[lxc-users] Attempt to define unprivileged LXC by libvirt

Serge E. Hallyn serge at hallyn.com
Sun Mar 25 14:27:15 UTC 2018 

Quoting Christian Brauner (christian.brauner at mailbox.org):
> On Fri, Mar 23, 2018 at 11:49:08AM +0100, ales drtik wrote:
> > Hi,
> > i converted LXC conf to xml by:
> > 
> > lxcuser at blade1:~/.local/share/lxc/test_deb$  virsh -c lxc:/// domxml-from-native lxc-tools /home/lxcuser/.local/share/lxc/test_deb/config
> > 
> > <domain type='lxc'>
> >   <name>test_deb</name>
> >   <uuid>cce77799-89fd-41fd-99c1-101e00844e23</uuid>
> >   <memory unit='KiB'>65536</memory>
> >   <currentMemory unit='KiB'>65536</currentMemory>
> >   <vcpu placement='static'>1</vcpu>
> >   <os>
> >     <type arch='x86_64'>exe</type>
> >     <init>/sbin/init</init>
> >   </os>
> >   <idmap>
> >     <uid start='1258512' target='0' count='65536'/>
> >     <gid start='1258512' target='0' count='65536'/>
> >   </idmap>
> >   <features>
> >     <capabilities policy='allow'>
> >     </capabilities>
> >   </features>
> >   <clock offset='utc'/>
> >   <on_poweroff>destroy</on_poweroff>
> >   <on_reboot>restart</on_reboot>
> >   <on_crash>destroy</on_crash>
> >   <devices>
> >     <emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
> >     <filesystem type='mount' accessmode='passthrough'>
> >       <source dir='/home/lxcuser/.local/share/lxc/test_deb/rootfs'/>
> >       <target dir='/'/>
> >     </filesystem>
> >     <interface type='bridge'>
> >       <mac address='00:16:3e:ab:21:1b'/>
> >       <source bridge='br0'/>
> >       <link state='up'/>
> >     </interface>
> >   </devices>
> > </domain>
> > 
> > Now attempt to define by virsh gives this err:
> > 
> > lxcuser at blade1:~/.local/share/lxc/test_deb$ virsh -c lxc:/// define tmp/test_deb.xml
> > error: Failed to define domain from /tmp/test_deb.xml
> > error: unsupported configuration: You must map the root user of container
> > 
> > Debian stretch.
> > Where am I wrong ?
> 
> Sorry, libvirt-lxc is a totally different project than ours. I have no
> idea what the mapping between the two would look like. Serge, Stéphane,
> ideas?

It looks like the uid mappings got inverted.  Going by online examples,
you want start=0 and target=1258512.

More information about the lxc-users mailing list