[lxc-users] Can I, or should I, "lxc.id_map = u 250 250 1"?

Fajar A. Nugraha list at fajar.net
Wed Jul 13 10:41:25 UTC 2016


On Wed, Jul 13, 2016 at 5:34 PM, Fog_Watch <db5 at exemail.com.au> wrote:
> On Wed, 13 Jul 2016 12:36:07 +0700
> "Fajar A. Nugraha" <list at fajar.net> wrote:
>
>>
>> I don't think you can use overlapping id_map. Example on
>> https://www.stgraber.org/2014/02/09/lxc-1-0-gui-in-containers/
>>
>
> Fajar, how is the following an overlapping id_map:
> lxc.id_map = u 250 250 1
> lxc.id_map = g 250 250 1
> lxc.id_map = u 0 100000 1000
> lxc.id_map = g 0 100000 1000
> ?

Did you read the link? Relevant part pasted here (shift uid/gids,
EXCEPT for uid 1000)

lxc.id_map = u 0 100000 1000
lxc.id_map = g 0 100000 1000
lxc.id_map = u 1000 1000 1
lxc.id_map = g 1000 1000 1
lxc.id_map = u 1001 101001 64535
lxc.id_map = g 1001 101001 64535


what you did was "map uid 250 as is", but then also "map uid 0-999
(which obviously include 250) to 1000000-1000999"

-- 
Fajar


More information about the lxc-users mailing list