Hi Yasoda,
only 10 ids is a bit short for a container. You should increase this
number to cover at least the system ids 0-999. Depending on the
distribution you run in your containers, you can be sharper and only
involve the needed ids but they all have to be covered.
Xavier
Le 20/08/2018 à 09:13, Yasoda Padala a écrit :
Hi All,
can someone please help me with the above query..
Thans & Regards,
Yasoda
On Fri, Aug 17, 2018 at 9:34 AM Yasoda Padala <[email protected]
<mailto:[email protected]>> wrote:
Hi All,
I have created non-root user on my Ubuntu (16.04) machine who
creates unprivileged LXC containers.
My user's uid/gid on the host is 1000.
and below are the entries in /etc/subuid & /etc/subgid files
/etc/subuid:
lxcuser:100000 65536
/etc/subgid:
lxcuser:100000:65536
My requirement is for each LXC unprivileged container, I should be
able to pick a UID/GID range.
For instance, I have created two LXC containers cont1 and cont2
in cont1 config, I have added the below id mappings
lxc.id_map = u 0 100000 10
lxc.id_map = g 0 100000 10
and in con2 config file, I have added the below id mappings
lxc.id_map = u 0 100020 10
lxc.id_map = g 0 100020 10
cont1 starts successfullly but cont2 gives the below error while
starting the container
lxc-start 20180817035100.984 ERROR lxc_conf -
conf.c:mount_rootfs:798 - Permission denied - Failed to get real
path for "/home/oxpd/.local/share/lxc/uidranges/rootfs".
lxc-start 20180817035100.984 ERROR lxc_conf -
conf.c:setup_rootfs:1220 - Failed to mount rootfs
"/home/oxpd/.local/share/lxc/uidranges/rootfs" onto
"/usr/lib/x86_64-linux-gnu/lxc" with options "(null)".
lxc-start 20180817035100.984 ERROR lxc_conf -
conf.c:do_rootfs_setup:3899 - failed to setup rootfs for 'uidranges'
lxc-start 20180817035100.984 ERROR lxc_conf -
conf.c:lxc_setup:3981 - Error setting up rootfs mount after spawn
lxc-start 20180817035100.984 ERROR lxc_start -
start.c:do_start:811 - Failed to setup container "uidranges".
lxc-start 20180817035100.984 ERROR lxc_sync -
sync.c:__sync_wait:57 - An error occurred in another process
(expected sequence number 3)
lxc-start 20180817035100.985 ERROR lxc_start -
start.c:__lxc_start:1358 - Failed to spawn container "uidranges".
lxc-start 20180817035106.524 ERROR lxc_start_ui -
tools/lxc_start.c:main:366 - The container failed to start.
lxc-start 20180817035106.525 ERROR lxc_start_ui -
tools/lxc_start.c:main:368 - To get more details, run the container
in foreground mode.
lxc-start 20180817035106.525 ERROR lxc_start_ui -
tools/lxc_start.c:main:370 - Additional information can be obtained
by setting the --logfile and --logpriority options.
My understanding is lxcuser who has been assigned with id range of
100000-165536 can assign a distinct subuid/gid ranges for each
container spawned by lxcuser.
is my understanding correct ?? I am not finding any reference
documents for custom user mappings for LXC unprivileged containers
Any help on this is highly appreciated.
Thanks & Regards,
Yasoda
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
