Am 26.11.25 um 09:54 schrieb Thomas Lamprecht: > Am 26.11.25 um 09:31 schrieb Fabian Grünbichler: >> On November 25, 2025 3:19 pm, Filip Schauer wrote: >>> Previously, creating privileged containers from OCI images failed with: >>> `unable to create CT 123 - Invalid argument` >>> >>> This was caused by an empty $id_map being passed to run_in_userns. >>> >>> This commit fixes this by making the call to run_in_userns conditional, >>> based on whether $id_map is empty or not. >>> >>> Reported in the Proxmox forum: >>> https://forum.proxmox.com/threads/proxmox-virtual-environment-9-1-available.176255/post-818600 >>> >>> Signed-off-by: Filip Schauer <[email protected]> >> or we could forbid creating them, since we want to get rid of privileged >> containers mid-to-longterm anyway? > > Yeah, I had a similar reply as draft here. If it never worked at all for OCI, > that might be indeed the better route. It might be better to put your energy
(your = Filip) > into improving the UX for unprivileged CTs (uid shifts, bind mounts, ...?) > so that any still existing need (or simply less friction) for using privileged > ones goes away. As with that we could indeed start sunsetting them with PVE 10 > (e.g. remove from UI in that version, then in PVE 11 from the create API, only > allowing to run pre-existing CTs). _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
