LXC Ubuntu 24.04 the dmesg isn't working

[Toastbrot77]

I have an Ubuntu 24.04. running in an LXC container that is based on template ubuntu-24.04-standard_24.04.-2_amd64.tar.zst and I'm having some problems with it.
I can't get to the output of dmesg.
$ dmesg
dmesg: read kernel buffer failed: Operation not permitted

Also with
$ sudo dmesg
I get the same error message.

When I try to fix this I get this message
$ sudo sysctl kernel.dmesg_restrict=0
sysctl: setting key "kernel.dmesg_restrict", ignoring: Read-only file system
kernel.dmesg_restrict = 0

What can I do to see the messages?

Proxmox: 8.3.2
CT Template: ubuntu-24.04-standard_24.04.-2_amd64.tar.zst

 

[dakralex]

Hi!

I assume that this is an unprivileged LXC container, then this behavior is normal since unprivileged containers map the container's root user to an unprivileged user outside of the container. Therefore the root user in the container cannot perform any actions, which need the usual root capabilities to read the kernel ring buffer, write to the sysfs, etc.

Keep in mind, that privileged containers are considered not safe and should only be run with care and trusted services.

 

[Toastbrot77]

Hi,
thank you very much for the quick and good answer.
My container is unprivileged and I was not aware of the difference.
Now I also realize where the other problems I have come from, e.g. mounting drives via cifs.
The container only runs unproblematic local applications such as Paperless, Immich and others.

 

[lethargos]

Is there no way to allow access to dmesg without running a privileged container?

 

[dakralex]

Is there no way to allow access to dmesg without running a privileged container?

One way you could do this, even though I do not encourage it, is to add the syslog capability CAP_SYSLOG to the container. Another much less secure way is to set /proc/sys/kernel/dmesg_restrict on the host to 0, which allows any user on the host system, including any container, access to the syslog.