Bugfix: LXC root filesystem tar extraction (bug in the exclude pattern)

Orwa D orwa.diraneyya at gmail.com
Sat Jan 4 04:07:23 CET 2025 

*TL;DR *
*The tar extraction exclude pattern for LXC containers in the source file *
*/usr/share/perl5/PVE/LXC/**Create.pm* *must be changed from './dev/*' to
'dev/*'*

*Steps to reproduce error due to current bug:*
1. Grab any of the root filesystem cloud images from
https://cloud-images.ubuntu.com/
2. Using Proxmox VE web interface, download one of the tar balls using
the *Download
from URL* UI function
3. Try to create a CT (i.e. LXC container) from the tar-ball template (e.g.
https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64-root.tar.xz
)

*Typical failure message during container creation:*
Task viewer: CT 115 - Create
OutputStatus
Stop
Download
Logical volume "vm-115-disk-0" created.
Creating filesystem with 2097152 4k blocks and 524288 inodes
Filesystem UUID: 5d302f80-bded-46b6-a991-00cafe8a6257
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
extracting archive
'/mnt/pve/folder2TB/template/cache/jammy-server-cloudimg-amd64-root.tar.xz'
tar: dev/console: Cannot mknod: Operation not permitted
tar: dev/full: Cannot mknod: Operation not permitted
tar: dev/null: Cannot mknod: Operation not permitted
tar: dev/ptmx: Cannot mknod: Operation not permitted
tar: dev/random: Cannot mknod: Operation not permitted
tar: dev/tty: Cannot mknod: Operation not permitted
tar: dev/urandom: Cannot mknod: Operation not permitted
tar: dev/zero: Cannot mknod: Operation not permitted
Total bytes read: 1140961280 (1.1GiB, 45MiB/s)
tar: Exiting with failure status due to previous errors
Logical volume "vm-115-disk-0" successfully removed.
TASK ERROR: unable to create CT 115 - command 'lxc-usernsexec -m
u:0:100000:65536 -m g:0:100000:65536 -- tar xpf - -J --totals
--one-file-system -p --sparse --numeric-owner --acls --xattrs
'--xattrs-include=user.*' '--xattrs-include=security.capability'
'--warning=no-file-ignored' '--warning=no-xattr-write' -C
/var/lib/lxc/115/rootfs --skip-old-files --anchored --exclude './dev/*''
failed: exit code 2

*Proposed fix/solution:*
Change the exclude pattern in the tar extraction line above from './dev/*'
to 'dev/*'

This exclude pattern can be currently found in two locations:
  - /usr/share/perl5/PVE/LXC/Create.pm
  - /usr/share/lxc/templates/lxc-local (shell script)

*Success container creation message (after the fix):*
Task viewer: CT 116 - Create
OutputStatus
Stop
Download
Logical volume "vm-116-disk-0" created.
Creating filesystem with 2097152 4k blocks and 524288 inodes
Filesystem UUID: 35681b1e-4220-4d2a-9e1a-f2e17fc16806
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
extracting archive
'/var/lib/vz/template/cache/jammy-server-cloudimg-amd64-root.tar.xz'
(extraction command is 'ARRAY(0x64ac4ede7218)')
Total bytes read: 1140961280 (1.1GiB, 51MiB/s)
Detected container architecture: amd64
Creating SSH host key 'ssh_host_dsa_key' - this may take some time ...
done: SHA256:ft9IuYd6J/OiZVN2acYNe20dBADc7nS9kZS4ihD1iDA root at test
Creating SSH host key 'ssh_host_rsa_key' - this may take some time ...
done: SHA256:Nz+J528gr0ZPQARwvHx6lZgo1hElMxOfuzmFbub3inM root at test
Creating SSH host key 'ssh_host_ecdsa_key' - this may take some time ...
done: SHA256:YRUD2eS1M65WHe4+808sopNtOwGthDM9Qg96O5ljxqw root at test
Creating SSH host key 'ssh_host_ed25519_key' - this may take some time ...
done: SHA256:nLDsxaLs4/VoUjpo7MLlPhKLsssLAlNkV8nOhOUP1nk root at test
TASK OK

Prior to the fix, people were repackaging the root filesystem tarballs
found on the internet to exclude the `dev` folder, as evident here:
https://discuss.linuxcontainers.org/t/simple-script-to-convert-any-gnu-linux-machine-into-a-proxmox-lxc-container/10339
and here https://github.com/my5t3ry/machine-to-proxmox-lxc-ct-converter
which would be unnecessary after this fix.

Regards,
Orwa.



ReplyForward
Add reaction

More information about the pve-devel mailing list