LXC idmap bug

alegasalv · 2024-10-20T21:08:18+0200

After applying the following configuration to an Alpine LXC, mapping uid & gid from 0(root) CT to 1070(nextcloud) host. All files ownerships are shifted 1 place!
What's going on here?

Code:

lxc.idmap: u 0 1070 1
lxc.idmap: u 1 100000 65535
lxc.idmap: g 0 1070 1
lxc.idmap: g 1 100000 65535

Code:

alpine-nextcloud:~# getent passwd
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin

Before

Bash:

alpine-nextcloud:~# ls -las /
total 184
     8 drwxr-xr-x   19 root     root            20 Oct 20 18:59 .
     8 drwxr-xr-x   19 root     root            20 Oct 20 18:59 ..
    32 drwxr-xr-x    2 root     root            88 Oct 20 18:16 bin
     0 drwxr-xr-x    6 root     root           460 Oct 20 18:59 dev
    32 drwxr-xr-x   39 root     root            81 Oct 20 18:59 etc
     0 -rw-r--r--    1 root     root             0 Oct 20 18:59 fastboot
     0 drwxr-xr-x    2 root     root             2 Jan 26  2024 home
    32 drwxr-xr-x    9 root     root            48 Oct 20 18:16 lib
     0 drwxr-xr-x    5 root     root             5 Jan 26  2024 media
     0 drwxr-xr-x    3 root     root             3 Oct 20 18:30 mnt
     0 drwxr-xr-x    2 root     root             2 Jan 26  2024 opt
     0 dr-xr-xr-x  634 nobody   nobody           0 Oct 20 18:59 proc
     0 drwx------    2 root     root             5 Oct 20 18:17 root
     0 drwxr-xr-x    8 root     root           340 Oct 20 18:59 run
    32 drwxr-xr-x    2 root     root           114 Oct 20 18:16 sbin
     0 drwxr-xr-x    2 root     root             2 Jan 26  2024 srv
     0 dr-xr-xr-x   13 nobody   nobody           0 Oct 20 18:59 sys
     0 drwxrwxrwt    4 root     root             4 Oct 20 18:59 tmp
     8 drwxr-xr-x    9 root     root             9 Oct 20 18:16 usr
    24 drwxr-xr-x   12 root     root            14 Oct 20 18:16 var

After

Bash:

alpine-nextcloud:~# ls -las /
total 184
     8 drwxr-xr-x   19 bin      bin             20 Oct 20 18:42 .
     8 drwxr-xr-x   19 bin      bin             20 Oct 20 18:42 ..
    32 drwxr-xr-x    2 bin      bin             88 Oct 20 18:16 bin
     0 drwxr-xr-x    6 root     root           460 Oct 20 18:42 dev
    32 drwxr-xr-x   39 bin      bin             81 Oct 20 18:42 etc
     0 -rw-r--r--    1 root     root             0 Oct 20 18:42 fastboot
     0 drwxr-xr-x    2 bin      bin              2 Jan 26  2024 home
    32 drwxr-xr-x    9 bin      bin             48 Oct 20 18:16 lib
     0 drwxr-xr-x    5 bin      bin              5 Jan 26  2024 media
     0 drwxr-xr-x    3 bin      bin              3 Oct 20 18:30 mnt
     0 drwxr-xr-x    2 bin      bin              2 Jan 26  2024 opt
     0 dr-xr-xr-x  623 nobody   nobody           0 Oct 20 18:42 proc
     0 drwx------    2 bin      bin              5 Oct 20 18:17 root
     0 drwxr-xr-x    7 root     root           320 Oct 20 18:42 run
    32 drwxr-xr-x    2 bin      bin            114 Oct 20 18:16 sbin
     0 drwxr-xr-x    2 bin      bin              2 Jan 26  2024 srv
     0 dr-xr-xr-x   13 nobody   nobody           0 Oct 20 18:42 sys
     0 drwxrwxrwt    4 bin      bin              4 Oct 20 18:42 tmp
     8 drwxr-xr-x    9 bin      bin              9 Oct 20 18:16 usr
    24 drwxr-xr-x   12 bin      bin             14 Oct 20 18:16 var

fschauer · 2024-10-21T11:35:46+0200

You are mapping:
- uid 1 in the ct to uid 100000 on the host
- uid 2 in the ct to uid 100001 on the host
- ...

What you actually want is:
- uid 1 in the ct to uid 100001 on the host
- uid 2 in the ct to uid 100002 on the host
- ...

To fix this, change your mapping configuration to this:

Code:

lxc.idmap: u 0 1070 1
lxc.idmap: u 1 100001 65534
lxc.idmap: g 0 1070 1
lxc.idmap: g 1 100001 65534

Search

Search

LXC idmap bug

alegasalv

New Member

fschauer

Proxmox Staff Member