<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 05/30/2016 11:51 PM, Fajar A.
Nugraha wrote:<br>
</div>
<blockquote
cite="mid:CAG1y0sdkGe3i+suqGK8UmxQRvGc_cMN2sxxOMwvwoF6Fi+ni5A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On Tue, May 31, 2016 at 8:31 AM, Mike
Bernson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mike@mlb.org" target="_blank">mike@mlb.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">I
have create a 16.04 container on 16.04 as unprivileged
container and it works.<br>
<br>
I then tried to create 14.04 container on 16.04 as
unprivileged container and it does not get<br>
to the login prompt.<br>
<br>
If create 14.04 container privileged and start it that
works.<br>
<br>
</blockquote>
<div><br>
</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">I
have done everything as root.<br>
<br>
</blockquote>
<div><br>
</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">root@mike-desktop:/var/lib/lxc/lxc-1404#
cat /etc/subuid<br>
mike:100000:65536<br>
root:2000000:2000001<br>
root@mike-desktop:/var/lib/lxc/lxc-1404# cat /etc/subgid<br>
mike:100000:65536<br>
root:2000000:2000001<br>
<br>
<br>
lxc-create -n lxc-1404 -t download -- -d ubuntu -r trusty
-a amd64<br>
lxc-start -n lxc-1404<br>
lxc-attach -n lxc-1404<br>
<br>
</blockquote>
<div><br>
</div>
<div>Do you do this as root too?</div>
</div>
</div>
</div>
</blockquote>
yes<br>
<blockquote
cite="mid:CAG1y0sdkGe3i+suqGK8UmxQRvGc_cMN2sxxOMwvwoF6Fi+ni5A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div>Since you say "unprivileged", either:</div>
<div>- you run it as user (not root), or</div>
</div>
</div>
</div>
</blockquote>
I did everything as root.<br>
<blockquote
cite="mid:CAG1y0sdkGe3i+suqGK8UmxQRvGc_cMN2sxxOMwvwoF6Fi+ni5A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div>- you customize it (e.g. shift uids manually)</div>
</div>
</div>
</div>
</blockquote>
I add lxc.id_map into the /etc/lxc/defaut.conf before making the
container<br>
and it create rootfs shifted. <br>
<blockquote
cite="mid:CAG1y0sdkGe3i+suqGK8UmxQRvGc_cMN2sxxOMwvwoF6Fi+ni5A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div><br>
</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">config
file:<br>
<br>
</blockquote>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">#
Container specific configuration<br>
lxc.id_map = u 0 3100000 65536<br>
lxc.id_map = g 0 3100000 65536<br>
</blockquote>
<div><br>
</div>
<div>That is different from the lines in your /etc/sub[ug]id</div>
<div><br>
</div>
<div>It CAN work (since you have such large uid range
allocated to root), but you need to make sure your rootfs
use the same uids.</div>
<div> </div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">root@lxc-1404:/#
ps -ax<br>
PID TTY STAT TIME COMMAND<br>
1 ? Ss 0:00 /sbin/init<br>
38 ? S 0:00 @sbin/plymouthd --mode=boot
--attach-to-session<br>
45 ? Ss 0:00 plymouth-upstart-bridge<br>
49 ? S 0:00 mountall --daemon<br>
628 ? S 0:00 upstart-socket-bridge --daemon<br>
1493 pts/6 Ss 0:00 /bin/bash<br>
1504 pts/6 R+ 0:00 ps -ax<br>
<br>
</blockquote>
<div><br>
</div>
<div><br>
</div>
<div>IIRC similar thing occured to me a while ago. Wrong
uids in rootfs. Try</div>
<div>- ls -la /var/lib/lxc/lxc-1404/rootfs (on the host)</div>
</div>
</div>
</div>
</blockquote>
root@mike-desktop:/var/lib/lxc/lxc-1404# ls -la
/var/lib/lxc/lxc-1404/rootfs<br>
total 155<br>
drwxr-xr-x 21 3100000 3100000 21 May 29 23:55 .<br>
drwxrwx--- 3 3100000 3100000 4 May 30 21:14 ..<br>
drwxr-xr-x 2 3100000 3100000 120 May 29 23:56 bin<br>
drwxr-xr-x 2 3100000 3100000 2 Apr 10 2014 boot<br>
drwxr-xr-x 3 3100000 3100000 10 May 29 23:54 dev<br>
drwxr-xr-x 63 3100000 3100000 128 May 31 10:53 etc<br>
drwxr-xr-x 3 3100000 3100000 3 May 29 23:56 home<br>
drwxr-xr-x 12 3100000 3100000 13 May 29 23:56 lib<br>
drwxr-xr-x 2 3100000 3100000 3 May 29 23:55 lib64<br>
drwxr-xr-x 2 3100000 3100000 2 May 29 23:54 media<br>
drwxr-xr-x 2 3100000 3100000 2 Apr 10 2014 mnt<br>
drwxr-xr-x 2 3100000 3100000 2 May 29 23:54 opt<br>
drwxr-xr-x 2 3100000 3100000 2 Apr 10 2014 proc<br>
drwx------ 2 3100000 3100000 5 May 30 21:20 root<br>
drwxr-xr-x 8 3100000 3100000 11 May 30 21:15 run<br>
drwxr-xr-x 2 3100000 3100000 127 May 29 23:56 sbin<br>
drwxr-xr-x 2 3100000 3100000 2 May 29 23:54 srv<br>
drwxr-xr-x 2 3100000 3100000 2 Mar 12 2014 sys<br>
drwxrwxrwt 2 3100000 3100000 2 May 29 23:56 tmp<br>
drwxr-xr-x 10 3100000 3100000 10 May 29 23:54 usr<br>
drwxr-xr-x 11 3100000 3100000 13 May 29 23:54 var<br>
<br>
<blockquote
cite="mid:CAG1y0sdkGe3i+suqGK8UmxQRvGc_cMN2sxxOMwvwoF6Fi+ni5A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div>- ls -la / (inside the container)<br>
</div>
</div>
</div>
</div>
</blockquote>
root@lxc-1404:/# ls -la /<br>
total 137<br>
drwxr-xr-x 21 root root 21 May 30 03:55 .<br>
drwxr-xr-x 21 root root 21 May 30 03:55 ..<br>
drwxr-xr-x 2 root root 120 May 30 03:56 bin<br>
drwxr-xr-x 2 root root 2 Apr 10 2014 boot<br>
drwxr-xr-x 6 root root 500 May 31 14:57 dev<br>
drwxr-xr-x 63 root root 128 May 31 14:57 etc<br>
drwxr-xr-x 3 root root 3 May 30 03:56 home<br>
drwxr-xr-x 12 root root 13 May 30 03:56 lib<br>
drwxr-xr-x 2 root root 3 May 30 03:55 lib64<br>
drwxr-xr-x 2 root root 2 May 30 03:54 media<br>
drwxr-xr-x 2 root root 2 Apr 10 2014 mnt<br>
drwxr-xr-x 2 root root 2 May 30 03:54 opt<br>
dr-xr-xr-x 1038 nobody nogroup 0 May 31 14:57 proc<br>
drwx------ 2 root root 5 May 31 01:20 root<br>
drwxr-xr-x 8 root root 240 May 31 14:57 run<br>
drwxr-xr-x 2 root root 127 May 30 03:56 sbin<br>
drwxr-xr-x 2 root root 2 May 30 03:54 srv<br>
dr-xr-xr-x 13 nobody nogroup 0 May 30 01:33 sys<br>
drwxrwxrwt 2 root root 2 May 30 03:56 tmp<br>
drwxr-xr-x 10 root root 10 May 30 03:54 usr<br>
drwxr-xr-x 11 root root 13 May 30 03:54 var<br>
<br>
<blockquote
cite="mid:CAG1y0sdkGe3i+suqGK8UmxQRvGc_cMN2sxxOMwvwoF6Fi+ni5A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div><br>
</div>
<div>If you need to shift uids manually, use fuidshift from
lxd-tools package</div>
<div><br>
</div>
<div>-- </div>
<div>Fajar<br>
</div>
</div>
</div>
</div>
</blockquote>
<blockquote
cite="mid:CAG1y0sdkGe3i+suqGK8UmxQRvGc_cMN2sxxOMwvwoF6Fi+ni5A@mail.gmail.com"
type="cite">
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
lxc-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>
<a class="moz-txt-link-freetext" href="http://lists.linuxcontainers.org/listinfo/lxc-users">http://lists.linuxcontainers.org/listinfo/lxc-users</a></pre>
</blockquote>
<br>
</body>
</html>