[lxc-users] UID > 65535 is not correctly mapped

Stéphane Graber stgraber at ubuntu.com
Thu Jun 15 18:07:02 UTC 2017 

On Thu, Jun 15, 2017 at 08:00:48PM +0200, Matlink wrote:
> Stéphane, I followed your howto, however, it didn't resolved my issue.
> 
> I increased the size of the default map to one million, and did the
> direct user/group mapping part:
> 
>     $ cat /etc/subuid
>     lxd:100000:1000000000
>     root:100000:1000000000
>     lxd:119373:1
>     root:119373:1
> 
> 
>     $ cat /etc/subgid
>     lxd:100000:1000000000
>     root:100000:1000000000
>     lxd:2001:1
>     root:2001:1
> 
>     $ lxc config get test raw.idmap
>     uid 119373 1000
>     gid 2001 1000

The problem you're having is that the uid you're trying to map from the
host (19373) is already part of the main map for the container (100000
through 1000000000).

This is not handled ideally by LXD and we should get an issue filed for
that so that we can either figure out logic to make this possible or at
least fail with a clear error.


In your case, I'd recommend you change the start of the range used by
LXD from 100000 to 1000000 which will then make your host uid (119373)
be properly outside of the container map.


Feel free to file an issue for this at https://github.com/lxc/lxd/issues

> 
> However, in the container:
> 
>     root at test:~# ls -lh /home
>     total 4.0K
>     drwxr-xr-x 54 19373 ubuntu 4.0K Jun 15 17:41 ubuntu
> 
> there is still my truncated UID. And when I only increase the size of
> the default map but don't do the direct user/group mapping part, I had:
> 
>     root at test:~# ls -lh /home
>     total 4.0K
>     drwxr-xr-x 54 19373 nogroup 4.0K Jun 15 17:41 ubuntu
> 
> Something seems wrong over here, right?
> 
> 
> Le 15/06/2017 à 19:13, Matlink a écrit :
> >
> > Stéphane made a post to anwser this :
> >
> > https://stgraber.org/2017/06/15/custom-user-mappings-in-lxd-containers/
> >
> >
> > Le 14/06/2017 à 16:41, Matlink a écrit :
> >>
> >> Hello community,
> >>
> >> I wanted to use GUI apps in my containers, I followed the great howto
> >> here
> >> https://blog.simos.info/how-to-run-graphics-accelerated-gui-apps-in-lxd-containers-on-your-ubuntu-desktop/
> >>
> >> However, on my system, it happens that my uid is greater than 65535:
> >>
> >>     $ id -u $USER
> >>     119373
> >>
> >> When using
> >>
> >>     lxc config set guiapps raw.idmap "uid $UID 1000"
> >>
> >> in the container, the mapped id is 19737, like for .Xauthority :
> >>
> >>     $ ls -la /home/ubuntu/.Xauthority
> >>     -rw------- 1 19373 ubuntu 67 Jun 14 07:46 /home/ubuntu/.Xauthority
> >>
> >> Has anyone ever experienced something similar?
> >> -- 
> >> Matlink - Sysadmin matlink.fr
> >> Sortez couverts, chiffrez vos mails : https://café-vie-privée.fr/
> >> XMPP/Jabber : matlink at matlink.fr
> >> Clé publique PGP : 0x186BB3CA
> >> Empreinte Off-the-record : 572174BF 6983EA74 91417CA7 705ED899 DE9D05B2
> >>
> >>
> >> _______________________________________________
> >> lxc-users mailing list
> >> lxc-users at lists.linuxcontainers.org
> >> http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> > -- 
> > Matlink - Sysadmin matlink.fr
> > Sortez couverts, chiffrez vos mails : https://café-vie-privée.fr/
> > XMPP/Jabber : matlink at matlink.fr
> > Clé publique PGP : 0x186BB3CA
> > Empreinte Off-the-record : 572174BF 6983EA74 91417CA7 705ED899 DE9D05B2
> >
> >
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> 
> -- 
> Matlink - Sysadmin matlink.fr
> Sortez couverts, chiffrez vos mails : https://café-vie-privée.fr/
> XMPP/Jabber : matlink at matlink.fr
> Clé publique PGP : 0x186BB3CA
> Empreinte Off-the-record : 572174BF 6983EA74 91417CA7 705ED899 DE9D05B2
> 




> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170615/3ad278cf/attachment-0001.sig>

More information about the lxc-users mailing list