MountPoint with lxc.idmap no longer working

indiana

Member
Sep 3, 2021
4
0
6
Hi,

about a week ago I started getting my NUC-Server working because of problems with my nextcloud container (Docker on Synology).
Especially with the data folder for nextcloud I had / have my problems. This folder shall not be locally on my NUC. Until a problem while the installation (Tried with snap but externl DB was not working) I decided to do a restore before the snap installation. From this point on I mentioned that the mount point was no longer writable.
As a container is not so much work to setup I started from scratch with this one. So far so good but I'm not able to get the MountPoint and lxc.idmap back to work.
So please I need some help and hope someone here is able to see my mistake.

Synolgy NAS:
User: 1044:100

PVE:
Storage as CIFS with Synology user credentials adde by gui and Disk image content.
User root is able to write/delete below the mounted folder.
Code:
ls -ld /mnt/pve/nextcloud/
drwxr-xr-x 2 root root 0 Sep 20 10:26 /mnt/pve/nextcloud/
The result does not change after "chown -R 1044:1000 /mnt/pve/nextcloud" with Synology UID. There is no additional local user created.

LXC from Debian 11 template (101):
Nested=1
unpriliged=1
Updated timezone and NTP.
Added new user with sudo capability.
Updated / Upgraded the container .
Changed the UID from 1000 to 1044. Group ID was not changed.
Created mount folder /mnt/data and chown -R 1044:1000.
Later www-data (nextcloud needs this) should get the UID 1044, so the above user change is for test only.
Stopped the CT.

PVE:
Executed:
Code:
pct set 101 -mp0 /mnt/pve/nextcloud,mp=/mnt/data
Added the following to the /etc/pve/lxc/101.conf
Code:
lxc.idmap%3A u 0 100000 1044
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1044 1044 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1045 101045 64491
lxc.idmap: g 1001 101001 64535
Added the following to the /etc/subuid and /etc/subguid
Code:
root:1044:1

I tried also to change the group ID of the LXC user and added also a user with the same credentials on the PVE. Both without luck. The user add created also some additional entris within subuid and subguid. Maybe I misunderstand somethind with the lxc.idmap. I'm not realy sure wich column stands for PVE or LXC.

When I start the container within the PVE Terminal there are two Errors:
"systemd-journald-audit.socket: Failed to create listening socket (audit 1): Operation not permitted" and
"Failed to mount Kernel Configuration File System"
On stop:
"[FAILED] Failed unmounting /mnt/data."
Maybe more details within the attached log

The second and the failure on stop maybe cause the problem but I don#t know what to do. My search result was not so helpfull for me.
Mainly I found a quite similar post but I don't see what I do wrong. Also the wiki didn't helped me.

I also tried so much different combinations without result. Thats bit frustrating and makes me realy lost. Especially as it was working and I don't know what I've done different before. So please help I don't know what I can do anymore.

Best regards
Indy
 

Attachments

I have lxc mapping issues as well, stated here:

https://forum.proxmox.com/threads/l...work-old-files-not-visible.96593/#post-418660

But even when try a fresh lxc for debian 10 and also 11 and booting them gives me this. Apart from the many errors on top there are also errors on booting the lxc. Also above mentioned systemd-journald-audit.socket: Failed to create listening socket (audit 1): Operation not permitted

Code:
root@pve:~# lxc-start -F -n 109
lxc-start: 109: utils.c: __safe_mount_beneath_at: 1106 Function not implemented - Failed to open 53(dev)
                                                                                                        lxc-start: 109: utils.c: __safe_mount_beneath_at: 1106 Function not implemented - Failed to open 56(full)
                                             lxc-start: 109: utils.c: __safe_mount_beneath_at: 1106 Function not implemented - Failed to open 56(null)
                                                                                                                                                      lxc-start: 109: utils.c: __safe_mount_beneath_at: 1106 Function not implemented - Failed to open 56(random)
                                                                                             lxc-start: 109: utils.c: __safe_mount_beneath_at: 1106 Function not implemented - Failed to open 56(tty)
                                 lxc-start: 109: utils.c: __safe_mount_beneath_at: 1106 Function not implemented - Failed to open 56(urandom)
                                                                                                                                             lxc-start: 109: utils.c: __safe_mount_beneath_at: 1106 Function not implemented - Failed to open 56(zero)
                                                                                  systemd 241 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to Debian GNU/Linux 10 (buster)!

Set hostname to <test>.
File /lib/systemd/system/systemd-journald.service:12 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling.
Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)
[  OK  ] Started Dispatch Password Requests to Console Directory Watch.
[  OK  ] Created slice system-container\x2dgetty.slice.
[  OK  ] Listening on initctl Compatibility Named Pipe.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Created slice system-postfix.slice.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Reached target Slices.
[  OK  ] Reached target Swap.
[  OK  ] Started Forward Password Requests to Wall Directory Watch.
[  OK  ] Reached target Paths.
[  OK  ] Listening on Journal Socket.
         Starting Helper to synchronize boot up for ifupdown...
         Starting Remount Root and Kernel File Systems...
         Mounting POSIX Message Queue File System...
systemd-journald-audit.socket: Failed to create listening socket (audit 1): Operation not permitted
systemd-journald-audit.socket: Failed to listen on sockets: Operation not permitted
systemd-journald-audit.socket: Failed with result 'resources'.
[FAILED] Failed to listen on Journal Audit Socket.
See 'systemctl status systemd-journald-audit.socket' for details.
[  OK  ] Listening on Journal Socket (/dev/log).
[  OK  ] Listening on Syslog Socket.
         Starting Journal Service...
         Starting Load Kernel Modules...
[  OK  ] Reached target Local Encrypted Volumes.
[  OK  ] Mounted POSIX Message Queue File System.
[  OK  ] Started Remount Root and Kernel File Systems.
         Starting Create System Users...
[  OK  ] Started Load Kernel Modules.
         Mounting Kernel Configuration File System...
         Starting Apply Kernel Variables...
[  OK  ] Started Helper to synchronize boot up for ifupdown.
sys-kernel-config.mount: Mount process exited, code=exited, status=32/n/a
sys-kernel-config.mount: Failed with result 'exit-code'.
[FAILED] Failed to mount Kernel Configuration File System.
See 'systemctl status sys-kernel-config.mount' for details.
[  OK  ] Started Create System Users.
         Starting Create Static Device Nodes in /dev...
[  OK  ] Started Apply Kernel Variables.
[  OK  ] Started Journal Service.
         Starting Flush Journal to Persistent Storage...
[  OK  ] Started Create Static Device Nodes in /dev.
[  OK  ] Reached target Local File Systems (Pre).
[  OK  ] Reached target Local File Systems.
         Starting Raise network interfaces...
[  OK  ] Started Flush Journal to Persistent Storage.
         Starting Create Volatile Files and Directories...
[  OK  ] Started Create Volatile Files and Directories.
         Starting Update UTMP about System Boot/Shutdown...
[  OK  ] Reached target System Time Synchronized.
[  OK  ] Started Update UTMP about System Boot/Shutdown.
[  OK  ] Reached target System Initialization.
[  OK  ] Started Daily Cleanup of Temporary Directories.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Basic System.
[  OK  ] Started Regular background program processing daemon.
[  OK  ] Started D-Bus System Message Bus.
         Starting System Logging Service...
         Starting Login Service...
[  OK  ] Started Daily man-db regeneration.
[  OK  ] Started Daily rotation of log files.
[  OK  ] Started Daily apt download activities.
[  OK  ] Started Daily apt upgrade and clean activities.
[  OK  ] Reached target Timers.
[  OK  ] Started System Logging Service.
[  OK  ] Started Login Service.
[  OK  ] Started Raise network interfaces.
[  OK  ] Reached target Network.
[  OK  ] Reached target Network is Online.
         Starting Postfix Mail Transport Agent (instance -)...
         Starting OpenBSD Secure Shell server...
         Starting Permit User Sessions...
[  OK  ] Started Permit User Sessions.
[  OK  ] Started Console Getty.
[  OK  ] Started Container Getty on /dev/tty1.
[  OK  ] Started Container Getty on /dev/tty2.
[  OK  ] Reached target Login Prompts.
[  OK  ] Started OpenBSD Secure Shell server.
[  OK  ] Started Postfix Mail Transport Agent (instance -).
         Starting Postfix Mail Transport Agent...
[  OK  ] Started Postfix Mail Transport Agent.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 10 test console

test login:
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!