LXC chown rootfs permissions

[johnnybgoode]

Hi, I;ve been trying but am at a loss...
I'm trying to have root of an lxc map to 1001

Creation LXC: (Unpriv)
Rootfs = 100000


lxc.conf

lxc.idmap: u 0 1001 1
lxc.idmap: g 0 1001 1
lxc.idmap: u 1 100001 65534
lxc.idmap: g 1 100001 65534

LXC - Root = 0 Map To: Host - User 1001

Files now show correctly but i cannot login as root, i came across this thread/post:
https://forum.proxmox.com/threads/u...ot-login-as-root-root-lost-permissions.76566/

I then:

pct mount 109

chown -R 1001:1001 /var/lib/lxc/109/rootfs

Succesfully logged in!

Now when i run apt upgrade o get this:

/usr/bin/mandb: can't chmod /var/cache/man/CACHEDIR.TAG: Operation not permitted
/usr/bin/mandb: fopen /var/cache/man/zh_CN/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/de/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/pt_BR/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/sv/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/pl/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/nl/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/fi/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/da/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/ro/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/ko/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/sr/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/pt/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/hu/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/tr/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/ru/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/id/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/cs/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/it/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/ja/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/sl/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/es/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/fr/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/zh_TW/2840: Permission denied
/usr/bin/mandb: fopen /var/cache/man/uk/2840: Permission denied

I'm assuming its due to the host needing some permissions aswell?
am i missing something? or is there a way to create an LXC with the default id of 1001 instead of 100000?

The Idea is actually for docker to run as root in the LXC and as User on Host ..

 

[oguz]

hi,

LXC - Root = 0 Map To: Host - User 1001

you should try like the following (inside the /etc/pve/lxc/CTID.conf for your container):

lxc.idmap: u 0 100000 1001
lxc.idmap: g 0 100000 1001
lxc.idmap: u 1001 1001 1
lxc.idmap: g 1001 1001 1
lxc.idmap: u 1002 101002 64534
lxc.idmap: g 1002 101002 64534

and make sure your /etc/subuid and /etc/subgid files have:

root:1001:1

inside them.

The Idea is actually for docker to run as root in the LXC and as User on Host ..

though that's actually not a recommended setup to run docker inside LXC, you should rather use a VM to run your docker containers.
running docker on the host is also not recommended as it will create new bridges and manage network which can mess with your PVE installation