Learn how to change LXC from unprivileged back to privileged. Our LXC/LXD Support team is here to answer queries and concerns.
Change LXC from Unprivileged Back to Privileged in Proxmox in 5 Steps
When creating an LXC container in Proxmox, we can choose to either run it in privileged or unprivileged mode. Unprivileged containers are designed with enhanced security in mind, running under user namespaces that limit access to system resources.
However, certain applications or services require full root privileges, making it necessary to revert an unprivileged container back to a privileged one.
Today, we will walk through the safest and most effective method to change an LXC from unprivileged to privileged using the Proxmox GUI and CLI.
An Overview:
Privileged vs Unprivileged LXC
- Unprivileged LXC Containers:
These run with reduced kernel capabilities, limiting access to critical system resources like raw sockets, device nodes, and system files. They are ideal for multi-tenant environments where security is a priority.
- Privileged LXC Containers:
These run as root on the host system, offering greater access to system resources. They’re more suitable for legacy applications or software that requires elevated privileges, such as NFS mounts or direct hardware access.
Why Change LXC from Unprivileged to Privileged?
Here are some common scenarios where converting to a privileged LXC container makes sense:
- Applications that need to manipulate devices or use system features like `sysctl` will often fail in unprivileged containers.
- Older or hardware-dependent software may not run correctly without full root-level access.
- If strict security restrictions are causing operational issues in your container, converting to privileged may be a workaround, though it does come with reduced security.
Steps to Convert Unprivileged LXC to Privileged
There’s no direct toggle to switch a container’s privilege level. The only reliable method is to back up the unprivileged container and restore it as a privileged one.
Here’s how to do it using the CLI and GUI.
Via CLI
- First, stop the container:
pct stop container_id - Then, backup the Container:
vzdump container_id --dumpdir /var/lib/vz/dumpReplace “ with the actual container ID.
- Next, destroy the Container:
pct destroy container_id - Then, restore as Privileged:
pct restore container_id /var/lib/vz/dump/vzdump-lxc-container_id-date.tar
--storage storage_pool --unprivileged 0
- Finally, start the Container:
pct start container_id
Via GUI (Proxmox Web Interface)
- First, log in to the Proxmox Web UI and access the dashboard.
- Next, we have to shut down the LXC Container. So, click the container on the left panel and click Shutdown from the top menu.
- Then, take a backup. So, go to the Backup tab and click Backup now. Keep default settings or customize as needed. Once you click “Backup,” wait for the “TASK OK” message.
- Now, restore as Privileged. So, click on the backup file in the list and click Restore. Then, select ‘Privileged’ under privilege options and click ‘Restore’ again.
- Then, start the container and confirm that it is running in privileged mode.
[Need assistance with a different issue? Our team is available 24/7.]
Conclusion
If we need to change the LXC from unprivileged back to privileged, the safest and most effective way is to back it up and restore it with the appropriate privilege setting.
In brief, our Support Experts demonstrated how to change LXC from unprivileged back to privileged.
0 Comments