Search results for query: idmap

  1. J

    Per Container UID-GID remapping

    At the moment I'm just going in for each LXC and setting it manually by lxc.idmap: etc.... then remapping the file system manually. Just curious if there was a option similair to the LXC one somewhere so I didn't need to manually do it.
  2. J

    Per Container UID-GID remapping

    Does Proxmox Support Per container UID-GID remapping ? Under LXC you can set security.idmap.isolated=true so that every LXC container gets its own unique UID/GID on startup (from SUBUID/SUBGID). Does anyone know if proxmox has the same feature somewhere ?
  3. J

    Bind Mount permission problem with Docker LXC

    ...mp0: /mnt/pve/ServerShare,mp=/mnt/smb_share lxc.cgroup2.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net dev/net none bind,create=dir lxc.idmap: u 0 100000 1000 lxc.idmap: g 0 100000 1000 lxc.idmap: u 1000 1000 1 lxc.idmap: g 1000 1000 1 lxc.idmap: u 1001 101000 64535 lxc.idmap: g 1001...
  4. L

    disk passthrought

    ...in CT i have root with UID=0 GID=0 and a user with UID=1000 GID=1000. i want to get access for both. what i should add in the .conf file? lxc.idmap = u 0 100000 1005 lxc.idmap = g 0 100000 1005 is this right? then... where are the files /etc/subuid and /etc/subgid? in CT or PVE? i need to...
  5. H

    command failed with status code 5

    ...nodo1 kernel: netfs: FS-Cache loaded Jul 22 15:39:37 nodo1 kernel: Key type cifs.spnego registered Jul 22 15:39:37 nodo1 kernel: Key type cifs.idmap registered Jul 22 15:39:37 nodo1 kernel: CIFS: Attempting to mount //172.23.176.69/NAS_SYN Jul 22 15:39:37 nodo1 kernel: CIFS: Attempting to...
  6. A

    LXC GID Mapping Support

    ...I believe permissions are all correct per the below: ---HOST--- I made a new group called "adam" with GID 1000 /etc/pve/lxc/147.conf lxc.idmap: g 0 100000 1000 lxc.idmap: g 1000 1000 1 lxc.idmap: u 0 100000 65536 lxc.idmap: g 1001 101001 64535 mp0: /mnt/pve/storage/data,mp=/data...
  7. 5

    LXC Group Mapping

    Hi, I'm having trouble configuring group mapping for zfs mount access in my unprivileged LXC. I have a directory /zpool/media/ on the host which I passed to the container with a mount point at /mnt/media. On the host: The directory is owned by user root (uid=0) and group media (gid=1000)...
  8. P

    id mapping and home dir ownership

    ...onboot: 1 ostype: alpine rootfs: local-lvm:vm-300-disk-0,size=8G swap: 512 unprivileged: 1 lxc.idmap: u 0 100000 1300 lxc.idmap: g 0 100000 1300 lxc.idmap: u 1300 1300 1 lxc.idmap: g 1300 1300 1 lxc.idmap: u 1301 101301 64235 lxc.idmap: g 1301 101301 64235 root@pve:~# cat...
  9. C

    [SOLVED] lxc.idmap multiple groups to a single LXC

    Hi all, Little bit stumped at the moment trying to idmap multiple groups to an unprivileged Debian 12 LXC container on PVE 8.2.4. I'm tryig to get both Intel iGPU passthrough and r/w permissions on a bind mounted directory. Thus, I need access to host gid 104 (the GPU renderD128 group on the...
  10. K

    Introduce new mapping for each unprivileged container

    ...I'm considering making the mapped spaces disjoint between the containers. For example, container 1 would have the following mapping: lxc.idmap = u 0 100000 10000 lxc.idmap = g 0 100000 10000 Container 2 would have: lxc.idmap = u 0 110000 10000 lxc.idmap = g 0 110000 10000 And so on. This...
  11. W

    How to share a docker network between LXC containers

    ...LXC container's configuration file and add the following lines: lxc.mount.entry: /var/run/docker.sock mnt/docker.sock none bind,create=file lxc.idmap: u 0 100000 65536 lxc.idmap: g 0 100000 65536 lxc.idmap: g 0 100000 1000 lxc.idmap: g 1000 1000 1 lxc.idmap: g 65534 165534 1 And after these...
  12. T

    Container Docker GPU Shared Access

    ...Subgid: root:104:1 root:44:1 root:5:1 LXC Conf: arch: amd64 features: nesting=1 memory: 4096 ostype: debian ... unprivileged: 1 lxc.idmap: g 0 100000 5 lxc.idmap: g 5 5 1 lxc.idmap: g 6 100006 38 lxc.idmap: g 44 44 1 lxc.idmap: g 45 100045 61 lxc.idmap: g 106 104 1 lxc.idmap: g 107 100107...
  13. P

    CT container can't access network

    .../dev/dri dev/dri none bind,optional,create=dir lxc.mount.entry: /dev/dri/renderD128 dev/renderD128 none bind,optional,create=file lxc.idmap: u 0 100000 44 lxc.idmap: g 0 100000 44 lxc.idmap: u 44 44 1 lxc.idmap: g 44 44 1 lxc.idmap: u 45 100045 60 lxc.idmap: g 45 100045 60 lxc.idmap: u 105...
  14. L

    User/Group (nonroot) Mapping For Multiple LXC

    ...point: # uid map: from uid 0 map 1005 uids (in the ct) to the range starting 100000 (on the host), so 0..1004 (ct) → 100000..101004 (host) lxc.idmap = u 0 100000 1005 lxc.idmap = g 0 100000 1005 # we map 1 uid starting from uid 1005 onto 1005, so 1005 → 1005 lxc.idmap = u 1005 1005 1...
  15. G

    Understanding LXC UID Mappings

    ...pct set 123 -mp0 /data/vg_media/video,mp=/data # Add to /etc/subuid and /etc/subgid root:5123:1 # Add to /etc/pve/nodes/pve/lxc/123.conf lxc.idmap: u 0 100000 5000 lxc.idmap: u 5000 5123 1 lxc.idmap: u 5001 105001 60535 lxc.idmap: g 0 100000 5000 lxc.idmap: g 5000 5123 1 lxc.idmap: g 5001...
  16. H

    Permission denied for user with extra group that should have access to bind mount in unpriviledged LXCs

    ...ostype: nixos protection: 1 rootfs: local-zfs:subvol-204-disk-0,size=8G swap: 0 tags: unpriviledged unprivileged: 1 lxc.idmap: u 0 100000 1000 lxc.idmap: g 0 100000 1000 lxc.idmap: u 1000 1000 1 lxc.idmap: g 1000 1000 1 lxc.idmap: u 1001 101000 64535 lxc.idmap: g 1001 101000 64535...
  17. E

    Using large range of UIDs/GIDs above 65535 in unprivileged LXC (crashing)

    .../dev/nvidia-uvm-tools dev/nvidia-uvm-tools none bind,optional,create=file lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir lxc.idmap: u 0 100000 1000000 lxc.idmap: g 0 100000 1000000 Container 173 /etc/subuid and /etc/subgid: # cat /etc/subuid...
  18. A

    PBS cifs smb share not mounting on cold boot

    ...journalctl -xe | grep cifs Jun 17 10:29:49 nasko1 kernel: Key type cifs.spnego registered Jun 17 10:29:49 nasko1 kernel: Key type cifs.idmap registered Jun 17 10:29:56 nasko1 kernel: CIFS: VFS: cifs_mount failed w/return code = -113 journalctl -xe Jun 17 10:32:51 nasko1...
  19. D

    QuickSync in unprivilegiertem LXC

    ...der LXC video Gruppe den gleichen Zugriff haben wie die User in der Host video Gruppe dann musst du GruppenID 27 auf GruppenID 44 mappen: lxc.idmap: g 27 44 1 Lies: "Gruppe 27 (im LXC) soll auf Gruppe 44 (auf dem Host) gemappt werden.". Die letzte Zahl besagt, dass genau eine Gruppe gemappt...
  20. R

    Yet another LXC UID/GID mapping thread

    ...I am still confused. I created an unprivileged LXC container for a samba share of a local zfs dataset. I didn't add any UID maps, "lxc.idmap..." to the lxc .conf. I didn't make any changes to /etc/subuid or /etc/subgid. I created a user on the host with the UID 101000 and a group with...