Specific UIDs on Unprivileged CT crashes at start

G

Giovanni

Renowned Member
Apr 1, 2009
113
12
83
Hi,

I'm following the instructions on mapping UID and GID from my proxmox host into an unprivileged container (here), I followed all the steps but I am not sure if the instructions are outdated for Debian Stretch and PVE 5.0?

On PVE host:
# useradd -u 3200 -g gmedia -M gmedia
# groupadd -g 3200 gmedia
Code: 
root@pve:~# cat /etc/subuid | grep gmedia
gmedia:3200:1
root@pve:~# cat /etc/subgid | grep gmedia
gmedia:3200:1

CT config
/etc/pve/lxc/106.conf
Code: 
root@pve:~# pct config 106
arch: amd64
cores: 6
hostname: torrent
memory: 1024
mp0: /gdata/xenu/torrentfiles,mp=/mnt/torrentfiles
mp1: /gdata/xenu/downloads,mp=/mnt/downloads
net0: name=eth0,bridge=vmbr2,hwaddr=02:05:e7:00:09:0b,ip=dhcp,type=veth
ostype: debian
rootfs: gdata-zfs:subvol-106-disk-1,size=8G
swap: 512
unprivileged: 1
lxc.id_map: u 3200 3200 1
lxc.id_map: g 3200 3200 1

error:
Code: 
root@pve:~# lxc-start -F -n 106
lxc-start: conf.c: chown_mapped_root: 3623 No mapping for container root
                                                                        lxc-start: conf.c: ttys_shift_ids: 3758 Failed to chown /dev/pts/8
 lxc-start: start.c: lxc_init: 471 Failed to shift tty into container.
                                                                      lxc-start: start.c: __lxc_start: 1329 Failed to initialize container "106".
        lxc-start: tools/lxc_start.c: main: 366 The container failed to start.
                                                                              lxc-start: tools/lxc_start.c: main: 370 Additional information can be obtained by setting the --logfile and --logpriority options.
                                                                       root@pve:~#

My goal: I am mapping /mypool/zfs/folder into an unprivileged container and I am hoping to use the same group/user IDs from the pve-host, so that folder write/access to the shares remain consistent among this container (106) as well as other CTs I am going to create with the same settings/mapping (so all containers that interact with the mount point use the same group/user and permissions)
 
Last edited:
Try changing the uid mapping in /etc/pve/lxc/106.conf to:
Code: 
# uid map: from uid 0 map 3200 uids (in the ct) to the range starting 100000 (on the host), so 0..3200 (ct) → 100000..103199 (host)
lxc.id_map = u 0 100000 3200
lxc.id_map = g 0 100000 3200

# we map 1 uid starting from uid 3200 onto 3200, so 3200 → 3200
lxc.id_map = u 3200 3200 1
lxc.id_map = g 3200 3200 1

# we map the rest of 65535 from 3201 up to 103201, so 3201..65535 → 103201..165535
lxc.id_map = u 3201 103201 62335
lxc.id_map = g 3201 103201 62335

Add this line to /etc/subuid:
Code: 
root:3200:1

Add this line to /etc/subgid:
Code: 
root:3200:1
 
You must log in or register to reply here.
Top Bottom