[lxc-users] LXD: Mapping two different users to the host
Martin Hofbauer
m.hofbauer at bacher.at
Tue May 23 23:01:19 UTC 2017
Hi,
I want to map two different users from within one container to two different users on the host,
The UID/GUID of these two users are not in a range.
driver: lxc
driver_version: 2.0.8
kernel: Linux
kernel_architecture: x86_64
kernel_version: 4.4.0-78-generic
server: lxd
server_version: "2.13"
storage: zfs
storage_version: 0.6.5.6-0ubuntu16
following works:
# echo -e "both 201000 1000" | lxc config set pic raw.idmap -
# lxc start pic
# lxc stop pic
# echo -e "both 202001 2001" | lxc config set pic raw.idmap -
# lxc start pic
But following does not work: (use both together)
# echo -e "both 202001 2001\nboth 201000 1000" | lxc config set pic raw.idmap -
# lxc start
error: Failed to run: /usr/bin/lxd forkstart pic /var/lib/lxd/containers /var/log/lxd/pic/lxc.conf:
Try `lxc info --show-log pic` for more info
>From the log/debugs I can see:
lxc 20170522182043.196 INFO lxc_confile - confile.c:config_idmap:1537 - read uid map: type u nsid 0 hostid 100000 range 1000
lxc 20170522182043.197 INFO lxc_confile - confile.c:config_idmap:1537 - read uid map: type u nsid 1000 hostid 201000 range 1
lxc 20170522182043.197 INFO lxc_confile - confile.c:config_idmap:1537 - read uid map: type g nsid 1000 hostid 201000 range 1
lxc 20170522182043.197 INFO lxc_confile - confile.c:config_idmap:1537 - read uid map: type u nsid 1001 hostid 101001 range 1000
lxc 20170522182043.197 INFO lxc_confile - confile.c:config_idmap:1537 - read uid map: type u nsid 2001 hostid 202001 range 1
lxc 20170522182043.198 INFO lxc_confile - confile.c:config_idmap:1537 - read uid map: type g nsid 2001 hostid 202001 range 1
lxc 20170522182043.198 INFO lxc_confile - confile.c:config_idmap:1537 - read uid map: type u nsid 2002 hostid 102002 range 63534
lxc 20170522182043.198 INFO lxc_confile - confile.c:config_idmap:1537 - read uid map: type g nsid 0 hostid 100000 range 1000
lxc 20170522182043.198 INFO lxc_confile - confile.c:config_idmap:1537 - read uid map: type g nsid 1001 hostid 101001 range 1000
lxc 20170522182043.198 INFO lxc_confile - confile.c:config_idmap:1537 - read uid map: type g nsid 2002 hostid 102002 range 63534
...
lxc 20170522182043.537 ERROR lxc_conf - conf.c:userns_exec_1:4608 - Error setting up child mappings
lxc 20170522182043.538 ERROR lxc_cgfsng - cgroups/cgfsng.c:cgfsns_chown:1507 - Error requesting cgroup chown in new namespace
::::::::::::::
/etc/subgid
::::::::::::::
lxd:100000:65536
root:100000:65536
root:201000:1
root:202001:1
::::::::::::::
/etc/subuid
::::::::::::::
lxd:100000:65536
root:100000:65536
root:201000:1
root:202001:1
Should this kind of setup be possible? Any ideas?
thanks
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170523/ca99e6ee/attachment.html>
More information about the lxc-users
mailing list