[  OK  ] Reached target Local File Systems (Pre).
[  OK  ] Reached target Local File Systems.
         Starting Set console font and keymap...
         Starting Tell Plymouth To Write Out Runtime Data...
         Starting AppArmor initialization...
         Starting Create Volatile Files and Directories...
[  OK  ] Started Create Volatile Files and Directories.
[  OK  ] Reached target System Time Synchronized.
         Starting Update UTMP about System Boot/Shutdown...
[  OK  ] Started Tell Plymouth To Write Out Runtime Data.
[  OK  ] Started Update UTMP about System Boot/Shutdown.
[  OK  ] Started Set console font and keymap.
[  OK  ] Started AppArmor initialization.
[  OK  ] Reached target System Initialization.
[  OK  ] Listening on UUID daemon activation socket.
[  OK  ] Started Daily Cleanup of Temporary Directories.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Started Daily apt download activities.
[  OK  ] Started systemd-resolved-update-resolvconf.path.
[  OK  ] Reached target Paths.
[  OK  ] Started Daily apt upgrade and clean activities.
[  OK  ] Started Clean PHP session files every 30 mins.
[  OK  ] Started Run certbot twice daily.
[  OK  ] Reached target Basic System.
         Starting System Logging Service...
         Starting Login Service...
[  OK  ] Started Regular background program processing daemon.
         Starting Accounts Service...
[  OK  ] Started D-Bus System Message Bus.
[  OK  ] Started Message of the Day.
[  OK  ] Reached target Timers.
         Starting Raise network interfaces...
[  OK  ] Started System Logging Service.
[  OK  ] Started Login Service.
[  OK  ] Started Accounts Service.
[  OK  ] Started Raise network interfaces.
[  OK  ] Reached target Network.
         Starting Advanced key-value store...
[  OK  ] Started Unattended Upgrades Shutdown.
         Starting OpenBSD Secure Shell server...
         Starting Permit User Sessions...
         Starting Network Name Resolution...
         Starting MariaDB 10.1.30 database server...
[  OK  ] Started Permit User Sessions.
         Starting Hold until boot process finishes up...
         Starting Terminate Plymouth Boot Screen...
[  OK  ] Started Hold until boot process finishes up.
[  OK  ] Created slice system-getty.slice.
[  OK  ] Started Container Getty on /dev/tty1.
[  OK  ] Started Console Getty.
[  OK  ] Reached target Login Prompts.
[  OK  ] Started Terminate Plymouth Boot Screen.
[  OK  ] Started OpenBSD Secure Shell server.
[  OK  ] Started Network Name Resolution.
[  OK  ] Reached target Host and Network Name Lookups.
         Starting The Apache HTTP Server...
[  OK  ] Reached target Network is Online.
         Starting Postfix Mail Transport Agent (instance -)...
         Starting systemd-resolved-update-resolvconf.service...
[  OK  ] Started The Apache HTTP Server.
[  OK  ] Started systemd-resolved-update-resolvconf.service.
[  OK  ] Started Advanced key-value store.
[  OK  ] Started Postfix Mail Transport Agent (instance -).
         Starting Postfix Mail Transport Agent...
[  OK  ] Started Postfix Mail Transport Agent.
[  OK  ] Started MariaDB 10.1.30 database server.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.
 
for the record, this issue appears to not be about backup and recovery, but something that has recently broken which has resulted in my UID mapping to 'www-data' no longer working.

It seemed quite distinct from the issue as I understood it here, so have posted a separate thread: Unable to map to 'www-data' user in container
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back