Learn how to convert Privileged to Unprivileged containers in Proxmox. Our Proxmox Support team is here to help you with your questions and concerns.

Proxmox Convert Privileged to Unprivileged

Linux Containers are popular for their lightweight virtualization capabilities. Unprivileged LXC containers offer a higher level of security by using user namespaces. It is a kernel feature that maps user and group IDs to a different range than on the host machine. Hence, even if a container is compromised, it affects a random unprivileged user rather than the root user. This makes it a generic kernel security issue rather than an LXC-specific problem.

Creating unprivileged containers in Proxmox Virtual Environment can be done via the GUI, starting from version 4.4. For earlier versions, it’s possible to create them via the console using the command:

pct create 1234 ... -unprivileged 1

Converting an existing container to an unprivileged one involves backing up the container and then restoring it with the unprivileged flag. While we can not directly convert a container through the GUI, we can use this command:

pct restore xxxx /var/lib/vz/dump/vzdump-lxc-yyyy-2023_02_03-12_11_12.tar.gz -ignore-unpack-errors 1 -unprivileged

Here, xxxx is the new container ID and yyyy in the back up file is the old container ID.

It’s important to note that switching between privileged and unprivileged modes requires rewriting all file metadata, so it’s not possible to do this in-place. Additionally, shrinking a disk is risky and depends on the filesystem, so it’s not recommended from the PVE side. Let us know in the comments if you need help with converting privileged containers to unprivileged containers.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

In brief, our Support Experts introduced us to converting Privileged to Unprivileged containers in Proxmox.