Problems after migrating from OpenVZ to LXC

corianito

Member
Jul 20, 2019
43
0
11
37
Hello!

Sorry about the translation, I use an online translator.

I have migrated OpenVZ servers from the "virtualizor" panel to "proxmox" with LXC.

Everything seems to work fine, they are servers with CPanel, the servers run cron jobs, but we are getting this error:

Failed to make mounts private: Permission denied

Turns out we've contacted CPanel and they tell us the error is this:

***
Hello,

Thank you for your patience while I investigated this issue.

It looks like the following mount points are set to ReadOnly, which is likely causing the issues you are seeing:
=====
[root@server2 ~]# mount -l | grep ro, | grep -v virtfs
proc on /proc/sys type proc (ro,nosuid,nodev,noexec,relatime)
proc on /proc/sysrq-trigger type proc (ro,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
=====

Can you please remove the read-only flag from the above mount points, and then attempt to create a cron job again?
***

Does anyone know how I can correct it? These are my first steps with proxmox.
 
Does anyone know how I can correct it? These are my first steps with proxmox.

That those are read only is a feature for CTs, it's required to ensure that the one having admin access to the CT can not increase memory/cpu limits, or similar stuff for priviledged CTs like you use.

If it's enough that "/sys/ is writeable then just use "unprivileged" CTs (can do by backup CT and restore with unprivileged ticked on". They can actual have a writeable "/sys" as they are much more contained (heh) and confined than privileged CTs. If that works for you that'd be the best solution.

If you require more and do not 100% fully trust those who have access to this virtual server then it's best to use a Virtual Machine (VM), there you do not have any such problems.

But, if you trust the CT fully you could make both procfs and sysfs read/writeable with:
Code:
echo "lxc.mount.auto = proc:rw sys:rw" >> /etc/pve/nodes/<NODENAME>/lxc/<VMID>.conf

As said, only do this if you fully trust the CT, it's software and the people having access to this container..
 
Okay.

A "silly" question. Do you have any way to migrate from LXC to QEMU for newbies like me?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!