Convert unprivileged container in Proxmox to privileged

  • Blog
  • Convert unprivileged container in Proxmox to privileged

When creating LXC container in Proxmox you can either configure it to run in privileged or unprivileged mode. With the unprivileged mode, you get better security since the container runs in user namespace and reduces the risk of compromise. However, running some applications within an LXC container may require better privileges. In this guide we will walk you through the necessary steps of recreating unprivileged LXC container as privileged.

The process of LXC container conversion from unprivileged to privileged container involves backing up the entire containers, destroying active one, and then recreating by restoring from backup as privileged container.

The steps to change from unprivileged to privileged LXC container are:

  • Stop the container if running
  • Backup existing container (unprivileged)
  • Delete the existing container
  • Recreate the container from backup archive

Step 1: Stop the container

List all running containers:

# pct list
VMID       Status     Lock         Name
109        running                 cloud.cloudspinx.com
110        running                 pihole.cloudspinx.com
111        running                 projects.cloudspinx.com
112        running                 grafana.cloudspinx.com
114        running                 dash.cloudspinx.com
115        running                 erp.cloudspinx.com

Stop the container if it’s in running state. This will ensure your container backup is consistent.

pct stop <container_id>

Step 2: Backup the container

Backup the running container using pct command.

vzdump <<container_id>> --dumpdir /var/lib/vz/dump

Replace <container_id> with your container ID and /var/lib/vz/dump with the path where you want the backup stored if you need to change it.

Here is an example showing how to backup container with ID 110.

# vzdump 110 --dumpdir /var/lib/vz/dump
INFO: starting new backup job: vzdump 110 --dumpdir ./
INFO: filesystem type on dumpdir is 'zfs' -using /var/tmp/vzdumptmp11176_110 for temporary files
INFO: Starting Backup of VM 110 (lxc)
INFO: Backup started at 2024-07-22 13:40:50
INFO: status = stopped
INFO: backup mode: stop
INFO: ionice priority: 7
INFO: CT Name: pihole.cloudspinx.com
INFO: including mount point rootfs ('/') in backup
INFO: creating vzdump archive '/var/lib/vz/vzdump-lxc-110-2024_07_22-13_40_50.tar'
INFO: Total bytes written: 2209566720 (2.1GiB, 156MiB/s)
INFO: archive file size: 2.06GB
INFO: Finished Backup of VM 110 (00:00:15)
INFO: Backup finished at 2024-07-22 13:41:05
INFO: Backup job finished successfully
INFO: notified via target `mail-to-root`

Step 3: Destroy active container

Destroy the container after successful backup.

# pct destroy <container_id>
  Logical volume "snap_vm-110-disk-0_snap1" successfully removed.
  Logical volume "vm-110-disk-0" successfully removed.

Step 4: Restore LXC container

Get a list of all storage pools in you Proxmox cluster.

# pvesm status
Name         Type     Status           Total            Used       Available        %
data      lvmthin     active       489975808       128226668       361749139   26.17%
local         dir     active       483595136         8399744       475195392    1.74%
pbs           pbs     active      1895890924        71930076      1727581152    3.79%
zpool     zfspool     active       483655680         8460184       475195496    1.75%

Restore the container with the option --unprivileged 0 to make it privileged.

pct restore <CONTAINER_ID> /var/lib/vz/dump/vzdump-lxc-<CONTAINER_ID>-<DATE>.tar \
--storage <storage_pool> --unprivileged 0

For example:

pct restore 110 /var/lib/vz/dump/vzdump-lxc-110-2024_07_22-13_40_50.tar \
--unprivileged 0 --storage data

Command execution output:

recovering backed-up configuration from '/var/lib/vz/dump/115/vzdump-lxc-115-2024_07_22-20_47_32.tar'
  Logical volume "vm-115-disk-0" created.
Creating filesystem with 7864320 4k blocks and 1966080 inodes
Filesystem UUID: d7618d87-f795-4667-9e7c-6954cd829558
Superblock backups stored on blocks:
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
restoring '/var/lib/vz/dump/115/vzdump-lxc-115-2024_07_22-20_47_32.tar' now..
extracting archive '/var/lib/vz/dump/115/vzdump-lxc-115-2024_07_22-20_47_32.tar'
Total bytes read: 6965800960 (6.5GiB, 203MiB/s)
merging backed-up and given configuration..

Step 5: Start the container

After restoration, start the container:

pct start 110

Option 2: Automated recreation method

There is a bash script we created in our Github repository that you can use to automate the process.

git clone https://github.com/cloudspinx/proxmox_scripts.git

Change into the directory:

cd proxmox_scripts

Run the script to recreate container as privileged:

bash recreate_container_as_privileged.sh

Input the container ID, storage pool name to proceed with the backup, destroy and restore operations.

Your IT Journey Starts Here!

Ready to level up your IT skills? Our new eLearning platform is coming soon to help you master the latest technologies.

  • Learn at your own pace
  • Access expert-led premium content
  • Gain in-demand IT certification tips and practice questions
  • Master essential skills: Linux, Scripting and Automation, Kubernetes, Cloud, IaC, GitOps, DevOps, Cybersecurity, and more.

Be the first to know when we launch! Join our waitlist now.

Join Waiting List
Twitter Facebook Linkedin Whatsapp Reddit

Join our Linux and open source community. Subscribe to our newsletter for tips, tricks, and collaboration opportunities!

Recent Post

Categories

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Post

Git PR vs MR vs Release vs RC vs Tag vs Branch

Let’s clarify the differences between merge requests (commonly called pull requests in GitHub), releases, release candidates (RCs), tags, and branches […]

  • NO COMMENTS
  • September 5, 2024
Set up Kind Kubernetes with Nginx Ingress using Terraform

Kind (which in full means “Kubernetes IN Docker”), is a command line tool that enables you to run Kubernetes clusters […]

  • NO COMMENTS
  • September 1, 2024
Migrate packages from one cPanel server to another

Are you looking for an easy way to migrate packages from one cPanel server to a new cPanel server? In […]

  • NO COMMENTS
  • August 28, 2024

You can connect with CloudSpinx using the following channels

Hosting Services  
Consultancy Services
Development Services
Networking Services
  • Structured Cabling
  • Firewall solutions
  • Smart Home Solutions
  • Internet filtering
  • Surveillance
  • Communication
Storage & Backup
  • NAS / SAN Storage
  • Software-defined storage (SDS)
  • OS / Apps Backups
  • CCTV Backups
  • Data Recovery
Office Services
Business Applications
  • ERP
  • CRM
  • POS
  • Project Management
  • Communication
  • Communication & Collaboration
  • Accounting & Finance
  • Asset Management
  • E-commerce Platforms
  • Business intelligence
Latest Articles
Newsletter
Follow Us
X-twitter Linkedin Facebook-f Github
Contact US
© Copyright 2024 CloudSpinx Limited
Download CloudSpinx Profile!

Cancellation Policy

Refund Policy

TOS

Let's Connect

Unleash the full potential of your business with CloudSpinx. Our expert solutions specialists are standing by to answer your questions and tailor a plan that perfectly aligns with your unique needs.
You will get a response from our solutions specialist within 12 hours
We understand emergencies can be stressful. For immediate assistance, chat with us now

Contact CloudSpinx today!

Download CloudSpinx Profile

Discover the full spectrum of our expertise and services by downloading our detailed Company Profile. Simply enter your first name, last name, and email address.