Restore of unprivileged containers with custom idmaps yields incorrect permissions

mathiasringhof

New Member
Nov 24, 2018
4
0
1
42
Hi,

I recently made an effort of re-creating all of my containers as unprivileged (all successful I might add, so yay!).

Since I just re-installed Proxmox I noticed the first time that restoring a container with a custom idmap creates the original folders with an incorrect owner - the uid / gid assigned are the ones that would be correct WITHOUT the id mapping.

A concrete example, here's one of my containers config:
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 800 1
lxc.idmap: g 1000 800 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535

So I'm only mapping user container user 1000 to host user 800 so the mapped folders can be used properly - all of that works, everybody's happy.

If you mount the container's drive from root you can see that for example the home folder of user 1000 belongs to host user 800.
After restoring the container the home folder now belongs to uid / gid 101000, which results the container listing "nobody" / "nogroup".

Mounting the drive from the host and chown-ing it back to uid 800 fixes things and the container works as expected.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!