Ownership changes for bind mounts after recent update

S

someRandomNoob

New Member
Feb 8, 2026
2
0
1
Hello Everyone! :)

My Homeserver runs Debian 13.3 (Trixie) with Proxmox (no Enterprise subscription) installed. A few days ago I installed the available Updates like i always do.

I run a bunch of privleged containers with bind mounts. Since I installed the updates the ownership of all root directories of all the bind mounts changed from what they where to root:root. Changing them back does not work (it does not matter if the container is running or not), because after I (re)start a container they get changed back to root:root. Is this a new behaviour or did i miss something else?

Example mount point entry:

Code: 
mp0: /mnt/vm-storage/permanent/git/,mp=/srv/git

Packages that where updated with the new Version:
Code: 
ifupdown2 3.3.0-1+pmx12
libnvpair3linux 2.4.0-pve1
libproxmox-backup-qemu0 2.0.2
libpve-common-perl 9.1.7
libpve-network-api-perl 1.2.5
libpve-network-perl 1.2.5
libuutil3linux 2.4.0-pve1
libzfs7linux 2.4.0-pve1
libzpool7linux 2.4.0-pve1
lxc-pve 6.0.5-4
proxmox-backup-client 4.1.2-1
proxmox-backup-file-restore 4.1.2-1
proxmox-kernel-6.17 6.17.9-1
proxmox-kernel-6.17.9-1-pve-signed 6.17.9-1
pve-container 6.1.0
pve-manager 9.1.5
qemu-server 9.1.4
zfsutils-linux 2.4.0-pve1
zfs-zed 2.4.0-pve1


Best Regards

someRandomNoob
 
The change log of pve-container 6.1.0 mentioned something about using the owner/group of a mountpoint if the directory already exists in the container before mounting.
Maybe remove the directory inside the container with the mountpoint temporarily disabled? Or change the owner/group (inside the container or from the Proxmox host) with the mountpoint temporarily disabled?
I was not bitten by this or the other issues of that update, so I have no real experience with it.

EDIT: See also this thread:
powersupport

Post in thread 'Mountpoints for LXC containers broken after update'

After the update, Proxmox now handles container mount points more strictly. This mainly affects unprivileged containers.

  • Mounted folders now show up as root:root inside the container, so services like MySQL can’t access their files.
  • If a mount point is set to read-only, the container may fail to start completely.

This is due to recent security and kernel changes, not a misconfiguration.

  • Enable idmapped mounts (recommended):

    pct set <CTID> -features mountidmap=1
  • Or avoid using ro=1 and make the folder read-only from inside the...
  • Like
 
Last edited:
Her is some Feedback after doing some Experiments:

Changing the Owner/Permissions of the mountpoint in the container while it's not mounted works.

The correct solution would probaply be the idmap shenanigans. But that's for another time.

For now I went with a different Solution:

On the Host I created a directory for each container which needs access to one or more directories on the host. Example:
Code: 
mkdir /mnt/bind-mounts/storage-server

With a bind-mount Mount the directories the container needs access to via /etc/fstab in a subdirectory of this directory. Example:
Code: 
mkdir /mnt/bind-mounts/storage-server/data
echo "/mnt/disk1/data     /mnt/bind-mounts/storage-server/data      none    defaults,bind   0       0" >> /etc/fstab
systemctl daemon-reload
mount /mnt/bind-mounts/storage-server

Mount the directory via an "lxc.mount.entry" in the corresponding /etc/pve/lxc/*.conf. (Using an "mpX:" entry does not work because the "rbind" option is not supported there.) Example:
Code: 
echo "lxc.mount.entry: /mnt/bind-mounts/storage-server mnt/storage-server none bind,rbind,create=dir 0 0" >> /etc/pve/lxc/103.conf

Now the "/mnt/disk1/data" directory on the host is available in the container under "/mnt/storage-server/data" and I don't have to care about the mountpoint owner (/mnt/storage-server).

Is it a good solution? Probaply not. But It works for me for now. :)
 
You must log in or register to reply here.
Top Bottom
Back