Problem converting previleged container to unprevileged container.

bad_docker

New Member
Oct 10, 2024
3
0
1
Hi good morning,
I've PVE 8.2.7 running with 2 LXC plex & jellyfin (proxmox script install) running as previleged with NFS share mount from my virtual NAS. I want to convert to unprevilaged so i can make it more secure and use bind mount. But i'm not as per other guides, i did backup and tried to restore as unprevilaged its throwing error 2 and deleting the whole LXC itself. Only way to restore is as previleged LXC.
recovering backed-up configuration from 'local:backup/vzdump-lxc-106-2024_10_09-12_25_41.tar.zst'
Logical volume "vm-106-disk-0" created.
Creating filesystem with 5242880 4k blocks and 1310720 inodes
Filesystem UUID: f788ff14-164d-40e6-a4ac-3fc021ec6174
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
Logical volume "vm-106-disk-1" successfully removed.
restoring 'local:backup/vzdump-lxc-106-2024_10_09-12_25_41.tar.zst' now..
extracting archive '/var/lib/vz/dump/vzdump-lxc-106-2024_10_09-12_25_41.tar.zst'
tar: ./var/spool/postfix/dev/urandom: Cannot mknod: Operation not permitted
tar: ./var/spool/postfix/dev/random: Cannot mknod: Operation not permitted
Total bytes read: 2822144000 (2.7GiB, 369MiB/s)
tar: Exiting with failure status due to previous errors
Logical volume "vm-106-disk-0" successfully removed.
TASK ERROR: unable to restore CT 106 - command 'lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- tar xpf - --zstd --totals --one-file-system -p --sparse --numeric-owner --acls --xattrs '--xattrs-include=user.*' '--xattrs-include=security.capability' '--warning=no-file-ignored' '--warning=no-xattr-write' -C /var/lib/lxc/106/rootfs --skip-old-files --anchored --exclude './dev/*'' failed: exit code 2
 
maybe due to limitation with unpriviled contanier and NFS mount option.
Mounting any kind of Share in LXC can only be with privilegied state.
 
you can try removing those two device nodes prior to making a backup - it might require some changes to the postfix config though..
 
Hi @fabian thx for reply. i'm linux noob. i searched around only to find 1 or 2 posts related to this issue.
if you could elaborate it would help other people having similar issue like me.
yeah i did have NFS mount before taking backup, but i did try removing that NFS mount followed by backup and restore as unprivileged lxc yet it fails.
 
Code:
tar: ./var/spool/postfix/dev/urandom: Cannot mknod: Operation not permitted
tar: ./var/spool/postfix/dev/random: Cannot mknod: Operation not permitted

these two files are special (device nodes), which doesn't work in unprivileged mode. postfix only needs them in certain configurations, so it should be fine to remove them (and potentially, update the config).
 
Code:
tar: ./var/spool/postfix/dev/urandom: Cannot mknod: Operation not permitted
tar: ./var/spool/postfix/dev/random: Cannot mknod: Operation not permitted

these two files are special (device nodes), which doesn't work in unprivileged mode. postfix only needs them in certain configurations, so it should be fine to remove them (and potentially, update the config).
and how to do that? where is this file to be edited or modified? any guide?
 
check the postfix documentation ;)
 
  • Like
Reactions: bad_docker

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!