<div dir="ltr">Hi All,<div>I have created non-root user on my Ubuntu (16.04) machine who creates unprivileged LXC containers.</div><div>My user's uid/gid on the host is 1000.<br></div><div>and below are the entries in /etc/subuid & /etc/subgid files</div><div><br></div><div>/etc/subuid:</div><div>lxcuser:100000 65536</div><div><br></div><div>/etc/subgid:</div><div>lxcuser:100000:65536</div><div><br></div><div>My requirement is for each LXC unprivileged container, I should be able to pick a UID/GID range. <br></div><div>For instance, I have created two LXC containers cont1 and cont2</div><div>in cont1 config, I have added the below id mappings</div><div>lxc.id_map = u 0 100000 10</div><div>lxc.id_map = g 0 100000 10</div><div><br></div><div>and in con2 config file, I have added the below id mappings</div><div><div>lxc.id_map = u 0 100020 10</div><div>lxc.id_map = g 0 100020 10</div></div><div><br></div><div>cont1 starts successfullly but cont2 gives the below error while starting the container</div><div><br></div><div><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">lxc-start 20180817035100.984 ERROR
lxc_conf - conf.c:mount_rootfs:798 - Permission denied - Failed to get real
path for "/home/oxpd/.local/share/lxc/uidranges/rootfs".</p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> lxc-start 20180817035100.984
ERROR lxc_conf - conf.c:setup_rootfs:1220 - Failed to mount
rootfs "/home/oxpd/.local/share/lxc/uidranges/rootfs" onto
"/usr/lib/x86_64-linux-gnu/lxc" with options "(null)".</p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> lxc-start 20180817035100.984
ERROR lxc_conf - conf.c:do_rootfs_setup:3899 - failed to
setup rootfs for 'uidranges'</p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> lxc-start 20180817035100.984
ERROR lxc_conf - conf.c:lxc_setup:3981 - Error setting up
rootfs mount after spawn</p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> lxc-start 20180817035100.984
ERROR lxc_start - start.c:do_start:811 - Failed to setup
container "uidranges".</p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> lxc-start 20180817035100.984
ERROR lxc_sync - sync.c:__sync_wait:57 - An error occurred in
another process (expected sequence number 3)</p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> lxc-start 20180817035100.985
ERROR lxc_start - start.c:__lxc_start:1358 - Failed to spawn
container "uidranges".</p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> lxc-start 20180817035106.524
ERROR lxc_start_ui - tools/lxc_start.c:main:366 - The
container failed to start.</p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> lxc-start 20180817035106.525
ERROR lxc_start_ui - tools/lxc_start.c:main:368 - To get more
details, run the container in foreground mode.</p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> lxc-start 20180817035106.525
ERROR lxc_start_ui - tools/lxc_start.c:main:370 - Additional
information can be obtained by setting the --logfile and --logpriority options.</p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> </p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">My understanding is lxcuser who has been assigned with id range of 100000-165536 can assign a distinct subuid/gid ranges for each container spawned by lxcuser.</p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">is my understanding correct ?? I am not finding any reference documents for custom user mappings for LXC unprivileged containers</p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Any help on this is highly appreciated.</p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><br></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><br></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Thanks & Regards,</p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Yasoda</p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><br></p></div><div><br></div><div><br></div></div>