<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Sun, Nov 22, 2015 at 9:30 PM, MonkZ <span dir="ltr"><<a href="mailto:i@monkz.de" target="_blank">i@monkz.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi,<br>
<br>
I try to replicate the commands and results of this HowTo:<br>
<br>
<a href="http://crashcourse.housegordon.org/LXC-semi-unprivileged-containers.html" rel="noreferrer" target="_blank">http://crashcourse.housegordon.org/LXC-semi-unprivileged-containers.html</a><br>
<br>
I'm on Ubuntu 15.10 (LXC 1.1.4) and want to create a semi unprivileged<br>
container also with Ubuntu 15.10 amd64 (via download).<br></blockquote><div><br></div><div><br></div><div>why would you use a debian howto when your OS is ubuntu, and ubuntu already have a good documentation?</div><div><br></div><div><a href="https://help.ubuntu.com/lts/serverguide/lxc.html">https://help.ubuntu.com/lts/serverguide/lxc.html</a></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
Instead of using 2 users on the host i want to try to assign just a<br>
range of uids/gids.<br>
Starting as root but running mapped to an other user.<br>
<br></blockquote><div><br></div><div>Why?</div><div><br></div><div>You'd still need to start as root if you use a block device (e.g. LVM for container storage). Otherwise just use plain unpriv containers.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
# cat /etc/sub*<br>
lxc-ldap01:100000:65536<br>
lxc-ldap01:100000:65536<br>
<br></blockquote><div><br></div><div>A working /etc/subuid and subguid should already be setup by default for your user when you install ubuntu. Did you try with the default user?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><br>
Is the Howto simply outdated </blockquote><div><br></div><div>most likely.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">/ my LXC-version not fitting or is there a<br>
other problem with my setup?<br>
<br>
</blockquote><div><br></div><div><br></div><div>I don't know. Not without knowing the details of your setup. It could be something as simple as permission problems:</div><div><br></div><div><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap"> lxc-start 1448197242.984 ERROR lxc_cgmanager - cgmanager.c:chown_cgroup:490 - Error requesting cgroup chown in new namespace
lxc-start 1448197242.984 WARN lxc_cgmanager - cgmanager.c:cgm_chown:1419 - Failed to chown lxc/ldap01 to container root
</pre></div><div><br></div><div>This is a working unpriv container on my working system:</div><div><div><br></div><div>$ ls -la .local/share/lxc/trusty/</div><div>total 59</div><div>drwxrwx--- 3 100000000 user 5 Sep 10 10:02 .</div><div>drwxr-xr-x 4 user user 5 Sep 10 09:48 ..</div><div>-rw-rw-r-- 1 user user 666 Sep 10 09:58 config</div><div>drwxr-xr-x 21 100000000 100000000 21 Sep 9 10:53 rootfs</div><div>-rw-rw-r-- 1 user user 0 Sep 10 09:50 trusty.log</div></div><div><br></div><div>"100000000" is the uid of unpriv root. Note the ownership and permisson of the container directory and rootfs there? Does yours look anything like that, or is still owned by root:root?</div><div><br></div><div>I really suggest you simply create an unpriv container as a regular user first, following ubuntu docs, and see if it works. THEN modify to suit your needs.</div><div><br></div><div>-- </div><div>Fajar</div><div><br></div></div></div></div>