LeMOGO's picture

I just instralled proxmox 5.2 and tried using the templates the mirror has in the /proxmox/ branch but I get a "Cannot mknod: Operation not permitted" error on the tar.
I usually deploy kvm on most of the vms I play with on my proxmox box because I feel don't know enough. I'd like to be able to use containers rather than kvms, so I'd like to know if there's a simple way to use the other formats and which will be the easiest route for someone who knows just a little about linux.
Which way should I go? I'd appreciate any advice.

Jeremy Davis's picture

First up, it's possible to download the TurnKey templates directly within Proxmox. Via the Web UI it should be something like Storage -> YOUR_STORAGE_LOCATION -> Content -> Templates. Or via the commandline like this (assuming 'local' as the local storage to use):

pveam available --section turnkeylinux
pveam download local debian-9-turnkey-lamp_15.1-1_amd64.tar.gz

Regardless, this is a known issue that crops up because of a combination of the limitations of LXC unprivileged containers and the way that Postfix is configured by default in Debian/TurnKey. There is a thread on our issue tracker (which I've just edited a little). If you want to work around it, then please see this comment.

So long as you know and trust those that will have root access of the guest containers, using a privileged container is not a huge security risk. Although it is worth noting that a user with root access to a privileged container can theoretically access the host system if they wish to.

FWIW on my Proxmox servers the default (via both Web UI and CLI) is to create "unprivileged" containers, so I haven't seen that error, but perhaps the defaults in Proxmox have changed in more recent versions? I'd be really interested to hear if that's the case as we should certainly look to how we might be able to work around that better within an "unprivileged" container. Perhaps Debian have a solution? As I've just noted on the issue thread, the issue is actually caused by Postfix, but I'm not clear on the best way to workaround/resolve it. Now that there appears to be a proper fix in newer releases of the kernel, I'm tempted to not even bother trying...

LeMOGO's picture

Thanks Jeremy!

In proxmox 5.2, I get an error when I click "unprivileged container" when creating the container. Unchecked, it worked. I downloaded the image as you suggested. I started downloading directly a while ago when I could not find some of the images from the UI.

Thank you!

Add new comment