[lxc-users] LXD: Mapping two different users to the host

Martin Hofbauer m.hofbauer at bacher.at
Tue May 23 23:01:19 UTC 2017


Hi,

I want to map two different users from within one container to two different users on the host,
The UID/GUID of these two users are not in a range.

driver: lxc
driver_version: 2.0.8
kernel: Linux
kernel_architecture: x86_64
kernel_version: 4.4.0-78-generic
server: lxd
server_version: "2.13"
storage: zfs
storage_version: 0.6.5.6-0ubuntu16

following works:

# echo -e "both 201000 1000" | lxc config set pic raw.idmap -
# lxc start pic

# lxc stop pic
# echo -e "both 202001 2001" | lxc config set pic raw.idmap -
# lxc start pic


But following does not work: (use both together)

# echo -e "both 202001 2001\nboth 201000 1000" | lxc config set pic raw.idmap -
# lxc start
error: Failed to run: /usr/bin/lxd forkstart pic /var/lib/lxd/containers /var/log/lxd/pic/lxc.conf:
Try `lxc info --show-log pic` for more info


>From the log/debugs I can see:

            lxc 20170522182043.196 INFO     lxc_confile - confile.c:config_idmap:1537 - read uid map: type u nsid 0 hostid 100000 range 1000
            lxc 20170522182043.197 INFO     lxc_confile - confile.c:config_idmap:1537 - read uid map: type u nsid 1000 hostid 201000 range 1
            lxc 20170522182043.197 INFO     lxc_confile - confile.c:config_idmap:1537 - read uid map: type g nsid 1000 hostid 201000 range 1
            lxc 20170522182043.197 INFO     lxc_confile - confile.c:config_idmap:1537 - read uid map: type u nsid 1001 hostid 101001 range 1000
            lxc 20170522182043.197 INFO     lxc_confile - confile.c:config_idmap:1537 - read uid map: type u nsid 2001 hostid 202001 range 1
            lxc 20170522182043.198 INFO     lxc_confile - confile.c:config_idmap:1537 - read uid map: type g nsid 2001 hostid 202001 range 1
            lxc 20170522182043.198 INFO     lxc_confile - confile.c:config_idmap:1537 - read uid map: type u nsid 2002 hostid 102002 range 63534
            lxc 20170522182043.198 INFO     lxc_confile - confile.c:config_idmap:1537 - read uid map: type g nsid 0 hostid 100000 range 1000
            lxc 20170522182043.198 INFO     lxc_confile - confile.c:config_idmap:1537 - read uid map: type g nsid 1001 hostid 101001 range 1000
            lxc 20170522182043.198 INFO     lxc_confile - confile.c:config_idmap:1537 - read uid map: type g nsid 2002 hostid 102002 range 63534
...

            lxc 20170522182043.537 ERROR    lxc_conf - conf.c:userns_exec_1:4608 - Error setting up child mappings
            lxc 20170522182043.538 ERROR    lxc_cgfsng - cgroups/cgfsng.c:cgfsns_chown:1507 - Error requesting cgroup chown in new namespace



::::::::::::::
/etc/subgid
::::::::::::::
lxd:100000:65536
root:100000:65536
root:201000:1
root:202001:1

::::::::::::::
/etc/subuid
::::::::::::::
lxd:100000:65536
root:100000:65536
root:201000:1
root:202001:1



Should this kind of setup be possible? Any ideas?

thanks
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170523/ca99e6ee/attachment.html>


More information about the lxc-users mailing list