[solved] Unable to "pct create" an unprivileged debian container

P

proxmix

New Member
Nov 23, 2023
19
4
3
Hi,

I'm using Proxmox PVE 8.1. Creating unprivileged containers using the WebGUI works fine, but I'm unable to create an unpriviledged container using the pct create command line tool and even worse I'm unable to find my mistake. Thus your help is very much appreciated.

Bash: 
#Creating an privileged container works fine:
pct create 1000 /var/lib/vz/template/cache/debian-12-standard_12.2-1_amd64.tar.zst --ostype debian --storage VMs --hostname test2 --cores 1 --memory 512

echo "^^^ this command worked fine"
echo "vvv this command fails"

#Trying to create an unprivileged container:
pct create 1001 /var/lib/vz/template/cache/debian-12-standard_12.2-1_amd64.tar.zst --ostype debian --storage VMs --hostname test2 --cores 1 --memory 512 --unprivileged 1

The last command produces this output:
Code: 
extracting archive '/var/lib/vz/template/cache/debian-12-standard_12.2-1_amd64.tar.zst'
tar: /var/lib/lxc/1001/rootfs: Cannot open: Permission denied
tar: Error is not recoverable: exiting now
unable to create CT 1001 - command 'lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- tar xpf - --zstd --totals --one-file-system -p --sparse --numeric-owner --acls --xattrs '--xattrs-include=user.*' '--xattrs-include=security.capability' '--warning=no-file-ignored' '--warning=no-xattr-write' -C /var/lib/lxc/1001/rootfs --skip-old-files --anchored --exclude './dev/*'' failed: exit code 2

Thanks a lot for your support!

Best regards,
proxmix
 
I'm still searching for the cause. The pct man page states, that unprivileged shouldn't be modified manually:

"--unprivileged <boolean> (default = 0)
Makes the container run as unprivileged user. (Should not be modified manually.)"

What does manually mean here? Via the command line? Or shouldn't the setting just not be changed in the lxc's conf directly?
 
Last edited:
Oh ha. It [suddenly] works! ;-) Don't know exactly why - ok, I've reinstalled Proxmox from scratch, that obviously did the trick.
 
Hi @proxmix ,

Good to know you managed.

Just for the record: I had the same problem a while ago and solved it enablenig ACLs for the drive that I was trying to use as storage for the root filesystem of the new container.

In my particular case, I had to delete "noacl" from the mount options of that drive in /etc/fstab.

Hope this helps somebody... I experimented Hell for almost a hole working day.

Regards
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom