<p dir="ltr">since lxd 2.6 you can use security.idmap.isolated<br>
<a href="https://github.com/lxc/lxd/blob/master/doc/userns-idmap.md#different-idmaps-per-container">https://github.com/lxc/lxd/blob/master/doc/userns-idmap.md#different-idmaps-per-container</a></p>
<br><div class="gmail_quote"><div dir="ltr">On Thu, Jan 26, 2017, 1:04 AM Fajar A. Nugraha <<a href="mailto:list@fajar.net">list@fajar.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg"><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg">On Thu, Jan 26, 2017 at 12:20 PM, Aron Podrigal <span dir="ltr" class="gmail_msg"><<a href="mailto:aronp@guaranteedplus.com" class="gmail_msg" target="_blank">aronp@guaranteedplus.com</a>></span> wrote:<br class="gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><p dir="ltr" class="gmail_msg">you can use lxc.raw for this in lxd ;)</p>
<br class="gmail_msg"></blockquote><div class="gmail_msg"><br class="gmail_msg"></div></div></div></div><div dir="ltr" class="gmail_msg"><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg"><div class="gmail_msg">Have you tested it?</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">On xenial + lxd 2.0.8-0ubuntu1~ubuntu, it doesn't work.</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">At least, not with lots of manual changis (including UID shifting the rootfs manually), which (among others) result in 'volatile.last_state.idmap' doesn't match what the actual rootfs uses.</div></div></div></div><div dir="ltr" class="gmail_msg"><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg"><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">-- </div><div class="gmail_msg">Fajar</div></div></div></div><div dir="ltr" class="gmail_msg"><div class="gmail_extra gmail_msg"><div class="gmail_quote gmail_msg"><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg"> </div><blockquote class="gmail_quote gmail_msg" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="gmail_quote gmail_msg"><div class="gmail_msg"><div class="m_1868991313633360895gmail-h5 gmail_msg"><div dir="ltr" class="gmail_msg">On Wed, Jan 25, 2017, 11:50 PM Fajar A. Nugraha <<a href="mailto:list@fajar.net" class="gmail_msg" target="_blank">list@fajar.net</a>> wrote:<br class="gmail_msg"></div></div></div><blockquote class="gmail_quote gmail_msg" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="gmail_msg"><div class="m_1868991313633360895gmail-h5 gmail_msg"><div dir="ltr" class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><div class="gmail_extra m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><div class="gmail_quote m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">On Wed, Jan 25, 2017 at 10:12 PM, Witold Filipczyk <span dir="ltr" class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><<a href="mailto:gglater62@gmail.com" class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg" target="_blank">gglater62@gmail.com</a>></span> wrote:<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><blockquote class="gmail_quote m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">On Wed, Jan 25, 2017 at 08:36:23AM -0500, brian mullan wrote:<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
> Witold<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
><br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
> There is a tool called "fuidshift" you can use to shift the gid/uid for you.<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
><br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
> <a href="http://manpages.ubuntu.com/manpages/xenial/man1/fuidshift.1.html" rel="noreferrer" class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg" target="_blank">http://manpages.ubuntu.com/manpages/xenial/man1/fuidshift.1.html</a><br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
><br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
> This previous lxc-users mailer thread can also give you some idea of its<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
> use:<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
><br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
> <a href="http://lxc-users.linuxcontainers.narkive.com/atlj58eG/proper-usage-of-fuidshift" rel="noreferrer" class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg" target="_blank">http://lxc-users.linuxcontainers.narkive.com/atlj58eG/proper-usage-of-fuidshift</a><br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
><br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
> fuidshift will be installed along with some other "tools" if you install<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
> the lxd-tools package:<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
><br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
</span>> *sudo apt-get install lxd-tools*<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
Thanks for the reply, but must be some simpler method.<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
In lxc configuration it was:<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
lxc.id_map = u 0 200000 65536<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
lxc.id_map = g 0 200000 65536<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
How to express it in lxd and pylxd?<br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">
<span class="m_1868991313633360895gmail-m_2299702995823867116m_-6898674711099601751im m_1868991313633360895gmail-m_2299702995823867116m_-6898674711099601751HOEnZb m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"></span></blockquote><div class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"></div></div></div></div><div dir="ltr" class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><div class="gmail_extra m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><div class="gmail_quote m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><div class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">Short version: AFAIK that's not possible in lxd. You'd either use privileged container, or unpriv container (with the same mapping for all containers).</div></div></div></div><div dir="ltr" class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><div class="gmail_extra m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><div class="gmail_quote m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><div class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"><br class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg"></div><div class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">-- </div><div class="m_1868991313633360895gmail-m_2299702995823867116gmail_msg gmail_msg">Fajar</div></div></div></div></div></div></blockquote></div></blockquote></div></div></div>
_______________________________________________<br class="gmail_msg">
lxc-users mailing list<br class="gmail_msg">
<a href="mailto:lxc-users@lists.linuxcontainers.org" class="gmail_msg" target="_blank">lxc-users@lists.linuxcontainers.org</a><br class="gmail_msg">
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a></blockquote></div>