Help needed with UID remapping for bind mounts

Europa2010AD

New Member
Jul 18, 2023
3
1
3
After remapping UID, my container errors out during reboot. I got the following error message:
Code:
lxc_map_ids: 3701 newuidmap failed to write mapping "newuidmap: uid range [0-3002) -> [100000-103002) not allowed": newuidmap 1395810 0 100000 3002 3002 3002 1 3003 103003 62533
lxc_spawn: 1788 Failed to set up id mapping.
__lxc_start: 2107 Failed to spawn container "101"
TASK ERROR: startup for container '101' failed

So my set up looks like this:
- Baremetal TrueNAS Scale with a dataset "Media" shared over SMB.
- Proxmox 8.0.3 on a separate Dell Optiplex 7040
- Ubuntu container (unpriviledged) running inside Proxmox

The "Media" SMB share is mounted to Proxmox host /mnt/Media via fstab, through a user account with an UID 3002. This part works completely fine, I'm able to read and write to /mnt/Media with the correct permissions I gave it.

After successfully bind mounting /mnt/Media on the Proxmox host to /mnt/Ubuntu/Media on the Ubuntu CT, from within the CT I didn't have the correct write permissions. I understand it's an issue with unprivileged CT and its UID mapping.

So I tried to follow the UID remapping instructions from the official documentations (can't say I understand it completely), and tried to adapt the settings to my configuration. Since my Proxmox host is accessing the SMB share with UID 3002, I'm assuming this is the UID I need to make accessible in the unpriviledged Ubuntu CT.

So for my Ubuntu CT (with container ID 101), I changed the mapping in /etc/pve/lxc/101.conf as below:
Code:
# uid map: from uid 0 map 3002 uids (in the ct) to the range starting 100000 (on the host), so 0..3001 (ct) → 100000..103001 (host)
lxc.idmap: u 0 100000 3002
lxc.idmap: g 0 100000 3002
# we map 1 uid starting from uid 3002 onto 3002, so 3002 → 3002
lxc.idmap: u 3002 3002 1
lxc.idmap: g 3002 3002 1
# we map the rest of 65535 from 3003 upto 103003, so 3003..65535 → 103003..162533
lxc.idmap: u 3003 103003 62533
lxc.idmap: g 3003 103003 62533

Then updated /etc/subuid and /etc/subgid with root:3002:1.

Lastly, changed the bind mount point directory on Proxmox host with chown -R 3002:3002 /mnt/Media

Tried to reboot at this point, and the container would error out. What am I doing wrong?
 
Last edited:
Hi, the error "newuidmap: uid range [0-3002) -> [100000-103002) not allowed" means that according to /etc/subuid on the PVE host, root is not allowed to map to uids 100000 to 103001 (inclusive). Is it possible that you removed the preexisting line root:100000:65536 from /etc/subuid? If yes, try adding it back. If you then get an error "newgidmap: gid range ... not allowed", you need to do the same thing with /etc/subgid.

If this doesn't fix it, please post /etc/subuid and /etc/subgid on the PVE host.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!