[lxc-users] uid range not allowed
Christoph Willing
chris.willing at iinet.net.au
Thu Jul 28 11:17:18 UTC 2016
Sorry for the duplicate - I had earlier posted to the list from the
wrong email identity and presumed it would be rejected as coming from a
non-subscriber but looks like it has just been waved through now.
The immediate problem was solved - I needed to add an additional
"chris:1000:1" to /etc/sub{u,g}id
chris
On 23/07/16 17:08, Chris Willing wrote:
> I'm following the guide to run X apps in a container at:
> https://www.stgraber.org/2014/02/09/lxc-1-0-gui-in-containers/
>
> As a starting point, I have a normal unprivileged container running
> perfectly. However when I change the id_map configuration to look like:
> lxc.id_map = u 0 100000 1000
> lxc.id_map = g 0 100000 1000
> lxc.id_map = u 1000 1000 1
> lxc.id_map = g 1000 1000 1
> lxc.id_map = u 1001 101001 64535
> lxc.id_map = g 1001 101001 64535
>
> the container fails to start, claiming:
>
> chris at d6:~/.local/share/lxc$ lxc-start -n x11-test-x86_64 -F
> newuidmap: uid range [1000-1001) -> [1000-1001) not allowed
> lxc-start: start.c: lxc_spawn: 1161 failed to set up id mapping
> ...
> ...
>
> Sure enough, if I comment out the lines:
> lxc.id_map = u 1000 1000 1
> lxc.id_map = g 1000 1000 1
>
> the container runs again - but it's that particular mapping that is
> needed in this case.
>
> I set up a log file to priority DEBUG but no extra clues there - it just
> says the same thing.
>
> I'm using:
> lxc-2.0.1
> cgmanager-0.39
> with container config file attached.
>
> Can anyone shed light on this problem please?
>
> chris
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
More information about the lxc-users
mailing list