PBS: proxmox-backup-proxy fails to start due to permission issues on /run/proxmox-backup

[Chris]

Yes, it’s running inside a Debian LXC container (see the configuration below). I’m aware that the issue is related to missing permissions, which is why I’m using the workaround of creating /run/proxmox-backup before starting PBS.

arch: amd64
cores: 4
features: nesting=1
hostname: pbs-vaduz
memory: 2048
mp0: /mnt/pbs-vaduz/backups,mp=/mnt/backups
nameserver: 10.11.16.10 10.11.0.10 2a00:f8c0:9523:10::10 2a00:f8c0:9523::10
net0: name=eth0,bridge=vmbr0,gw=,gw6=fd44:0104:1983:11::1,hwaddr=BC:24:11:DC:F7:BB,ip=10.11.17.11/24,ip6=fd44:0104:1983:11::11/64,tag=117,type=veth
onboot: 1
ostype: debian
rootfs: local-zfs:subvol-311-disk-1,size=8G
searchdomain: ad.domain
swap: 2048
unprivileged: 0

Was this initially an unprivileged container? I can reproduce your issue when toggling unprivileged: 0 from an initial unprivileged: 1. Reverting this to an unprivileged while keeping the nesting enabled solves the mount issue in my test case.

 

[xtek]

are you also running PBS inside a privileged container?

Yes this is a privileged container.

 

[v3rm1n]

There was an issue with the zfs pool, i created a mount to the host. Its working for now, but ill keep an eye on it

 

[STRUBartacus]

Was this initially an unprivileged container? I can reproduce your issue when toggling unprivileged: 0 from an initial unprivileged: 1. Reverting this to an unprivileged while keeping the nesting enabled solves the mount issue in my test case.

That's possible, yes. As far as I can remember, I switched to privileged because of the mount point.
How can I solve the problem? Build a new container that is privileged from the start?

 

[Chris]

That's possible, yes. As far as I can remember, I switched to privileged because of the mount point.
How can I solve the problem? Build a new container that is privileged from the start?

You might want to try and switch it back to be an unprivileged container, but also enable the nesting feature. Note that unprivileged containers are recommended and switching state might cause ownership and permission issues due to user and group mapping.

 

[STRUBartacus]

This issue was self-inflicted, not a PBS bug. Thanks for the hint!

The container was originally unprivileged and later switched to privileged to allow a bind-mount, but file ownership inside the container was not properly normalized. This led to permission issues (including /run/proxmox-backup) and caused proxmox-backup-proxy to fail.

After fixing ownership, the service starts normally again without any workaround.

Sorry for the confusion and the extra effort caused.