[lxc-users] snapshots of unprivileged containers belong to root
Jan Kowalsky
jankow at datenkollektiv.net
Wed Jun 14 13:44:14 UTC 2017
Hi,
I'm new on the list, so hello to all.
While experimenting with unprivileged containers (@stgraber: thanks for
the excellent howtos) I discovered a phenomena I can't explain to me.
Debian Stretch
lxc 2.0.7-2: amd64
btrfs filesystem
I converted an container I bootstrapped as root from a debian stretch
template to a unprivileged container for a user "lxcuser".
cp -a /var/lib/lxc/deb_template /home/lxcuser/.local/share/lxc/
After that I changed the uids of the new rootfs according to the subuids
of lxcuser. After fixing file permissions and configuration everything
works fine.
Now the interesting things:
while clone the new container as the user lxcuser with
lxc-copy -n deb_template -N cont1
everything works as aspacted. The new rootfs of cont1 got the right uids.
But if I do the same as a snapshot
lxc-copy -n deb_template -N cont2 -s
I get the error
newgidmap: write to gid_map failed: Invalid argument
error mapping child
setgid: Invalid argument
sed: couldn't open temporary file
/home/lxcuser/.local/share/lxc/cont3/rootfs/etc/sed6iYKSh: Permission denied
lxc-copy: lxccontainer.c: clone_update_rootfs: 3011 Permission denied -
unable to open /usr/lib/x86_64-linux-gnu/lxc/rootfs/etc/hostname: ignoring
AND: all Files in cont3/rootfs/ belong now root!!
If I do the same with the first copied container (without snapshot)
"cont1" again everything works fine except the following error:
newgidmap: gid range [231072-231073) -> [462144-462145) not allowed
error mapping child
setgid: Invalid argument
Any ideas?
Best Regards
Jan
More information about the lxc-users
mailing list