[lxc-users] How to mount directories from $HOME into an unprivileged container?
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Aug 17 14:55:47 UTC 2015
Quoting Karma Kolabor (collaborista at gmail.com):
> Hi,
>
> I am trying to mount a directory in a user home into an unprivileged
> container run by a user (not root).
>
> LXC generally works fine here, I just fight with the uid mapping details.
>
> I added a line like this
>
> lxc.mount.entry = /home/user/sites home/ubuntu/sites none bind 0 0
>
> to the file
>
> /home/user/.local/share/lxc/ubuntu-14-dev/config
>
> it seems to work, however all files and directories belong to
> nobody/nogroup - this makes usage a little but complicated.
>
> I then added
>
> lxc.id_map = u 1000 1000 1
> lxc.id_map = g 1000 1000 1
Presumably your existing range was something like 'u 0 100000 65536',
so your container uid 1000 is already mapped to host uid 101000. You
can either map host-uid 1000 to something different, i.e.
lxc.id_map = u 200000 1000 1
lxc.id_map = g 200000 1000 1
or if you want it to be container-uid 1000, then leave a hole in your
existing mapping.
> to /home/user/.local/share/lxc/ubuntu-14-dev/config - but the
> container does not start then, I get this errors:
>
> lxc-start 1439776181.987 ERROR lxc_conf - conf.c:userns_exec_1:4379
> - Error setting up child mappings
> lxc-start 1439776181.987 ERROR lxc_cgmanager -
> cgmanager.c:chown_cgroup:490 - Error requesting cgroup chown in new
> namespace
> lxc-start 1439776182.045 ERROR lxc_start - start.c:lxc_spawn:1034 -
> failed to set up id mapping
> lxc-start 1439776182.084 ERROR lxc_start - start.c:__lxc_start:1172
> - failed to spawn 'ubuntu-14-dev'
> lxc-start 1439776187.090 ERROR lxc_start_ui - lxc_start.c:main:344
> - The container failed to start.
> lxc-start 1439776187.091 ERROR lxc_start_ui - lxc_start.c:main:346
> - To get more details, run the container in foreground mode.
> lxc-start 1439776187.091 ERROR lxc_start_ui - lxc_start.c:main:348
> - Additional information can be obtained by setting the --logfile and
> --logpriority options.
>
> How do I get the mapping right? I tried to figure, but got lost.
> I want the directory to be the same owner/group like on the host.
>
> Security is not of concern, this is a dev and test environment,
> however I would like to have a shared directory.
>
> Thank you very much for your attention,
> have a nice day,
> Karma
More information about the lxc-users
mailing list