Hi All, can someone please help me with the above query.. Thans & Regards, Yasoda
On Fri, Aug 17, 2018 at 9:34 AM Yasoda Padala <[email protected]> wrote: > Hi All, > I have created non-root user on my Ubuntu (16.04) machine who creates > unprivileged LXC containers. > My user's uid/gid on the host is 1000. > and below are the entries in /etc/subuid & /etc/subgid files > > /etc/subuid: > lxcuser:100000 65536 > > /etc/subgid: > lxcuser:100000:65536 > > My requirement is for each LXC unprivileged container, I should be able to > pick a UID/GID range. > For instance, I have created two LXC containers cont1 and cont2 > in cont1 config, I have added the below id mappings > lxc.id_map = u 0 100000 10 > lxc.id_map = g 0 100000 10 > > and in con2 config file, I have added the below id mappings > lxc.id_map = u 0 100020 10 > lxc.id_map = g 0 100020 10 > > cont1 starts successfullly but cont2 gives the below error while starting > the container > > lxc-start 20180817035100.984 ERROR lxc_conf - conf.c:mount_rootfs:798 - > Permission denied - Failed to get real path for > "/home/oxpd/.local/share/lxc/uidranges/rootfs". > > lxc-start 20180817035100.984 ERROR lxc_conf - > conf.c:setup_rootfs:1220 - Failed to mount rootfs > "/home/oxpd/.local/share/lxc/uidranges/rootfs" onto > "/usr/lib/x86_64-linux-gnu/lxc" with options "(null)". > > lxc-start 20180817035100.984 ERROR lxc_conf - > conf.c:do_rootfs_setup:3899 - failed to setup rootfs for 'uidranges' > > lxc-start 20180817035100.984 ERROR lxc_conf - > conf.c:lxc_setup:3981 - Error setting up rootfs mount after spawn > > lxc-start 20180817035100.984 ERROR lxc_start - > start.c:do_start:811 - Failed to setup container "uidranges". > > lxc-start 20180817035100.984 ERROR lxc_sync - > sync.c:__sync_wait:57 - An error occurred in another process (expected > sequence number 3) > > lxc-start 20180817035100.985 ERROR lxc_start - > start.c:__lxc_start:1358 - Failed to spawn container "uidranges". > > lxc-start 20180817035106.524 ERROR lxc_start_ui - > tools/lxc_start.c:main:366 - The container failed to start. > > lxc-start 20180817035106.525 ERROR lxc_start_ui - > tools/lxc_start.c:main:368 - To get more details, run the container in > foreground mode. > > lxc-start 20180817035106.525 ERROR lxc_start_ui - > tools/lxc_start.c:main:370 - Additional information can be obtained by > setting the --logfile and --logpriority options. > > > > My understanding is lxcuser who has been assigned with id range of > 100000-165536 can assign a distinct subuid/gid ranges for each container > spawned by lxcuser. > > is my understanding correct ?? I am not finding any reference documents > for custom user mappings for LXC unprivileged containers > > Any help on this is highly appreciated. > > > > Thanks & Regards, > > Yasoda > > > > >
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
