[SOLVED] ID mapping error after restoring LXC from backup after fresh install 6.4

F

fuzzyduck

Member
Jul 14, 2021
66
3
13
44
Hey,

So i had to reinstall a fresh 6.4 after a failed 7. Now i can recover some LXC which dont have any ID mapping. But others had read/write access to the host because i mapped u1000 g1000 to be the same in host AND lxc.

I forgot how i did it but i used this as guidance:
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

* On the host i had a Harro:Harro on 1000:1000 (myname)
* On multiple LXC i had made an Harro:Harro on 1000:1000 as well.

This way i was able to read/write on the host from within the LXC.

i already made the host side, but recovering a lxc gives me:

Code: 
recovering backed-up configuration from 'LibreElecBackup:backup/vzdump-lxc-201-2021_07_15-05_06_32.tar.zst'
restoring 'LibreElecBackup:backup/vzdump-lxc-201-2021_07_15-05_06_32.tar.zst' now..
extracting archive '/mnt/pve/LibreElecBackup/dump/vzdump-lxc-201-2021_07_15-05_06_32.tar.zst'
lxc 20210715182225.213 ERROR    conf - conf.c:lxc_map_ids:2878 - newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [1000-1001) not allowed": newuidmap 70225 0 100000 1000 1000 1000 1 1001 101001 64530 65534 165534 1
Failed to write id mapping for child process
lxc 20210715182225.213 ERROR    utils - utils.c:lxc_setgroups:1469 - Operation not permitted - Failed to setgroups()
lxc 20210715182225.213 ERROR    utils - utils.c:lxc_switch_uid_gid:1447 - Invalid argument - Failed to switch to gid 0
TASK ERROR: unable to restore CT 103 - command 'lxc-usernsexec -m u:0:100000:1000 -m g:0:100000:1000 -m u:1000:1000:1 -m g:1000:1000:1 -m u:1001:101001:64530 -m g:1001:101001:64530 -m u:65534:165534:1 -m g:65534:165534:1 -- tar xpf - --zstd --totals --one-file-system -p --sparse --numeric-owner --acls --xattrs '--xattrs-include=user.*' '--xattrs-include=security.capability' '--warning=no-file-ignored' '--warning=no-xattr-write' -C /var/lib/lxc/103/rootfs --skip-old-files --anchored --exclude './dev/*'' failed: exit code 1

the LXC config:

Code: 
#http://sabnzbd.local%3A8080/
#
#192.168.1.7
arch: amd64
cores: 8
hostname: SABnzbd
memory: 2048
mp0: /TANK/shares/games/,mp=/mnt/games
mp1: /TANK/shares/downloads/,mp=/mnt/downloads
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=D6:FF:64:B0:38:B6,ip=dhcp,type=veth
onboot: 1
ostype: ubuntu
rootfs: Containers:subvol-201-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64530
lxc.idmap: g 1001 101001 64530
lxc.idmap: u 65534 165534 1
lxc.idmap: g 65534 165534 1

On the newly installed host i have:
Code: 
root@pve:/etc# id Harro
uid=1000(Harro) gid=1000(Harro) groups=1000(Harro)

and at the moment i have this in /etc/subgid:
Code: 
root:100000:65536
Harro:165536:65536

and /etc/subuid:
Code: 
root:100000:65536
Harro:165536:65536

That last part. subgid and subuid is something i dont dare touch yet. But it might be the clue though.

It took me ages to get it right, and now its broken again. Im so shot.......

How can i restore these backups?
 
Last edited:
i guess its not allowed to bump? but im having a hard time fixing this.
My question in a nutshell: How can i restore a LXC backup on a fresh installed 6.4 host with these mappings added:

Code: 
unprivileged: 1
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64530
lxc.idmap: g 1001 101001 64530
lxc.idmap: u 65534 165534 1
lxc.idmap: g 65534 165534 1

All i did so far is create the Harro user on u1000 g1000 as stated above.

Im barely scratching the surface at the terminal so im pretty clueless actually lol.

thankt you for responding!
 
i have tried all options on backup:
-from backup
-privileged
-unprivileged

as well as setting this in /etc/subgui and /etc/subuid +reboot
Harro:1000:1

do i need a reboot after setting subgui and subuid?
 
Last edited:
fixed it!

just had to add root:1000:1 to /etc/subgid and /etc/subuid, without editing what was already there.

So recap:

*Make a user inside an LXC

*Make the same user on the pve host

*Make them both both uid1000 and gui1000 or any other free ID.

*add this to the lxc config, mapping 1000:1000 to 1000:1000 so they have the same ownership on both sides. Its in fact written here:
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

Code: 
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64530
lxc.idmap: g 1001 101001 64530
lxc.idmap: u 65534 165534 1
lxc.idmap: g 65534 165534 1

If i recall correctly the last 2 lines where for user APT in Ubuntu. But not sure.

*add root:1000:1 to /etc/subgid and /etc/subuid

*add this to the lxc config. 2 examples
mp0: /TANK/shares/games/,mp=/mnt/games
mp1: /TANK/shares/downloads/,mp=/mnt/downloads

*do a chown -R 0770 on the shared dir to recursively modify ownership to that user with u1000:g1000

*profit!
 
Last edited:
  • Like
Reactions: bobmc
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom