Problems after migrating from OpenVZ to LXC

Jul 20, 2019

Sorry about the translation, I use an online translator.

I have migrated OpenVZ servers from the "virtualizor" panel to "proxmox" with LXC.

Everything seems to work fine, they are servers with CPanel, the servers run cron jobs, but we are getting this error:

Failed to make mounts private: Permission denied

Turns out we've contacted CPanel and they tell us the error is this:


Thank you for your patience while I investigated this issue.

It looks like the following mount points are set to ReadOnly, which is likely causing the issues you are seeing:
[root@server2 ~]# mount -l | grep ro, | grep -v virtfs
proc on /proc/sys type proc (ro,nosuid,nodev,noexec,relatime)
proc on /proc/sysrq-trigger type proc (ro,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)

Can you please remove the read-only flag from the above mount points, and then attempt to create a cron job again?

Does anyone know how I can correct it? These are my first steps with proxmox.


Proxmox Staff Member
Staff member
Jul 28, 2015
South Tyrol/Italy
Does anyone know how I can correct it? These are my first steps with proxmox.
That those are read only is a feature for CTs, it's required to ensure that the one having admin access to the CT can not increase memory/cpu limits, or similar stuff for priviledged CTs like you use.

If it's enough that "/sys/ is writeable then just use "unprivileged" CTs (can do by backup CT and restore with unprivileged ticked on". They can actual have a writeable "/sys" as they are much more contained (heh) and confined than privileged CTs. If that works for you that'd be the best solution.

If you require more and do not 100% fully trust those who have access to this virtual server then it's best to use a Virtual Machine (VM), there you do not have any such problems.

But, if you trust the CT fully you could make both procfs and sysfs read/writeable with:
echo " = proc:rw sys:rw" >> /etc/pve/nodes/<NODENAME>/lxc/<VMID>.conf
As said, only do this if you fully trust the CT, it's software and the people having access to this container..


Proxmox Staff Member
Staff member
Nov 19, 2018


The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!