[lxc-users] Can I, or should I, "lxc.id_map = u 250 250 1"?

Fog_Watch db5 at exemail.com.au
Wed Jul 13 10:34:55 UTC 2016 

On Wed, 13 Jul 2016 12:36:07 +0700
"Fajar A. Nugraha" <list at fajar.net> wrote:

> 
> I don't think you can use overlapping id_map. Example on
> https://www.stgraber.org/2014/02/09/lxc-1-0-gui-in-containers/
> 

Fajar, how is the following an overlapping id_map:
lxc.id_map = u 250 250 1
lxc.id_map = g 250 250 1
lxc.id_map = u 0 100000 1000
lxc.id_map = g 0 100000 1000
?



On Wed, 13 Jul 2016 07:58:21 +0200
Guido J__kel <G.Jaekel at DNB.DE> wrote:
> 
> But don't think that Gentoo need to have the user/group of the
> portage tree to be "portage:portage" for the purpose to run a ebuild.
> This will be a requirement for portage sync operations, of corse. But
> this ones, you probably want to run on the host, i think. Maybe you
> should even bind-mount it read-only to your containers. 
> 

Guido, if I use the following:
lxc.id_map = u 1000 250 1
lxc.id_map = g 1000 250 1
lxc.id_map = u 0 100000 1000
lxc.id_map = g 0 100000 1000
Container uid=1000 can create files in distfiles that end up as
uid=portage files in the tree, but uid=1000 can't run emerge.  Or, a
container root emerge terminates with the following chown yuck:

 * tail -f /var/log/emerge-fetch.log
bash: /usr/portage/distfiles/.__portage_test_write__: Permission denied
[Errno 1] Operation not permitted:
   b'/usr/portage/distfiles/.Net-Daemon-0.48.tar.gz.portage_lockfile':
   chown('/usr/portage/distfiles/.Net-Daemon-0.48.tar.gz.portage_lockfile',
   -1, 250) Cannot chown a lockfile:
   '/usr/portage/distfiles/.Net-Daemon-0.48.tar.gz.portage_lockfile'
   Group IDs of current user: 1000 0 1 2 3 4 6 10 11 26 27
>>> Downloading
>>>    'http://distfiles.gentoo.org/distfiles/Net-Daemon-0.48.tar.gz'
/usr/portage/distfiles/Net-Daemon-0.48.tar.gz: Permission denied
>>> Downloading
>>>    'http://search.cpan.org/CPAN/authors/id/M/MN/MNOONING/Net-Daemon-0.48.tar.gz'
/usr/portage/distfiles/Net-Daemon-0.48.tar.gz: Permission denied
>>> Downloading
>>>    'http://www.cpan.org/authors/id/M/MN/MNOONING/Net-Daemon-0.48.tar.gz'
/usr/portage/distfiles/Net-Daemon-0.48.tar.gz: Permission denied
>>> Downloading
>>>    'http://cpan.metacpan.org/authors/id/M/MN/MNOONING/Net-Daemon-0.48.tar.gz'
/usr/portage/distfiles/Net-Daemon-0.48.tar.gz: Permission denied
!!! Couldn't download 'Net-Daemon-0.48.tar.gz'. Aborting.
 * Fetch failed for 'dev-perl/Net-Daemon-0.480.0-r1', Log file:
 *  '/var/tmp/portage/dev-perl/Net-Daemon-0.480.0-r1/temp/build.log'

More information about the lxc-users mailing list